Solved

DNS issue in Active Directory

Posted on 2009-07-13
7
213 Views
Last Modified: 2012-05-07
Recently I booted up a new laptop that is part of my AD domain.
The laptop received an ip address of 172.16.8.56. As long as this laptop is in this subnet, I could ping the name of the laptop and get a reply with no problem.

I then moved the laptop to a different subnet (172.16.3.0/24) If I ping the name of the laptop, the name resolves to the old 172.16.8.56 IP address and I receive a request timed out. If I reboot the laptop on the new subnet and try to ping by name, I still get the same result, request timed out result.

It appears that the laptop is not re-registering with DNS when it moves to a different subnet, but Im not sure how to resovle the problem. Any help would be appreciated.

Thank you in advance,

Don
0
Comment
Question by:dwesolowicz
  • 4
  • 3
7 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24841016

Hey Don,

Does DHCP update DNS for you? Do the two subnets use different DHCP servers?

If they are different, are they both MS DHCP servers?

Chris
0
 

Author Comment

by:dwesolowicz
ID: 24841410
Thanks for the reply Chris
I only have one active DHCP server, both are MS DHCP, and it appears by your resonse that DHCP is not automatically updating DNS. When I look at the properties of DNS there are three tabs.
They are general, DNS, and advanced. When I click on the DNS tab, the following is checked:

enable DNS dynamic updates according to the setings below
Dynamically update DNS A and PTR records only if requested by the DHCP clients
Discard A and PTR records when lease is deleted.

I do see the option to always dynamically update DNS A and PTR records.
Should that be checked?
0
 

Author Comment

by:dwesolowicz
ID: 24841685
Chris,

I need to clarify.....sorry.....been on of those days.
I made a mistake when I told you that I only have one DHCP server. Turns out there is two.
My 172.16.3.0/24 is active on one server and the 172.16.8.0/24 is active on the second server.
Both scopes exist on each server.

sorry for the confusion.

Don



0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 70

Expert Comment

by:Chris Dent
ID: 24842247

No problem.

Normally you would want to configure both of the DHCP servers to update using the same credentials (you'd have to make an account for this, just a regular domain user). That way, if a client gets an address from the other DHCP server it can be correctly update the previous entry. Without this you end up with lots of Access Denied type responses when it tries to update.

Do you have Aging and Scavenging configured? Even if we do set credentials it'll either need time (if Aging and Scavenging are configured) or a bit of work (if they're not) to get everything updating properly.

Chris
0
 

Author Comment

by:dwesolowicz
ID: 24842472
Chris,

When DHCP was set up, all of the default settings are currently being used. So I would have to see how Aging and Scavenging is set up.
Sounds like I need to do some reading on how to configure each server to update properly. Do you have any suggestions on documentation? Does each DHCP server replicate with each other?

New territory for me.

Thanks for your patience


0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 24842875

No replication in DHCP I'm afraid.

Any settings you make are per-server. The Credentials option is under the server properties / Advanced (on the DHCP server). I recommend you made a new account, for the sake of argument, lets call it "dnsupdate", set a decent password for it. Then pop that into the Credentials for each DHCP server.

For Aging and Scavenging it's back to DNS. How long is your DHCP lease at the moment? 8 days? It would be good to base the settings for Aging and Scavenging on that.

If it is 8 days... head to the DNS Console, then open the properties for your Forward Lookup Zone. Select the Aging button. Tick the box at the top, then set the No-Refresh Interval to 2 days, and the Refresh Interval to 2 days (see below for why). With this, records will become stale if they're completely untouched for 4 days.

Still in the DNS console, open the properties for the server. Then go to the Advanced tab, tick the Enable Automatic Scavenging option and set the Period to 1 day. That means your DNS server will go through and clean out stale records (untouched for 4 days) once a day.

The Aging Intervals then...

DHCP updates the DNS server at the Renewal interval of the DHCP lease. A client using a lease will attempt to renew that lease half way through, so with an 8 day lease it will renew 4 days in. That means that a DHCP lease extends in 4 day increments. To match that, we set the life-time of a DNS record to 4 days in total (2 No-Refresh + 2 Refresh), that way the DNS record also exists for 4 days, incrementing each time by 4 days.

Your servers will all be happy with this. They refresh their DNS records with the server once a day (all static clients do this).

This is a fine article on setting up Aging / Scavenging:

http://blogs.technet.com/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx

I still recommend implementing the aging intervals above if I have your DHCP lease length right.

Chris
0
 

Author Closing Comment

by:dwesolowicz
ID: 31602889
Chris,

Sorry for the delay.
I will test out your solution and let you kow how things go.
 Thank you for all of you help.

Don
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question