[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

DNS Not updating

Posted on 2011-10-13
9
Medium Priority
?
350 Views
Last Modified: 2012-05-12
I have a Windows 2008 R2 server and Windows 2003 server both running DNS and DHCP.

Everything has been working fine until recently.  I've set DHCP to hand out the 2008 server DNS first followed by the 2003.

The DNS server is set to Active Directory-Intergrated and Replication is to All DNS servers in this domain.  Dynamic updates are set to Secure only.  Aging are both set to 7 days.

SOA looks good.  Name servers contains all the correct servers.

Zone transfers is set to Only to servers listed on the Name Servers Tab.

The DHCP server is set to Enable DNS dynamic updates with Dynamically update DNS A and PTR records only if requested.  Discard A and PTR records when lease is deleted.

For some reason if the DHCP server hands out a new address the DNS is not updating.  This issue hit almost all our teachers at once.  Our students connect to the teacher computer and now they have to connect by IP address.  DHCP IP's and DNS IP's are different.  We have had the same setup for about two months.  What changed?

0
Comment
Question by:flashtek1899
  • 5
  • 3
9 Comments
 
LVL 41

Expert Comment

by:footech
ID: 36965225
If all your DNS servers are running 2003 and above, and the zone is AD Integrated, you can set Zone Transfers to none, as the zone is replication through AD and not through the zone transfer mechanism.  However, this isn't related to your problem.

Are you seeing multiple A records for the teacher machine?

Check and/or update the credentials used for dynamic DNS updates..

What happens when you run "ipconfig /registerdns" on the teacher machine?  Does the DNS get set correctly?
0
 
LVL 17

Expert Comment

by:Sajid Shaik M
ID: 36965322
just create new forward lookup zone for the other servers....in the DNS all the best...


0
 

Author Comment

by:flashtek1899
ID: 36968194
I do not see multiple A records.  

Dynamic updates is set to Secure only and the aging to scavenge stale resource records both are set to 7 days.

I will try to get one of the laptops and run the ipconfig /registerdns option soon.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:flashtek1899
ID: 36968576
Found the following error this morning.  I did have a DNS entry in the IP settings for one of the Servers.  I've corrected that but still not seeing any changes.  Have restared DNS and DHCP.

The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.

Also the /registerdns didn't seem to work.
0
 
LVL 41

Expert Comment

by:footech
ID: 36971910
How are your DHCP servers set up?  I would disable one of them to make sure one's not interfering with the other.

Can you run DCDIAG (with and without the /test:dns switch) on both DNS servers?  If you haven't already installed them on W2K3, DCDIAG is included in the Support Tools.
0
 

Author Comment

by:flashtek1899
ID: 36979324
The DHCP servers are setup to hand out two different ranges in the same scope.  They are not handing out the same IP address.  Is there some other way that they are interfering?


   Running partition tests on : standrews

   Running enterprise tests on : standrews.austin.tx.us
      Starting test: DNS
         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 198.32.64.12 (l.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 198.32.64.12
            DNS server: 2001:500:1::803f:235 (h.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::803f:235

            DNS server: 2001:500:2d::d (d.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2d::d

            DNS server: 2001:500:2f::f (f.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f

            DNS server: 2001:500:3::42 (l.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:3::42

            DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30

            DNS server: 2001:503:c27::2:30 (j.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30

            DNS server: 2001:7fd::1 (k.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1

            DNS server: 2001:7fe::53 (i.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53

            DNS server: 2001:dc3::35 (m.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35

         ......................... standrews.austin.tx.us passed test DNS

C:\Users\jdgordon>dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = David
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: UpperSchool\DAVID
      Starting test: Connectivity
         ......................... DAVID passed test Connectivity

Doing primary tests

   Testing server: UpperSchool\DAVID
      Starting test: Advertising
         ......................... DAVID passed test Advertising
      Starting test: FrsEvent
         ......................... DAVID passed test FrsEvent
      Starting test: DFSREvent
         ......................... DAVID passed test DFSREvent
      Starting test: SysVolCheck
         ......................... DAVID passed test SysVolCheck
      Starting test: KccEvent
         ......................... DAVID passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... DAVID passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... DAVID passed test MachineAccount
      Starting test: NCSecDesc
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=ForestDnsZones,DC=standrews,DC=austin,DC=tx,DC=us
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=DomainDnsZones,DC=standrews,DC=austin,DC=tx,DC=us
         ......................... DAVID failed test NCSecDesc
      Starting test: NetLogons
         ......................... DAVID passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... DAVID passed test ObjectsReplicated
      Starting test: Replications
         ......................... DAVID passed test Replications
      Starting test: RidManager
         ......................... DAVID passed test RidManager
      Starting test: Services
         ......................... DAVID passed test Services
      Starting test: SystemLog
         A warning event occurred.  EventID: 0x000003F6
            Time Generated: 10/17/2011   08:10:31
            Event String:
            Name resolution for the name 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0
.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa timed out after none of the configured DNS ser
vers responded.
         ......................... DAVID failed test SystemLog
      Starting test: VerifyReferences
         ......................... DAVID passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : standrews
      Starting test: CheckSDRefDom
         ......................... standrews passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... standrews passed test CrossRefValidation

   Running enterprise tests on : standrews.austin.tx.us
      Starting test: LocatorCheck
         ......................... standrews.austin.tx.us passed test
         LocatorCheck
      Starting test: Intersite
         ......................... standrews.austin.tx.us passed test Intersite
0
 
LVL 41

Accepted Solution

by:
footech earned 1500 total points
ID: 36989941
The two DHCP servers should not be interfering with each other as they are set up, but I suggested it as a troubleshooting step to confirm.

Hadn't seen the error regarding NCSecDesc before, but apparently you will see it if you haven't run adprep /rodcprep.  If you're not planning on running any read-only domain controllers you can ignore it.

Can you post the complete results of the dcdiag tests from both machines (unless everything came back as passed)?

On the workstations, in the properties of the network connection, TCP/IP settings.  On the DNS tab, is the box checked for "register this connection's addresses in DNS"?
0
 

Author Comment

by:flashtek1899
ID: 37071740
I just wound up deleting all the DNS entries and it updated fine.  I'm not sure yet if that fixed the problem.
0
 

Author Closing Comment

by:flashtek1899
ID: 37071755
No solution was really found.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question