Solved

DNS in Window domain

Posted on 2013-11-07
17
199 Views
Last Modified: 2013-12-01
Ping a workstation resolve in a wrong IP address. However, I can find the record in my DNS. All the domain workstation is leased by the DHCP server. Is there anything wrong on my DHCP setting.

Workstation host name don't have record under DNS. How can it resolve the client ? Is there something wrong with the setting ?


Tks
0
Comment
Question by:AXISHK
  • 8
  • 8
17 Comments
 
LVL 10

Expert Comment

by:rjanowsky
ID: 39629610
I suspect you have more then one record for this IP address in your dns zone. Check the DNS server for duplicate entries for this IP address.
0
 
LVL 6

Expert Comment

by:iradatsiddiqui
ID: 39629744
0
 

Author Comment

by:AXISHK
ID: 39630036
Under DHCP, each workstation is leased with IP of 9 hours. Workstations can be shown under DHCP.

If I go to DNS -> [My Server] -> Forward Lookup Zones -> [My Domain], those leased workstations doesn't shown up.  Is that normal ?  Again, how can DNS return a IP address if I ping a workstation.

Still has no hint how to fix it ?

Tks
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 10

Expert Comment

by:rjanowsky
ID: 39632757
How are the DNS properties for IPv4 protocol at your DHCP server configured?

Do you have marked the Dynamic Updates, so that the DHCP server will write the A and PTR records to your DNS server? Only with Dynamic Update via the DHCP server you will get the records into your DNS zones. Otherwise you have to make the record by hand.

Windows is able to resolve hostnames into IP addresses with other means (i.e. NetBIOS names). How can you be sure that the DNS server resolves the IP addresses to hostnames, if there are no A records in your zones?
0
 

Author Comment

by:AXISHK
ID: 39638966
Attached please find my DHCP setting. In fact, no workstation is registered under DNS.  Any advise further ?

Tks
DHCP.png
0
 
LVL 10

Expert Comment

by:rjanowsky
ID: 39639035
The settings look fine to me. Is the DHCP server using the same DNS server as provided to the DHCP clients via the option for DNS server? Allows your DNS server "Dynamic Updates" by the Windows clients? You can also try using the option "Always dynamically update DNS A and PTR records" at the DNS settings of your DHCP server.
0
 

Author Comment

by:AXISHK
ID: 39649904
Try but not workstations are registered under DNS ...
0
 
LVL 10

Expert Comment

by:rjanowsky
ID: 39650949
Please check the DHCP Scope Options 006 DNS Server and 015 DNS Domain Name.

Are this options correct - pointing to the right DNS server and the correct DNS domain?

Do you have a firewall at the DNS server active which denies the DNS registration from the workstations or the DHCP server?
0
 

Author Comment

by:AXISHK
ID: 39682682
Yes, those scopes have been set up.

Is it related to the DNS setting attached. Is it recommended to change it ? We are still running in Window 2003 functional domain.

Tks
DNS-File.png
0
 
LVL 10

Expert Comment

by:rjanowsky
ID: 39682737
Yes, it is related. Without Dynamic Updates your clients can't register itself in DNS. We use the setting "Secure only" and we never had any problems with this setting. The domain functional mode isn't relevant here.
0
 

Author Comment

by:AXISHK
ID: 39682767
It only offers "None" & "Non-secure and secure" as we are in Window 2003.
0
 
LVL 10

Expert Comment

by:rjanowsky
ID: 39682793
Which type of zones are you using? We only use active directory integrated zones. Is the DNS server also the AD domain controller?
0
 

Author Comment

by:AXISHK
ID: 39682804
FYI.
DNS.png
0
 
LVL 10

Expert Comment

by:rjanowsky
ID: 39682821
You are using "normal" primary zones, which are not active directory integrated. I think, that's the reason why you can't select "Secure only" in the Dynamic Updates dropdown box. If your DNS is running on a DC, you can store the zones in Active Directory. This makes life a little bit easier. Without Dynamic DNS updates your client can't register themselves in the dns zones and you have to make all this entries by hand. If you can't switch over to AD integrated zones, you must allow "Non-secure and secure" for dynamic updates to work.
0
 

Author Comment

by:AXISHK
ID: 39682835
Will that induce some potential issue if we switch it to AD integrated zones...
Any potential impact if we select "No-secure and secure" ? Any comment for these two methods ?

We have around 600 workstations in our domain

Tks
0
 
LVL 10

Accepted Solution

by:
rjanowsky earned 500 total points
ID: 39682851
We are only using AD integrated zones and never had any problems with that zone type.

If you allow "Non-secure and secure" updates, then malicious dns clients can register themselves in your dns zones without control and can heavily interrupt the normal dns. Think about a wrong name resolution for your mail- or fileserver. Non-secure updates should be avoided. If you have a strongly controlled network at the switch level (physical port security), then the possible damage would be quite small, but in "normal" networks they can really hurt your infrastructure.
0
 

Author Closing Comment

by:AXISHK
ID: 39688904
Tks
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
NTFS Permissions 6 57
DHCP Server service was stopped because another DHCP Server is running on the network 3 66
Locating a GPO setting 3 42
powershell script 9 63
We recently had an issue where out of nowhere, end users started indicating that their logins to our terminal server were just showing a "blank screen." After checking the usual suspects -- profiles, shell=explorer.exe in the registry, userinit.exe,…
I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question