DNS resolution problem - nslookup not resolving
I have a network of 25 workstations and 1 server that is acting as the DHCP and DNS server. I've noticed on some of my workstations that when I use nslookup, the IPs and hostnames do not resolve. When I enter nslookup hostname, it returns my server's IP (which is correct), the hostname of that workstation, and an IP address.
When i enter nslookup and the IP address that it just stated belongs to that machine, I still get the correct DNS server IP, but I get a completely different hostname. Example of what's happening (changed IPs and hostnames):
command>
nslookup MYWRKSTATION001
results>
Server: MYSERVERNAME
Address: 192.168.100.250 (server; this IP is correct)
Name: MYWRKSTATION001
Address: 192.168.100.225 (IP that NS lookup says is issued to MYWRKSTATION001
command>
nslookup 192.168.100.225
results>
Server: MYSERVERNAME
Address: 192.168.100.250 (again, the server IP is correct)
Name: SOMEOTHERWORKSTATION005
Address 192.168.100.225 (now the lookup is saying that this IP belongs to a different machine)
I have scavaging enabled on the server. All the workstations are set to automatically detect the DNS server, which they seem to be doing correctly. I believe this is causing some problems with my network. If anyone can steer me in the right direction on how to fix this, it would be much appreciated. I'm just a beginner with DNS, so please go easy on the instructions :)
When i enter nslookup and the IP address that it just stated belongs to that machine, I still get the correct DNS server IP, but I get a completely different hostname. Example of what's happening (changed IPs and hostnames):
command>
nslookup MYWRKSTATION001
results>
Server: MYSERVERNAME
Address: 192.168.100.250 (server; this IP is correct)
Name: MYWRKSTATION001
Address: 192.168.100.225 (IP that NS lookup says is issued to MYWRKSTATION001
command>
nslookup 192.168.100.225
results>
Server: MYSERVERNAME
Address: 192.168.100.250 (again, the server IP is correct)
Name: SOMEOTHERWORKSTATION005
Address 192.168.100.225 (now the lookup is saying that this IP belongs to a different machine)
I have scavaging enabled on the server. All the workstations are set to automatically detect the DNS server, which they seem to be doing correctly. I believe this is causing some problems with my network. If anyone can steer me in the right direction on how to fix this, it would be much appreciated. I'm just a beginner with DNS, so please go easy on the instructions :)
ASKER
No, i have DHCP turned off on all other routers and devices. The only thing issuing IPs is my server.
have you created Reverse Lookup Zone.??
ASKER
Yes reverse lookup for our network exists in DNS
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks, but i already have scavenging enabled on the zone.
Scavenging will only delete records that have been aged.
It could be that these are static records so scavenging won't delete them.
You can check your DNS zone to confirm that there aren't actually duplicated records.
Do you have many static entries? Either A or CNAME records?
You can manually age all records or delete all records by doing the following:
1. Make a backup of your DNS zones.
2. Age all records OR delete all records
Open the DNS console, sort by record type and then all the A records.
N.B. Always backup before deleting.
Your servers and clients are pre-configured to re-register themselves in DNS on any of the following conditions:
- a DHCP lease is renewed/issues
- Netlogon service is restarted (including when the physical machine is restarted)
- run ipconfig /registerdns
or
- automatically once every 24 hours
It could be that these are static records so scavenging won't delete them.
You can check your DNS zone to confirm that there aren't actually duplicated records.
Do you have many static entries? Either A or CNAME records?
You can manually age all records or delete all records by doing the following:
1. Make a backup of your DNS zones.
DnsCmd <ServerName> /ZoneExport <ZoneName> <ZoneExportFile>2. Age all records OR delete all records
DnsCmd <ServerName> /AgeAllRecordsOpen the DNS console, sort by record type and then all the A records.
N.B. Always backup before deleting.
Your servers and clients are pre-configured to re-register themselves in DNS on any of the following conditions:
- a DHCP lease is renewed/issues
- Netlogon service is restarted (including when the physical machine is restarted)
- run ipconfig /registerdns
or
- automatically once every 24 hours
ASKER
Well, here's the deal. I had enabled scavenging on the server, but not the zone. I was looking at the time stamps on some of the records and there were many from 2011, 2010, and even 2009 allocated to devices that probably are not even here any more.
Here's the problem, our DHCP address pool is only set between xxx.xxx.xxx.200-250, so there are only 48 or so leases that can be available. This is sufficient for our network since we only have 30-40 devices that may connect at any one time. My concern is that with all these stale records sitting arount, could active devices be getting issued IPs that are already assigned to another device that no longer exists because the record was never deleted...
I went through the instructions in the link above and enabled scavenging on the zone. The only thing now is that when i go to Properties on the zone>General tab>Aging, the "The zone can be scavenged after" date and time box is grayed out and I cannot enter a value here.
I hope i'm making sense. I'm new to all this. Thanks for all your help!
Here's the problem, our DHCP address pool is only set between xxx.xxx.xxx.200-250, so there are only 48 or so leases that can be available. This is sufficient for our network since we only have 30-40 devices that may connect at any one time. My concern is that with all these stale records sitting arount, could active devices be getting issued IPs that are already assigned to another device that no longer exists because the record was never deleted...
I went through the instructions in the link above and enabled scavenging on the zone. The only thing now is that when i go to Properties on the zone>General tab>Aging, the "The zone can be scavenged after" date and time box is grayed out and I cannot enter a value here.
I hope i'm making sense. I'm new to all this. Thanks for all your help!
ASKER
Thanks i'll give your suggestions a try
ASKER
Should i wait until most everyone is gone for the day before I age the records, or can i just do it anytime? will users lose connection?
how many computers do connect to your network that receives dhcp and dns records from your server?
****we only have 30-40 devices that may connect at any one time**** does it mean you have more than these devices? In this case if a latter connected device receives IP of a previously assigned IP (which is now disconnected from the network) your other clients still has the record of the previous workstations. so either increase the subnet of the network fully sufficient for the clients or try ipconifg /flushdns in your workstation to remove cached dns records from them.
****we only have 30-40 devices that may connect at any one time**** does it mean you have more than these devices? In this case if a latter connected device receives IP of a previously assigned IP (which is now disconnected from the network) your other clients still has the record of the previous workstations. so either increase the subnet of the network fully sufficient for the clients or try ipconifg /flushdns in your workstation to remove cached dns records from them.
ASKER
No we would never have more than 40 devices total though not all of them at the same time.
Aging the records, just sets the time stamp on the record so that when scavenging runs it will compare the timestamp and delete the records based on the age of the record. So you can age it any time.
No you don't need to extend the network range...
Your DHCP Server will still keep the leases so you don't run the risk of getting a device picking up an IP address that is already in use.
DNS cache will be deleted after 1hour, so it's better to delete the records after hours so that you don't have to run around to all machine and ipconfig /flushdns.
No you don't need to extend the network range...
Your DHCP Server will still keep the leases so you don't run the risk of getting a device picking up an IP address that is already in use.
DNS cache will be deleted after 1hour, so it's better to delete the records after hours so that you don't have to run around to all machine and ipconfig /flushdns.
ASKER
I tried the commands and none of the timestamps on any of the dns records changed. I'm a bit confused about how DHCP and DNS are working together, because they don't seem to be at all. In DHCP i have 46 ip leases (some are phones), but in DNS, there are not many items that seem to match. For example:
There are IP leases in DHCP and no records for them in DNS, some in DHCP that have no hostname in DHCP, but does in DNS for that IP, and some in DHCP that have one hostname, and in DNS have another.
Shouldn't DHCP and DNS be working together somehow?
There are IP leases in DHCP and no records for them in DNS, some in DHCP that have no hostname in DHCP, but does in DNS for that IP, and some in DHCP that have one hostname, and in DNS have another.
Shouldn't DHCP and DNS be working together somehow?
It will work together if it's been configured correctly.
Check instructions in the following KB article to configure your DHCP server to register DNS records for all clients.
http://support.microsoft.com/kb/816592
Check instructions in the following KB article to configure your DHCP server to register DNS records for all clients.
http://support.microsoft.com/kb/816592
ASKER
I think i have this set up like this. The forward lookup seems to be working, updating the records, all records have up-to-date time stamps. It's the reverse lookup zone that has old timestamps and old records. I set scavenging and the time lapsed but nothing changed on the reverse lookup.
Check the security levels on your Zone, you need to be able to edit them.
A quick fix, would be to delete all the records and let them re-register again.
Do you have any people working on weekends?
It would be repopulated by Monday if you deleted them on Friday evening.
A quick fix, would be to delete all the records and let them re-register again.
Do you have any people working on weekends?
It would be repopulated by Monday if you deleted them on Friday evening.
ASKER
I might try that. There are no employees working on the weekend. I still don't understand why they are not updating. All the A records in the forward zone have up-to-date timestamps that were issued within the last one or two months. Most of the pointer records in the reverse zone have stamps dating 2011 and some 2010 and 2009. Scavenging is set but is seems to have no affect on the reverse zone. The security is the same as the forward zone, the server default. And unless wrong, aren't the forward and reverse lookup zone IPs and Hostnames supposed to match?
Now we did change servers back in 2010 and everything was copied over to the new one. Could that be causing it? You think that if I just delete all the pointer records in the reverse zone, then it will repopulate and that will correct our resolution problems? I can do that tonight...
Thanks for your help!
Now we did change servers back in 2010 and everything was copied over to the new one. Could that be causing it? You think that if I just delete all the pointer records in the reverse zone, then it will repopulate and that will correct our resolution problems? I can do that tonight...
Thanks for your help!
ASKER
I deleted all the pointer records in the reverse zone over 2 months ago. Since then they have not automatically repopulated. The forward zone seems to be updating fine. How do I get the reverse zone to auto-populate as well?
Strange behaviour indeed.
I'd start be deleting the reverse lookup zone and then adding it again.
Just to make sure it's not some settings that was changed and forgotten about.
You can configure using the "classful" IP addressing.
http://support.microsoft.com/kb/174419
Per subnet would be for more granular control and larger networks.
I'd start be deleting the reverse lookup zone and then adding it again.
Just to make sure it's not some settings that was changed and forgotten about.
You can configure using the "classful" IP addressing.
http://support.microsoft.com/kb/174419
Per subnet would be for more granular control and larger networks.
ASKER
Wow this looks complicated. Please check this link:
http://www.windowsreference.com/dns/how-to-create-dns-reverse-lookup-zone-in-windows-server-2003/
Could i use this to accomplish what's needed after I delete the zone? (Thanks for the tip, but I'm a beginner and sometime the microsoft KBs are too complicated)
http://www.windowsreference.com/dns/how-to-create-dns-reverse-lookup-zone-in-windows-server-2003/
Could i use this to accomplish what's needed after I delete the zone? (Thanks for the tip, but I'm a beginner and sometime the microsoft KBs are too complicated)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Good deal. I'll try this and reply with my results.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Everything has started working. Thanks for your help!
I mean to say that have a look on other device is it DHCP server is enable on that device?