Where are A records store for Non domain joined computers in server 2008?

Posted on 2014-03-06
Last Modified: 2014-03-12
Hi there,
I was recently troubleshooting an issue with DHCP not doing dynamic updates and with help from here fixed it!
While I was troubleshooting it occurred to me I don't know where A records are store in server 2008 DNS for non domain joined devices.  Such as phones, apply computers etc.  
I have looked through DNS and am not sure these records are even just cached locally.  I was looking at my computer from home's A record and couldn't find it when it occurred to me that I was looking in the company zone.  Anybody know where they are?
Question by:shaunwoy
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
LVL 58

Expert Comment

by:Cliff Galiher
ID: 39911403
It all depends on how you've configured DHCP to handle dynamic updates. The DHCP client may handle dynamic updates, or the DHCP server. Or nothing, in which case no A records would be created automatically and thus would not be "stored" anywhere.

DHCP and DNS are completey independent services. Don't confuse the two. While they are complementary when it comes to system management, neither has a dependency on the other, and ultimately DNS records only exist if someone/something creates them. So by user, or by dynamic updates, or by another automated process (scripting, etc). But DNS records (A or otherwise) won't just appear. Their creation is initiated by another process. Always.


Author Comment

ID: 39911564
Thanks for your comment Cliff.
When we bring in non domain laptops and phones, they get a DHCP allocated IP address.  When I bring my laptop in, I can ping it from company devices by name and it resolves to IP.

So there is an A record somewhere.

We do have dynamic updates configured in DHCP, and it does create A records for Domain joined devices in the Domain zone.  So where would I find my non domain joined laptops A record?  It isn't in the company's domain forward lookup zone.  I wouldn't have thought it would be, but where is it?
LVL 58

Expert Comment

by:Cliff Galiher
ID: 39911575
Ping does not verify that there is an A record. Use nslookup to check for that. Your ping can still be successful because DNS is not the only method windows will use.NetBIOS broadcasts, WINS, or even IPv6 can all explain a successful ping without a DNS record in sight.
SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.


Author Comment

ID: 39911654
Thanks for the reply Cliff.
But I don't really get how to test where the name to IP resolution is coming from still.
I had already tried nslookup, using the default domain controller and it doesn't know about my laptop name for example. Are you saying that is proof there are no A records in our domain other than the domain joined device A records or at least for that particular laptop?  Are there likely to be A records for anything else in Microsoft Server 2008 DNS? If so, where are they?
If my non domain joined laptop name is being resolved by NetBIOS or WINS then how would I prove that? If I can then I can further troubleshoot why dynamic updates in DHCP isn't giving my laptop an A record in DNS as I am hoping for.
LVL 37

Expert Comment

ID: 39911655
Active directory integrated DNS is accepting only secure or non secure dynamic updates

DHCP can register host (A) records and PTR  records on behalf of client computers that supports dynamic update and also can register host (A) records for hosts that do not support dynamic registration of Host(A) and PTR records (Ex: WinNT, Win98)

The DHCP and DNS is closely integrated with each other

DHCP advanced DNS options
Remember those machines who authenticates with active directory will get their Host(A) records and PTR records registered in DNS, that's how ad integrated DNS works
This applicable to static and dynamic IP both
If you are using dynamic IP, then DHCP can take care of that

Incase of devices (Printers, scanners, IP Phones) which getting dynamic IP from DHCP but do not authenticate with active directory won't get register their host (A) records in DNS

Check below link for more details

LVL 58

Accepted Solution

Cliff Galiher earned 250 total points
ID: 39911671
If nslookup is not returning results then yes, barring a botched command typo, it means your DNS server has no matching record. Thus another lookup type is returning the address that ping is using, such as netbt or hosts/lambasts file, Just to stress again, ping is NOT intended to test DNS, or lookups at all. It is meant to test connectivity.

You can see if NetBIOS is responsible for your IP lookup succeeding with the nbtstat command. But to me, this would be more for peace of mind than anything, you've already used nslookup AND looked at your DNS server and haven't seen these rogue records, so it seems all that is as expected..
LVL 37

Assisted Solution

Mahesh earned 250 total points
ID: 39911742
if you ping your laptop hostname which is non domain joined, I guess it will be just resolved to IP and it will be not resolved to laptop FQDN 1st

In contrast, if you ping any computer that is domain joined, it will 1st resolves to its DNS host(A) record FQDN and then you will get ping reply

What important is when you hit ping, 1st query goes to your preferred DNS server, if it found matching host(A) record, it will resolve to that

The former name resolution is due to NetBIOS broad cast within same VLAN \ same network where NetBIOS broadcasting is allowed.
But if you cross your network boundary, from remote site you will probably do not get name resolution for single label names in your network unless you have Host(A) record registered in DNS


Author Closing Comment

ID: 39925245
Thanks heaps for that Cliff and Mahesh.  That answers it and I have had a go too. Thanks,

Featured Post

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Server Shares and Excel files 2 42
Blocking Microsoft Edge From Running? 14 131
Prevent to get Active Directory Policy on My PC 9 72
IIS Authentication Error 401 16 70
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question