Solved

DHCP/DNS Conflicts

Posted on 2014-03-03
7
767 Views
Last Modified: 2014-03-05
We at times have issues with DNS IP conflicts. The IP that a client actually has in DHCP does not necessarily match what is in DNS. This means stale records in DNS. If I do an ipconfig /registerdns from a client experiencing the mismatch, there is no change to the client's DNS record. I would assume that it is always supposed to replace the existing DNS record, correct?

I know we need to tweak our DHCP lease times and maybe our DNS scavenging. Our clients are mostly desktops that do not change. Please give me your opinion on the ideal settings. Currently our DHCP leases are 1 day, our DNS no-refresh interval is 7 days, and our DNS refresh interval is 7 days.
0
Comment
Question by:MCSF
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39901591
hi,

1. first delete all A records related to desktop from DNS.
2. set DHCP lease period to 21 days.
0
 

Author Comment

by:MCSF
ID: 39901601
The majority of our DNS records are correct. I would think deleting all desktop A records would create short-term chaos.

Just curious - how did you come up with 21 days?

Should an ipconfig /registerdns always replace the A record or only if there is no A record?
0
 
LVL 4

Expert Comment

by:aa-denver
ID: 39901663
I'm assuming this is a windows environment

You can turn on DNS registration on the DHCP server for all clients whether they attempt to register or not.  Have DHCP create, update, and or delete the A and PTR records.    This will start cleaning up DNS for you.

The other thing you can do to help clean up DNS is create a GPO for the clients to enable DNS client registration.  That way clients will also begin registering with DNS.

I would set the leases much shorter so that this all happens in a smaller time frame.  The default windows lease is 8 days.  You could set the lease to 2 days, or even 1 day.  You don't mention how big of an environment this is.  But if it is less than 1000 users or so, that should be fine and not overload DCs.

Then you could turn on DNS scavenging.   When you do turn on DNS scavenging set the lease back to 8 days.  Set the refresh interval to 7 days.  Also set the no-refresh interval to 7 days.  And also set the server scavenging cycle to 7 days.   All of these things come into play when scavenging.  Microsoft has set them that way for a reason.

Here's a reference on tricky things that can happen with scavenging.

https://blogs.technet.com/b/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx


http://blogs.technet.com/b/askpfe/archive/2011/06/03/how-dns-scavenging-and-the-dhcp-lease-duration-relate.aspx
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 4

Assisted Solution

by:aa-denver
aa-denver earned 250 total points
ID: 39901689
I just reread your post.  You have DNS scavenging enabled.  One issue  is the 1 day lease, 7 day refresh, 7 day no refresh, etc.  Unless you are running short of IP addresses, put the lease back to 8 days.   What is the server scavenging interval?  7 days.

If you have to keep the leases at 1 day, set the refresh and no-refresh intervals to 2 days each and the scavenging interval to 2 days.  

Read those two articles that i referenced in my previous post.
0
 

Author Comment

by:MCSF
ID: 39903181
aa-denver - I think I will set the DHCP lease back to 8 days. I will start with a couple scopes and work my way up. I am pretty sure it was set to 1 day because we were running out of IPs several years ago. Our subnets have since expanded, so that is not a problem anymore.

Does anyone know the default behavior of running ipconfig /registerdns from a client? If we run this from a client that has a stale DNS record I would expect it to refresh the stale record, but it does not. Is it supposed to?
0
 
LVL 40

Accepted Solution

by:
footech earned 250 total points
ID: 39905302
Not necessarily.
Assuming you have zones which allow secure dynamic updates:  If a record with the same name does not exist, it will be created.  If a record with the same name does exist it will be updated if the security on the record allows it.  For records created by the DHCP server, the client may not have the permissions needed to update the record.
0
 

Author Comment

by:MCSF
ID: 39907626
We will work toward an 8 day DHCP lease on all scopes to start and will continue to monitor why our DNS isn't dynamically updating the way we would hope. Thanks for your advice!
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
(Same as parent Folder) Host (A) IP: x.x.x.x 7 63
SSL-VPN 1 91
Change subnet - effects on server 14 44
Server Essentials vs Standard 4 26
If you have a multi-homed DNS setup in windows, you can have issues with connectivity to the server that hosts the DNS services (or even member servers of your domain if this same DNS server is a DC). This is because windows registers all of its IPs…
I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question