?
Solved

Bizarre DNS issue on our Domain Controller

Posted on 2010-11-30
15
Medium Priority
?
624 Views
Last Modified: 2012-05-10
We are having an unusual issue with DNS/DHCP on our Win2k3 domain controller. We have several static IPs which are used for database servers in our organization.

However, even though the individual NICs on each machine are configured statically and with the proper setting, our DNS server keeps changing its A record for one of our servers and handing out a DHCP address. This breaks connection for our end users as they connect to the database by FQDN. We forcibly deleted the incorrect record and re-added the correct static record. Additionally, we made sure the static IP is reserved in DHCP and will not be handed out. We went so far as to set the expiration date on the static A record thousands of hours into the future.

However, within 15 minutes the record had been changed once again and while we can get it to stay static for that amount of time, it keeps reverting. We have flushed the DNS cache several times and also cleared the DNS cache on the end user workstations, to no avail.

This issue first took place following routine server room maintenance on Friday 11/26. Neither of our domain controllers were modified in any way (the move was reorganizing some cabling and routers).

Neither myself or my co-administrator have seen this issue before. Any help is much appreciated!

Best Regards,
D
0
Comment
Question by:DamienStanton
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 7
15 Comments
 
LVL 4

Expert Comment

by:jcurrie
ID: 34240423
You need to remove those IP addresses from your DHCP pool so that the DHCP server does not hand them out (and change DNS). You can do this using the DHCP scope exclusion range.
0
 

Author Comment

by:DamienStanton
ID: 34240609
Hi Jcurrie,

We have excluded the static IP address from the DHCP pool. The issue is not that the static IPs are being assigned somewhere else.

Rather, the DNS record for the static IP in question (10.1.1.3) keeps reverting to a DHCP record (10.10.4.5). We cannot figure out why the record keeps changing back after 15 minutes or so.

Thanks,
D
0
 
LVL 4

Expert Comment

by:jcurrie
ID: 34241877
which of these scenarios accuratly depict the problem?

A:
host-a > 10.10.4.5
dbserver > 10.1.1.3

after 15 min.

host-a > 10.10.4.5
dbserver > 10.10.4.5


B:
host-a > 10.10.4.5
dbserver > 10.1.1.3

after 15 min

host-a > 10.10.4.5
host-a > 10.1.1.3

0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:DamienStanton
ID: 34242567
Closer to scenario B. It only appears to be changing in DNS.

To clarify:

host-a > 10.10.4.254
dbserver > 10.1.1.3

After 15 minutes - several hours (we thought the issue was resolved but it did occur again later in the day)

host-a > 10.10.4.254
dbserver > 10.10.4.5

Since 10.1.1.3 is excluded from our DHCP pool, and included in the static reservations, it is not being assigned to any end user.

Thanks for your assistance!
0
 
LVL 4

Expert Comment

by:jcurrie
ID: 34242593
ok so what host is at 10.10.4.5?
0
 

Author Comment

by:DamienStanton
ID: 34242703
The 10.10.4.5 address is currently leased to host DIR-825. This is an end-user workstation.

However, in DNS the A record for DIR-825 points to 10.10.4.53.


0
 
LVL 4

Expert Comment

by:jcurrie
ID: 34242706
a few things I would try

1) Is your DNS zone active directory Integrated?
2) Are your Dynamic Updates set to "Secure Only"
3) Check the Serial Number under the SOA tab of the zone on each of your DNS servers. You may have a Serial number out of synch and it's overwriting your changes when you manually create the A record.
0
 
LVL 4

Expert Comment

by:jcurrie
ID: 34242741
Also make sure scavenging is enabled on your DNS zone and set it to 2 or 3 days.


I think the issue has to do with your SOA serial number. The serial number is like a revision number and it increments up everytime you update the zone telling all the other DNS servers that you have made a change to the zone. If one of your DNS servers has a serial number that is too high, it will constantly overwrite your changes because the DNS infrastructure thinks that the server with the highest serial number has the latest zone revision.
0
 

Author Comment

by:DamienStanton
ID: 34242896
1) Yes.
2) Yes.
3) I have checked the SOA. For our primary DNS server it is 69607, and for our secondary DNS server it is 69608.

The increment should be 1, correct?

Finally, scavenging is enabled and the no-refresh interval is 2 days / refresh interval is 3 days.
0
 
LVL 4

Expert Comment

by:jcurrie
ID: 34242937
the increment is one. You may want to try manually updateing the A record on the primary server and incrementing the serial number a few clicks to make sure it takes prioity. Then goto your secondary server and do a manual zone transfer and check to make sure the record replicated properly to the secondary server.
0
 
LVL 4

Expert Comment

by:jcurrie
ID: 34242951
also maybe run

ipconfig /registerdns

on both the db server and on DIR-825

I don't think that will fix the problem but it won't hurt anything and it might streighten out the record for DIR-825 at least.
0
 

Author Comment

by:DamienStanton
ID: 34250520
Right now we are having to resort to manually changing that A record every hour to few hours. In the interim (once we correct the DNS record), flushing and registering DNS from the end user workstation fixes the problem until the next unexpected revert.

We have opened a ticket with Microsoft support to see if they can further troubleshoot.

This is quite an unusual problem as it appears to only be happening to one DNS record...
0
 

Accepted Solution

by:
DamienStanton earned 0 total points
ID: 34472024
Solution discovered:

In Windows registry on the db server, GUID of one of the LAN interfaces was assigned the recurring incorrect IP address, and for some reason it reset on reboot even after the TCP/IP was configured manually.

The hardware was 6 years old, and the db has since been moved to a virtual server.
0
 

Author Comment

by:DamienStanton
ID: 34472049
I did not properly understand the rating system. I would like to give this question an A as the results may help others in the knowledge base.
0
 

Author Closing Comment

by:DamienStanton
ID: 34509895
Solution found
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Here's a look at newsworthy articles and community happenings during the last month.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question