[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

domain controller with integrated DNS still giving out old ip

Posted on 2011-05-11
8
Medium Priority
?
623 Views
Last Modified: 2012-05-11
We just moved our main web server to a different set of IPs. The DNS servers in the DMZ are linux based and are giving out the correct new IPs. Internally, we use integrated active directory DNS on all of our domain controllers. The internal domain name is different from the public domain.

After the migration, three of our domain controllers are giving out the new IPs, (checked with nslookup for each server), but the primary DC insists on giving out the old IPs. We have rebooted it several times and flushed dns several times. I finally added the new IPs to the hosts file and rebooted. It still gives out the old IPs. We have disabled WINS on all domain controllers. The lmhosts file is empty.

Where else could these old IPs be coming from?
0
Comment
Question by:batesit
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 15

Expert Comment

by:JBond2010
ID: 35738610
Did you update the old records in the Lookup Zones in DNS? I would suggest that you have the old records still in place. You need to delete these records or update the ip addresses to the new ones.
0
 
LVL 6

Expert Comment

by:Dangle79
ID: 35738676
also make sure that the DNS zone transfers are configured properly between your DCs
0
 
LVL 1

Author Comment

by:batesit
ID: 35739294
Since the domain controllers use active directory integrated DNS, we have no zone transfers configured.

There are no entries in the domain controllers for the DNS domain used by the DMZ systems, (at least not until I added the entries to the hosts file). The domain controllers have to query the linux DNS servers in the DMZ to get these IPs. The DCs are configured to use the linux servers as their forwarders.
0
Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.

 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 2000 total points
ID: 35739381
So, the DCs are using the linux servers as forwarders. Have you checked the forwarders on the DCs to make sure they are all the same?
0
 
LVL 1

Author Comment

by:batesit
ID: 35739519
The order was a little different but the entries were the same.
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 35739766
Open the command prompt on one of your Domain Controllers and they dcdiag /test:dns and then press enter. Examine the output and look for any errors.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35740078
Change the order to the way the others are run ipconfig /flushdns and Go into DNS Console flush cache from here. Try again
0
 
LVL 1

Author Closing Comment

by:batesit
ID: 35742781
Actually this domain controller was forwarding to a upstream server at a higher organization. That server no longer exists. The comment about forwarders caused us to go back and check the forwarders on this box and sure enough that was the entire problem. Sort of embarrassing, but thanks for waking us up.
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question