Solved

Where are A records store for Non domain joined computers in server 2008?

Posted on 2014-03-06
8
354 Views
Last Modified: 2014-03-12
Hi there,
I was recently troubleshooting an issue with DHCP not doing dynamic updates and with help from here fixed it!
While I was troubleshooting it occurred to me I don't know where A records are store in server 2008 DNS for non domain joined devices.  Such as phones, apply computers etc.  
I have looked through DNS and am not sure these records are even just cached locally.  I was looking at my computer from home's A record and couldn't find it when it occurred to me that I was looking in the company zone.  Anybody know where they are?
0
Comment
Question by:shaunwoy
  • 3
  • 3
  • 2
8 Comments
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 39911403
It all depends on how you've configured DHCP to handle dynamic updates. The DHCP client may handle dynamic updates, or the DHCP server. Or nothing, in which case no A records would be created automatically and thus would not be "stored" anywhere.

DHCP and DNS are completey independent services. Don't confuse the two. While they are complementary when it comes to system management, neither has a dependency on the other, and ultimately DNS records only exist if someone/something creates them. So by user, or by dynamic updates, or by another automated process (scripting, etc). But DNS records (A or otherwise) won't just appear. Their creation is initiated by another process. Always.

-Cliff
0
 

Author Comment

by:shaunwoy
ID: 39911564
Thanks for your comment Cliff.
When we bring in non domain laptops and phones, they get a DHCP allocated IP address.  When I bring my laptop in, I can ping it from company devices by name and it resolves to IP.

So there is an A record somewhere.

We do have dynamic updates configured in DHCP, and it does create A records for Domain joined devices in the Domain zone.  So where would I find my non domain joined laptops A record?  It isn't in the company's domain forward lookup zone.  I wouldn't have thought it would be, but where is it?
Thanks,
Shaun
0
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 39911575
Ping does not verify that there is an A record. Use nslookup to check for that. Your ping can still be successful because DNS is not the only method windows will use.NetBIOS broadcasts, WINS, or even IPv6 can all explain a successful ping without a DNS record in sight.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:shaunwoy
ID: 39911654
Thanks for the reply Cliff.
But I don't really get how to test where the name to IP resolution is coming from still.
I had already tried nslookup, using the default domain controller and it doesn't know about my laptop name for example. Are you saying that is proof there are no A records in our domain other than the domain joined device A records or at least for that particular laptop?  Are there likely to be A records for anything else in Microsoft Server 2008 DNS? If so, where are they?
If my non domain joined laptop name is being resolved by NetBIOS or WINS then how would I prove that? If I can then I can further troubleshoot why dynamic updates in DHCP isn't giving my laptop an A record in DNS as I am hoping for.
Thanks,
Shaun
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39911655
Active directory integrated DNS is accepting only secure or non secure dynamic updates

DHCP can register host (A) records and PTR  records on behalf of client computers that supports dynamic update and also can register host (A) records for hosts that do not support dynamic registration of Host(A) and PTR records (Ex: WinNT, Win98)

The DHCP and DNS is closely integrated with each other

DHCP advanced DNS options
Remember those machines who authenticates with active directory will get their Host(A) records and PTR records registered in DNS, that's how ad integrated DNS works
This applicable to static and dynamic IP both
If you are using dynamic IP, then DHCP can take care of that

Incase of devices (Printers, scanners, IP Phones) which getting dynamic IP from DHCP but do not authenticate with active directory won't get register their host (A) records in DNS

Check below link for more details
http://www.experts-exchange.com/Networking/Protocols/DNS/Q_28379478.html
http://www.experts-exchange.com/Networking/Protocols/DHCP/Q_28375413.html

Mahesh
0
 
LVL 57

Accepted Solution

by:
Cliff Galiher earned 250 total points
ID: 39911671
If nslookup is not returning results then yes, barring a botched command typo, it means your DNS server has no matching record. Thus another lookup type is returning the address that ping is using, such as netbt or hosts/lambasts file, Just to stress again, ping is NOT intended to test DNS, or lookups at all. It is meant to test connectivity.

You can see if NetBIOS is responsible for your IP lookup succeeding with the nbtstat command. But to me, this would be more for peace of mind than anything, you've already used nslookup AND looked at your DNS server and haven't seen these rogue records, so it seems all that is as expected..
0
 
LVL 36

Assisted Solution

by:Mahesh
Mahesh earned 250 total points
ID: 39911742
if you ping your laptop hostname which is non domain joined, I guess it will be just resolved to IP and it will be not resolved to laptop FQDN 1st

In contrast, if you ping any computer that is domain joined, it will 1st resolves to its DNS host(A) record FQDN and then you will get ping reply

What important is when you hit ping, 1st query goes to your preferred DNS server, if it found matching host(A) record, it will resolve to that

The former name resolution is due to NetBIOS broad cast within same VLAN \ same network where NetBIOS broadcasting is allowed.
But if you cross your network boundary, from remote site you will probably do not get name resolution for single label names in your network unless you have Host(A) record registered in DNS

Mahesh
0
 

Author Closing Comment

by:shaunwoy
ID: 39925245
Thanks heaps for that Cliff and Mahesh.  That answers it and I have had a go too. Thanks,
Shaun
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Hyper-V not working after Anniversary Update 7 74
inplace upgrade from Windows 2003 R2 to 2012 8 72
what about DCpro 2 26
Locating a GPO setting 3 26
I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question