Solved

DNS A record mysteriously updating

Posted on 2013-01-23
8
374 Views
Last Modified: 2013-01-28
Hi all.  
We have a client with a multihomed Windows 2008 R2 file server who's AD DNS A record is changing at 16:10 every day.

The checkbox 'Register this connection's address in DNS' is not checked.

I've run debug logging on both AD DNS servers and confirmed the DNS update is coming from the file server.

Multihomed is required for HA and load balancing the LAN.

I should add that this box is part of a HA pair but the HA software, Neverfail, shows no sign at all that it's changing the A record.  The IP it's changing to is not the secondary HA IP but a subnet for the backups traffic.

Any ideas or suggestions?
Thanks
Paul.
0
Comment
Question by:looops
  • 4
  • 3
8 Comments
 
LVL 16

Expert Comment

by:PaciB
ID: 38809449
Hi,

You talk about a "backups traffic" subnet but you do not precise if your multi-homed server has an IP in this subnet.
Is it the case ? And if yes on which NIC is declared this backup IP ?

If you enable DNS dynamic registration on IP settings on a NIC then it is enabled for ALL IP addresses existing on this NIC.
As an example, if your NIC has IPv4 and IPv6 enabled and you enable DNS registration for IPv4 it is enabled for IPv6 also. If you declare several IPv4 addresses on a single NIC an enabled DNS registration for this NIC then all IP addresses existing on this NIC are registered in DNS.

Finally, If you have some DHCP configuration on any NIC in this server it might register in DNS with this dynamic IP also.

Can you type the command IPCONFIG /ALL on your server and give us the complete result (censure IP addresses if you want) ?


Have a good day.
0
 

Author Comment

by:looops
ID: 38809484
Thanks for the quick response.  
Register DNS is not selected on any interface.

IP6 is disabled on all interfaces.

I should have said that there are a couple of teamed connections on this box.  

IPconfig /all below note lack of gateways on the 192.168.123.x  network as this is a dedicated sync link for the HA software.

Windows IP Configuration

   Host Name . . . . . . . . . . . . : FS1
   Primary Dns Suffix  . . . . . . . : Domain.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Domain.local

Ethernet adapter TEAM primary 10.195.25.53:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : TEAM : Primary team  10.195.25.53
   Physical Address. . . . . . . . . : 00-1B-21-76-E5-5D
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.195.25.53(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.195.25.1
   DNS Servers . . . . . . . . . . . : 10.195.24.51
                                       10.195.25.50
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter TEAM Backup 10.195.22.53:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : TEAM : Team Backup 10.195.22.53
   Physical Address. . . . . . . . . : 00-1B-21-76-E5-5F
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.195.22.53(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.195.22.1
   DNS Servers . . . . . . . . . . . : 10.195.25.50
                                       10.195.24.51
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter LAN G NF2 Channel:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel(R) PRO/1000 PT Quad Port LP Server Adapter #5
   Physical Address. . . . . . . . . : 00-15-17-F0-63-FB
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.124.3(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 
   NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter LAN1 NF Channel:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : HP NC382i DP Multifunction Gigabit Server Adapter
   Physical Address. . . . . . . . . : D4-85-64-67-1F-1E
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.123.3(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{75BB1A1A-E422-4FD5-AB00-C50ECFC830B2}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A61AB808-3229-48A4-BDE6-E09CBAB59FDA}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{BFF4CE9B-E366-45A3-8AB9-E91411581BFB}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{D65B69A7-9309-45C6-A52A-3FCF88A7803B}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Open in new window

0
 
LVL 16

Accepted Solution

by:
PaciB earned 500 total points
ID: 38809578
Hi again,

Ok so, what happens is that this server registers itself with address 10.195.22.53 and this is not expected as it has no DNS registering enabled on any NIC, that's it ?

I already have seen strange behavior with teamed NICs sometimes, not exactly these symptoms but some other behavior that let me think that sometimes the teaming NIC driver does not do the correct job in the registry.

I've not a solution yet but if I were you I would make some little tests to try to locate the problem:

First of all I would confirm that the registering comes from the server itself and not from any other service somewhere on the network (DHCP, DNS zone transfer): To do that I would delete the DNS record, wait for all DNS servers to replicate the delete action, and on the server I would type IPCONFIG /REGISTERDNS and see if the DNS record comes back in DNS in the next minutes.

Then, I would change temporarily the IP address on the "backup" teamed NIC, let's say 10.195.22.63 as an example, and wait to see if the DNS record that reappears et the new IP address. I suspect that before you created the team you have configured the IP settings on a single NIC and them "teamed" this NIC with another one. At this time it is possible that the NIC driver left some bad information in the registry and this IP address is still attached to the single NIC.

Also, I would completly remove the team for the backup network, uninstall the NIC members of the team in the DEvice Manager, ask for a device refresh to make the NIC be reinstalled, recreate the team, and finally reconfigure IP settings on the backup team.

Have a good day.
0
 

Author Comment

by:looops
ID: 38809584
Good idea I'll do that thanks.
0
 
LVL 25

Expert Comment

by:DrDave242
ID: 38812041
Do you need to specify DNS servers on the backup team at all?  If that network is only used for backups, it's not likely that that team will ever need to query DNS.
0
 

Author Comment

by:looops
ID: 38813556
It would need to be able to resolve the backup server name, I could do that with a hosts file I suppose.
0
 
LVL 16

Expert Comment

by:PaciB
ID: 38813719
Hi,

Even if Windows let you configure a distinct DNS server list on each NIC, the used DNS server list is a "global" unique list built with all the DNS servers configured on all NICs.

That is quiet logical... A DNS server list can ONLY be "global" as the server can not know which NIC to use BEFORE having resolved the names to an IP !

So, the fact that you configure DNS servers one the backup NIC or not doesn't mean the server will try to reach these DNS serves through this NIC.

For the configuration to be clearer, I usually configure DNS server on only one NIC, the one that is connected to the LAN, the one that has less chances to be disconnected. As the DNS server list that is really used is not attached to a NIC or another, there's no need to repeat the DNS server list on other NICs.

Anyway, I doubt that removing the DNS server list on the backup NIC will resolve your case.
0
 

Author Closing Comment

by:looops
ID: 38825968
Problem solved thanks very much.  I de-teamed and all the individual NICs had register DNS enabled.  I disabled them and left it de-teamed for now, the DNS A record change didn't happen.  Many thanks again PaciB
0

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now