[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

DNS issue in Active Directory

Posted on 2009-07-13
7
Medium Priority
?
223 Views
Last Modified: 2012-05-07
Recently I booted up a new laptop that is part of my AD domain.
The laptop received an ip address of 172.16.8.56. As long as this laptop is in this subnet, I could ping the name of the laptop and get a reply with no problem.

I then moved the laptop to a different subnet (172.16.3.0/24) If I ping the name of the laptop, the name resolves to the old 172.16.8.56 IP address and I receive a request timed out. If I reboot the laptop on the new subnet and try to ping by name, I still get the same result, request timed out result.

It appears that the laptop is not re-registering with DNS when it moves to a different subnet, but Im not sure how to resovle the problem. Any help would be appreciated.

Thank you in advance,

Don
0
Comment
Question by:dwesolowicz
  • 4
  • 3
7 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24841016

Hey Don,

Does DHCP update DNS for you? Do the two subnets use different DHCP servers?

If they are different, are they both MS DHCP servers?

Chris
0
 

Author Comment

by:dwesolowicz
ID: 24841410
Thanks for the reply Chris
I only have one active DHCP server, both are MS DHCP, and it appears by your resonse that DHCP is not automatically updating DNS. When I look at the properties of DNS there are three tabs.
They are general, DNS, and advanced. When I click on the DNS tab, the following is checked:

enable DNS dynamic updates according to the setings below
Dynamically update DNS A and PTR records only if requested by the DHCP clients
Discard A and PTR records when lease is deleted.

I do see the option to always dynamically update DNS A and PTR records.
Should that be checked?
0
 

Author Comment

by:dwesolowicz
ID: 24841685
Chris,

I need to clarify.....sorry.....been on of those days.
I made a mistake when I told you that I only have one DHCP server. Turns out there is two.
My 172.16.3.0/24 is active on one server and the 172.16.8.0/24 is active on the second server.
Both scopes exist on each server.

sorry for the confusion.

Don



0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
LVL 71

Expert Comment

by:Chris Dent
ID: 24842247

No problem.

Normally you would want to configure both of the DHCP servers to update using the same credentials (you'd have to make an account for this, just a regular domain user). That way, if a client gets an address from the other DHCP server it can be correctly update the previous entry. Without this you end up with lots of Access Denied type responses when it tries to update.

Do you have Aging and Scavenging configured? Even if we do set credentials it'll either need time (if Aging and Scavenging are configured) or a bit of work (if they're not) to get everything updating properly.

Chris
0
 

Author Comment

by:dwesolowicz
ID: 24842472
Chris,

When DHCP was set up, all of the default settings are currently being used. So I would have to see how Aging and Scavenging is set up.
Sounds like I need to do some reading on how to configure each server to update properly. Do you have any suggestions on documentation? Does each DHCP server replicate with each other?

New territory for me.

Thanks for your patience


0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 24842875

No replication in DHCP I'm afraid.

Any settings you make are per-server. The Credentials option is under the server properties / Advanced (on the DHCP server). I recommend you made a new account, for the sake of argument, lets call it "dnsupdate", set a decent password for it. Then pop that into the Credentials for each DHCP server.

For Aging and Scavenging it's back to DNS. How long is your DHCP lease at the moment? 8 days? It would be good to base the settings for Aging and Scavenging on that.

If it is 8 days... head to the DNS Console, then open the properties for your Forward Lookup Zone. Select the Aging button. Tick the box at the top, then set the No-Refresh Interval to 2 days, and the Refresh Interval to 2 days (see below for why). With this, records will become stale if they're completely untouched for 4 days.

Still in the DNS console, open the properties for the server. Then go to the Advanced tab, tick the Enable Automatic Scavenging option and set the Period to 1 day. That means your DNS server will go through and clean out stale records (untouched for 4 days) once a day.

The Aging Intervals then...

DHCP updates the DNS server at the Renewal interval of the DHCP lease. A client using a lease will attempt to renew that lease half way through, so with an 8 day lease it will renew 4 days in. That means that a DHCP lease extends in 4 day increments. To match that, we set the life-time of a DNS record to 4 days in total (2 No-Refresh + 2 Refresh), that way the DNS record also exists for 4 days, incrementing each time by 4 days.

Your servers will all be happy with this. They refresh their DNS records with the server once a day (all static clients do this).

This is a fine article on setting up Aging / Scavenging:

http://blogs.technet.com/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx

I still recommend implementing the aging intervals above if I have your DHCP lease length right.

Chris
0
 

Author Closing Comment

by:dwesolowicz
ID: 31602889
Chris,

Sorry for the delay.
I will test out your solution and let you kow how things go.
 Thank you for all of you help.

Don
0

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This installment of Make It Better gives Media Temple customers the latest news, plugins, and tutorials to make their Grid shared hosting experience that much smoother.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

591 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question