mlauth
asked on
DNS and DHCP dont match
We don't really have a “problem” but an annoyance. We have about 400 computers in our domain, we like to vnc or rdp to users’ desktops that have problems. We also have contractors that rdp to “vendor” computers we have set up. Most of the time, you can rdp or vnc by name without issue. Sometimes you must type in the ip address because the record in DNS shows the old ip address while the computer has received a new ip from dhcp. Is there a way we can get the two to match all of the time? I understand the delay in records but is there some better way or setting I can set on our dns/dhcp servers to update a little faster?
No log errors.
Running Server 2003 for dns and dhcp.
No log errors.
Running Server 2003 for dns and dhcp.
Mike Thomas
Have you enbaled scavanging on your dns servers to remove the stale records? if not do so, this should resolve your problem.
ASKER
Will do. What kind of aging/scavenging intervals do you think would be best practice for a network this size?
For the most part yes. Lots of questions first I'm afraid.
Does DHCP update DNS? This is the default for 2003, so if you haven't told it not to it will be.
Do you have Aging and Scavenging configured? If so, what No-Refresh Interval, Refresh Interval and Automatic Scavenging Period have you defined?
How long are your DHCP leases?
Do you have more than one DHCP server?
Chris
ASKER
Yes dhcp updates DNS. No-Refresh and Refresh are set to 7 days, same as our lease time in dhcp. We have one DHCP and DNS server per location (8). Scavenge stale resources records is not checked.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes, the ironic thing is it's one of things that seems to really only affect an IT departments ability to remotely support clients. As servers very rarely change their IP's and clients pretty much always only request services from servers "clients" as a rule, never have any issues finding machines that they want. Now flip to IT support, well you still get your server services as does everyone else but now throw in the need to support hundreds of client machines who's IP's can change like the wind and you hit this little headache you have now.
I forgot to comment on this part:
> We have one DHCP and DNS server per location (8)
Do clients move between sites?
If they do it would be wise to configure DHCP so each server updates DNS with the same credentials. That way if a client from SiteA moves to SiteB the DHCP server there can modify the record originally created by the DHCP server in SiteA.
If that's not set and they do move between sites you tend to get duplication of DNS records.
Chris
ASKER
Yes both are set to 7 days. Default I do believe.
I can set them down to 2 days each, lease time should really be lower but the last admin in here set most of this up with vendor help. We do have a lot of ins and outs on our network.
Im starting to read through this article, good stuff so far thank you.
I can set them down to 2 days each, lease time should really be lower but the last admin in here set most of this up with vendor help. We do have a lot of ins and outs on our network.
Im starting to read through this article, good stuff so far thank you.
ASKER
Yes clients move between sites. Our Jet goes up from site to site on average 2-4 times per week with employees and clients alike going to multiple locations.
ASKER
I did set up all of the dhcp servers to update dns using the same credentials. This was not done in the past.
> I can set them down to 2 days each,
Should be fine.
It's worth bearing in mind how clients update.
For the DHCP clients:
The DHCP server sends updates to DNS on lease assignment and renewal. Renewal occurs half way through the lease (at the clients request).
For static clients:
Updates are sent via the DHCP Client service (despite the fact they have static IP addresses) once every 24 hours. Netlogon deals with service records for your DCs, once every 24 hours again.
Chris
> I did set up all of the dhcp servers to update dns using the same credentials.
> This was not done in the past.
Excellent. You can run into problems making this kind of change because, once changed, the DHCP server no longer has rights to update records it made before the change.
However, if it's already done you should be good to go.
Chris
ASKER
Now could i go ahead and scavenge stale records now or wait for the 2 day time period?
> Now could i go ahead and scavenge stale records now or wait for the 2 day time period?
If Aging has been in place for a long time you can run Scavenging immediately.
If you only just enabled it on the zone it'll be locked, select View then Advanced Features and open up the Aging properties again. This time it will show when the zone can next be Scavenged.
Chris
ASKER
It must be locked, i still dont see the next scavenged time is. I did just check the box to scavenge stale records.
Then it'll be locked for a full pass of the Refresh Interval, gives everything time to figure itself out before Scavenging has a play.
> i still dont see the next scavenged time is
Hmm this is 2003? It should be...
1. Select View / Advanced
2. Expand Forward Lookup Zones
3. Select your zone
4. Open Properties for your zone
5. Click Aging under the General tab
Then it's the date at the bottom.
Chris
ASKER
Yep, its blank, i can open it on another server and it shows the date of 4/8/2010 11:00:00 AM
ASKER
Here is the aging on the fismo owner
aging-dc1.jpg
aging-dc1.jpg
ASKER
i just set it to days now that i see i did hours by mistake.
ASKER
Atlanta server aging
atl-aging.jpg
atl-aging.jpg
ASKER
Chris-Dent did a great job explaining and answering questions. Best i have run into on here!!!
That's better :) Give it a little time, your DCs have to replicate the changes to aging first, then after a couple of days you should find things start to clean themselves up.
It'll need monitoring for a while to make sure it's removing what it needs to and not removing too much.
Chris