Solved

DNS issue in Active Directory

Posted on 2009-07-13
7
211 Views
Last Modified: 2012-05-07
Recently I booted up a new laptop that is part of my AD domain.
The laptop received an ip address of 172.16.8.56. As long as this laptop is in this subnet, I could ping the name of the laptop and get a reply with no problem.

I then moved the laptop to a different subnet (172.16.3.0/24) If I ping the name of the laptop, the name resolves to the old 172.16.8.56 IP address and I receive a request timed out. If I reboot the laptop on the new subnet and try to ping by name, I still get the same result, request timed out result.

It appears that the laptop is not re-registering with DNS when it moves to a different subnet, but Im not sure how to resovle the problem. Any help would be appreciated.

Thank you in advance,

Don
0
Comment
Question by:dwesolowicz
  • 4
  • 3
7 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24841016

Hey Don,

Does DHCP update DNS for you? Do the two subnets use different DHCP servers?

If they are different, are they both MS DHCP servers?

Chris
0
 

Author Comment

by:dwesolowicz
ID: 24841410
Thanks for the reply Chris
I only have one active DHCP server, both are MS DHCP, and it appears by your resonse that DHCP is not automatically updating DNS. When I look at the properties of DNS there are three tabs.
They are general, DNS, and advanced. When I click on the DNS tab, the following is checked:

enable DNS dynamic updates according to the setings below
Dynamically update DNS A and PTR records only if requested by the DHCP clients
Discard A and PTR records when lease is deleted.

I do see the option to always dynamically update DNS A and PTR records.
Should that be checked?
0
 

Author Comment

by:dwesolowicz
ID: 24841685
Chris,

I need to clarify.....sorry.....been on of those days.
I made a mistake when I told you that I only have one DHCP server. Turns out there is two.
My 172.16.3.0/24 is active on one server and the 172.16.8.0/24 is active on the second server.
Both scopes exist on each server.

sorry for the confusion.

Don



0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 70

Expert Comment

by:Chris Dent
ID: 24842247

No problem.

Normally you would want to configure both of the DHCP servers to update using the same credentials (you'd have to make an account for this, just a regular domain user). That way, if a client gets an address from the other DHCP server it can be correctly update the previous entry. Without this you end up with lots of Access Denied type responses when it tries to update.

Do you have Aging and Scavenging configured? Even if we do set credentials it'll either need time (if Aging and Scavenging are configured) or a bit of work (if they're not) to get everything updating properly.

Chris
0
 

Author Comment

by:dwesolowicz
ID: 24842472
Chris,

When DHCP was set up, all of the default settings are currently being used. So I would have to see how Aging and Scavenging is set up.
Sounds like I need to do some reading on how to configure each server to update properly. Do you have any suggestions on documentation? Does each DHCP server replicate with each other?

New territory for me.

Thanks for your patience


0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 24842875

No replication in DHCP I'm afraid.

Any settings you make are per-server. The Credentials option is under the server properties / Advanced (on the DHCP server). I recommend you made a new account, for the sake of argument, lets call it "dnsupdate", set a decent password for it. Then pop that into the Credentials for each DHCP server.

For Aging and Scavenging it's back to DNS. How long is your DHCP lease at the moment? 8 days? It would be good to base the settings for Aging and Scavenging on that.

If it is 8 days... head to the DNS Console, then open the properties for your Forward Lookup Zone. Select the Aging button. Tick the box at the top, then set the No-Refresh Interval to 2 days, and the Refresh Interval to 2 days (see below for why). With this, records will become stale if they're completely untouched for 4 days.

Still in the DNS console, open the properties for the server. Then go to the Advanced tab, tick the Enable Automatic Scavenging option and set the Period to 1 day. That means your DNS server will go through and clean out stale records (untouched for 4 days) once a day.

The Aging Intervals then...

DHCP updates the DNS server at the Renewal interval of the DHCP lease. A client using a lease will attempt to renew that lease half way through, so with an 8 day lease it will renew 4 days in. That means that a DHCP lease extends in 4 day increments. To match that, we set the life-time of a DNS record to 4 days in total (2 No-Refresh + 2 Refresh), that way the DNS record also exists for 4 days, incrementing each time by 4 days.

Your servers will all be happy with this. They refresh their DNS records with the server once a day (all static clients do this).

This is a fine article on setting up Aging / Scavenging:

http://blogs.technet.com/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx

I still recommend implementing the aging intervals above if I have your DHCP lease length right.

Chris
0
 

Author Closing Comment

by:dwesolowicz
ID: 31602889
Chris,

Sorry for the delay.
I will test out your solution and let you kow how things go.
 Thank you for all of you help.

Don
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Join & Write a Comment

There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now