Solved

DNS entries for servers with a time stamp

Posted on 2011-03-07
9
1,692 Views
Last Modified: 2012-05-11
I think we may have a few issues with our DNS and I am trying to resolve these.  The issues seem to be:-

1.  I have a number of servers that even though they have a static IP address in DNS they seem to have a timestamp date while others have static.  Is this correct or should they show static in the timestamp if they have a static ip address?

2.  I have a number of desktops who share an IP address  some of which have a time stamp date and the out of date machines have a static time stamp.  I assume it is safe to delete these old static records?

3.  I found a number of instances where I have two machines sharing an IP address (as I have already mentioned)  the problem also seems that one of the machines appears in the forward lookup zone but not the reverse and the other appears in the reverse but not the forward.  

I know these problems are not good but how do I go about fixing the issues?
0
Comment
Question by:WNottsC
  • 5
  • 4
9 Comments
 
LVL 12

Expert Comment

by:Kent W
Comment Utility
What DNS serve are you talking about here?

I'm going to assume MS, since this seems to mirror the common functions seen day in / day out.

If you are using AD w/ integrated DNS, or allow machines to update the server, it sounds like they are not correctly removing the old entries, and causing multiple hosts per IP.  Now, are you sure you are looking at forward zones, and not reverse?  In reverse, this is quite normal.  You can also end up with overlapping IPs if you have a machine that has been disconnected, so the IP is not in use, and another machine ends up getting that IP assigned via DHCP, or manually.  The record for the old machine doesn't get deleted, so you and up having an entry for the old and new machine, both at the same IP.
Unless you are getting actual IP conflicts, where these machines are being dolled out the same IP, you really just have a nuisance.  
There are ways ensure machines chaning IPs are updated correctly, and you can set scavenging time...but, I'll wait for a reply before going into any of that...I'm still not sure what DNS server you are using. :)
Questions that need to be answered:
What DNS server are you using?
More than one w/ master + slave?
Are you using AD / and or AD integrated DNS
Are you using DHCP? What is your lease life is so?
Are you using WINS servers?
What are the host machines OSs running? Win / Linux or a mix?  Servers, workstations, or a mix?

0
 

Author Comment

by:WNottsC
Comment Utility
Questions that need to be answered:
What DNS server are you using?
You are correct we are using microsoft

More than one w/ master + slave?
We have more than one yes and I think they are master + slave yes

Are you using AD / and or AD integrated DNS
I think we are using AD integrated DNS

Are you using DHCP? What is your lease life is so?
Yes we are using DHCP.  The lease life is 8 days

Are you using WINS servers?
yes we are using WINS

What are the host machines OSs running? Win / Linux or a mix?  Servers, workstations, or a mix?
the servers are windows server 2008 R2 and the desktops are a mixture of windows XP and Windows 7
0
 
LVL 12

Accepted Solution

by:
Kent W earned 500 total points
Comment Utility
I don't think you really have an issue here, just some old DNS that didn't get removed when a host changed IPs. If you are sure of the new host+ip, you can remove the old records safely.
With AD and MS DNS, Windows machines, at least, should be if you have the TCP/IP DNS settings on "Register this connection's address in DNS".
Under each domain/zone entry on your DNS server, you can set (Properties, General tab) to allow Dynamic updates (none, secure, secure+nonsecure).  Setting just secure will only allow AD machines to update DNS directly, nonsecure will allow most anything.
This is also where you can set the aging/scavenging to remove stale records after X amount of time.
0
 

Author Comment

by:WNottsC
Comment Utility
Ok so you are say this seems ok.  However:-

1.  I have machines in the forward lookup zone but not in the reverse lookup zone.
2. I have machines in the reverse lookup zone but not in the forward lookup zone
3. I have machines that are in both zones but the forward timestamp is different to the timestamp for the reverse
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 12

Expert Comment

by:Kent W
Comment Utility
On your DNS server(s) domains and individual Rev zones, what types of updates do you allow? Nonsecure and secure, or secure only?
Also check your aging...if this is really low, especially lower than your lease life on DHCP, you may be cleaning up records before they expire in DHCP.  At the DNS server level, properties, there is also a debug logfile you can turn on...that may help in tracking down the exact issue.  I'm assuming you've also checked your DNS Server Event logs to see if there are any bangs there?

The more I think about your symptoms, the more this seem like your scavenging is set too low.  What is your DHCP lease life vs. your scavenging settings?

0
 

Author Comment

by:WNottsC
Comment Utility
Can I please revisit this.

To answer your question the DHCP lease life is the default and the scavenging settings are set to 7 and 7.

The more I look at DNS the more I think it is causing me problems.  For example Machines that do correctly have an entry in both the forward and reverse lookup but then each one has a different IP Address (although they only have a single network card)
0
 
LVL 12

Expert Comment

by:Kent W
Comment Utility
For the rDNS, that is common...the old entry may not be deleted when the DHCP lease expires and the host grabs a new IP (thus setting a new rDNS).  All the windows based servers, at least, should be removing the old IP from forward DNS, that will definately cause problems, as multiple A's with one IP "no good" would be 50% unreachable...
Are you allowing secure and / or non-secure dynamic updates? (general tap under the zone properties...)
0
 

Author Comment

by:WNottsC
Comment Utility
for the forward lookup zones and for all but 3 reverse lookup zones we are allowing secure and nonsecure.

Just out of interest I checked three machines that have forward lookups but no reverse lookup record and their IP address falls in one of the reverse zones that is set for only secure dynamic updates
0
 
LVL 12

Expert Comment

by:Kent W
Comment Utility
That may be a clue...and Win-based domain member computers should be able to do the secure update, it's the other machines not technically on the network that would not be able to do dynamic updates.
Genearlly, I also see most Linux distros usually have issues setting or removing both, even with nonsecure allowed.
You may be able to see a pattern if you go through and clean everything up, then watch closely which machines and vs. dns security settings per zone are affected.  
Have you tried running the scavenge ever 1-3 days to clean up stale records? Anything shorter than the lease life should give you some relief, at least on the round-robin A records that are being created.
I haven't tried this, but you may also turn off the "Allow round robing DNS", if that fits your needs.
It would not allow two IPs for the same hostname.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

This article is intended as an extension of a blog on Aging and Scavenging by the MS Enterprise Networking Team. In brief, Scavenging is used as follows: Each record in a zone which has been dynamically registered with an MS DNS Server will have…
There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now