Solved

Bizarre DNS issue on our Domain Controller

Posted on 2010-11-30
15
622 Views
Last Modified: 2012-05-10
We are having an unusual issue with DNS/DHCP on our Win2k3 domain controller. We have several static IPs which are used for database servers in our organization.

However, even though the individual NICs on each machine are configured statically and with the proper setting, our DNS server keeps changing its A record for one of our servers and handing out a DHCP address. This breaks connection for our end users as they connect to the database by FQDN. We forcibly deleted the incorrect record and re-added the correct static record. Additionally, we made sure the static IP is reserved in DHCP and will not be handed out. We went so far as to set the expiration date on the static A record thousands of hours into the future.

However, within 15 minutes the record had been changed once again and while we can get it to stay static for that amount of time, it keeps reverting. We have flushed the DNS cache several times and also cleared the DNS cache on the end user workstations, to no avail.

This issue first took place following routine server room maintenance on Friday 11/26. Neither of our domain controllers were modified in any way (the move was reorganizing some cabling and routers).

Neither myself or my co-administrator have seen this issue before. Any help is much appreciated!

Best Regards,
D
0
Comment
Question by:DamienStanton
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 7
15 Comments
 
LVL 4

Expert Comment

by:jcurrie
ID: 34240423
You need to remove those IP addresses from your DHCP pool so that the DHCP server does not hand them out (and change DNS). You can do this using the DHCP scope exclusion range.
0
 

Author Comment

by:DamienStanton
ID: 34240609
Hi Jcurrie,

We have excluded the static IP address from the DHCP pool. The issue is not that the static IPs are being assigned somewhere else.

Rather, the DNS record for the static IP in question (10.1.1.3) keeps reverting to a DHCP record (10.10.4.5). We cannot figure out why the record keeps changing back after 15 minutes or so.

Thanks,
D
0
 
LVL 4

Expert Comment

by:jcurrie
ID: 34241877
which of these scenarios accuratly depict the problem?

A:
host-a > 10.10.4.5
dbserver > 10.1.1.3

after 15 min.

host-a > 10.10.4.5
dbserver > 10.10.4.5


B:
host-a > 10.10.4.5
dbserver > 10.1.1.3

after 15 min

host-a > 10.10.4.5
host-a > 10.1.1.3

0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:DamienStanton
ID: 34242567
Closer to scenario B. It only appears to be changing in DNS.

To clarify:

host-a > 10.10.4.254
dbserver > 10.1.1.3

After 15 minutes - several hours (we thought the issue was resolved but it did occur again later in the day)

host-a > 10.10.4.254
dbserver > 10.10.4.5

Since 10.1.1.3 is excluded from our DHCP pool, and included in the static reservations, it is not being assigned to any end user.

Thanks for your assistance!
0
 
LVL 4

Expert Comment

by:jcurrie
ID: 34242593
ok so what host is at 10.10.4.5?
0
 

Author Comment

by:DamienStanton
ID: 34242703
The 10.10.4.5 address is currently leased to host DIR-825. This is an end-user workstation.

However, in DNS the A record for DIR-825 points to 10.10.4.53.


0
 
LVL 4

Expert Comment

by:jcurrie
ID: 34242706
a few things I would try

1) Is your DNS zone active directory Integrated?
2) Are your Dynamic Updates set to "Secure Only"
3) Check the Serial Number under the SOA tab of the zone on each of your DNS servers. You may have a Serial number out of synch and it's overwriting your changes when you manually create the A record.
0
 
LVL 4

Expert Comment

by:jcurrie
ID: 34242741
Also make sure scavenging is enabled on your DNS zone and set it to 2 or 3 days.


I think the issue has to do with your SOA serial number. The serial number is like a revision number and it increments up everytime you update the zone telling all the other DNS servers that you have made a change to the zone. If one of your DNS servers has a serial number that is too high, it will constantly overwrite your changes because the DNS infrastructure thinks that the server with the highest serial number has the latest zone revision.
0
 

Author Comment

by:DamienStanton
ID: 34242896
1) Yes.
2) Yes.
3) I have checked the SOA. For our primary DNS server it is 69607, and for our secondary DNS server it is 69608.

The increment should be 1, correct?

Finally, scavenging is enabled and the no-refresh interval is 2 days / refresh interval is 3 days.
0
 
LVL 4

Expert Comment

by:jcurrie
ID: 34242937
the increment is one. You may want to try manually updateing the A record on the primary server and incrementing the serial number a few clicks to make sure it takes prioity. Then goto your secondary server and do a manual zone transfer and check to make sure the record replicated properly to the secondary server.
0
 
LVL 4

Expert Comment

by:jcurrie
ID: 34242951
also maybe run

ipconfig /registerdns

on both the db server and on DIR-825

I don't think that will fix the problem but it won't hurt anything and it might streighten out the record for DIR-825 at least.
0
 

Author Comment

by:DamienStanton
ID: 34250520
Right now we are having to resort to manually changing that A record every hour to few hours. In the interim (once we correct the DNS record), flushing and registering DNS from the end user workstation fixes the problem until the next unexpected revert.

We have opened a ticket with Microsoft support to see if they can further troubleshoot.

This is quite an unusual problem as it appears to only be happening to one DNS record...
0
 

Accepted Solution

by:
DamienStanton earned 0 total points
ID: 34472024
Solution discovered:

In Windows registry on the db server, GUID of one of the LAN interfaces was assigned the recurring incorrect IP address, and for some reason it reset on reboot even after the TCP/IP was configured manually.

The hardware was 6 years old, and the db has since been moved to a virtual server.
0
 

Author Comment

by:DamienStanton
ID: 34472049
I did not properly understand the rating system. I would like to give this question an A as the results may help others in the knowledge base.
0
 

Author Closing Comment

by:DamienStanton
ID: 34509895
Solution found
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the steps required to use the default Photos screensaver to display branding/corporate images
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question