Solved

Where are A records store for Non domain joined computers in server 2008?

Posted on 2014-03-06
8
358 Views
Last Modified: 2014-03-12
Hi there,
I was recently troubleshooting an issue with DHCP not doing dynamic updates and with help from here fixed it!
While I was troubleshooting it occurred to me I don't know where A records are store in server 2008 DNS for non domain joined devices.  Such as phones, apply computers etc.  
I have looked through DNS and am not sure these records are even just cached locally.  I was looking at my computer from home's A record and couldn't find it when it occurred to me that I was looking in the company zone.  Anybody know where they are?
0
Comment
Question by:shaunwoy
  • 3
  • 3
  • 2
8 Comments
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 39911403
It all depends on how you've configured DHCP to handle dynamic updates. The DHCP client may handle dynamic updates, or the DHCP server. Or nothing, in which case no A records would be created automatically and thus would not be "stored" anywhere.

DHCP and DNS are completey independent services. Don't confuse the two. While they are complementary when it comes to system management, neither has a dependency on the other, and ultimately DNS records only exist if someone/something creates them. So by user, or by dynamic updates, or by another automated process (scripting, etc). But DNS records (A or otherwise) won't just appear. Their creation is initiated by another process. Always.

-Cliff
0
 

Author Comment

by:shaunwoy
ID: 39911564
Thanks for your comment Cliff.
When we bring in non domain laptops and phones, they get a DHCP allocated IP address.  When I bring my laptop in, I can ping it from company devices by name and it resolves to IP.

So there is an A record somewhere.

We do have dynamic updates configured in DHCP, and it does create A records for Domain joined devices in the Domain zone.  So where would I find my non domain joined laptops A record?  It isn't in the company's domain forward lookup zone.  I wouldn't have thought it would be, but where is it?
Thanks,
Shaun
0
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 39911575
Ping does not verify that there is an A record. Use nslookup to check for that. Your ping can still be successful because DNS is not the only method windows will use.NetBIOS broadcasts, WINS, or even IPv6 can all explain a successful ping without a DNS record in sight.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:shaunwoy
ID: 39911654
Thanks for the reply Cliff.
But I don't really get how to test where the name to IP resolution is coming from still.
I had already tried nslookup, using the default domain controller and it doesn't know about my laptop name for example. Are you saying that is proof there are no A records in our domain other than the domain joined device A records or at least for that particular laptop?  Are there likely to be A records for anything else in Microsoft Server 2008 DNS? If so, where are they?
If my non domain joined laptop name is being resolved by NetBIOS or WINS then how would I prove that? If I can then I can further troubleshoot why dynamic updates in DHCP isn't giving my laptop an A record in DNS as I am hoping for.
Thanks,
Shaun
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39911655
Active directory integrated DNS is accepting only secure or non secure dynamic updates

DHCP can register host (A) records and PTR  records on behalf of client computers that supports dynamic update and also can register host (A) records for hosts that do not support dynamic registration of Host(A) and PTR records (Ex: WinNT, Win98)

The DHCP and DNS is closely integrated with each other

DHCP advanced DNS options
Remember those machines who authenticates with active directory will get their Host(A) records and PTR records registered in DNS, that's how ad integrated DNS works
This applicable to static and dynamic IP both
If you are using dynamic IP, then DHCP can take care of that

Incase of devices (Printers, scanners, IP Phones) which getting dynamic IP from DHCP but do not authenticate with active directory won't get register their host (A) records in DNS

Check below link for more details
http://www.experts-exchange.com/Networking/Protocols/DNS/Q_28379478.html
http://www.experts-exchange.com/Networking/Protocols/DHCP/Q_28375413.html

Mahesh
0
 
LVL 57

Accepted Solution

by:
Cliff Galiher earned 250 total points
ID: 39911671
If nslookup is not returning results then yes, barring a botched command typo, it means your DNS server has no matching record. Thus another lookup type is returning the address that ping is using, such as netbt or hosts/lambasts file, Just to stress again, ping is NOT intended to test DNS, or lookups at all. It is meant to test connectivity.

You can see if NetBIOS is responsible for your IP lookup succeeding with the nbtstat command. But to me, this would be more for peace of mind than anything, you've already used nslookup AND looked at your DNS server and haven't seen these rogue records, so it seems all that is as expected..
0
 
LVL 36

Assisted Solution

by:Mahesh
Mahesh earned 250 total points
ID: 39911742
if you ping your laptop hostname which is non domain joined, I guess it will be just resolved to IP and it will be not resolved to laptop FQDN 1st

In contrast, if you ping any computer that is domain joined, it will 1st resolves to its DNS host(A) record FQDN and then you will get ping reply

What important is when you hit ping, 1st query goes to your preferred DNS server, if it found matching host(A) record, it will resolve to that

The former name resolution is due to NetBIOS broad cast within same VLAN \ same network where NetBIOS broadcasting is allowed.
But if you cross your network boundary, from remote site you will probably do not get name resolution for single label names in your network unless you have Host(A) record registered in DNS

Mahesh
0
 

Author Closing Comment

by:shaunwoy
ID: 39925245
Thanks heaps for that Cliff and Mahesh.  That answers it and I have had a go too. Thanks,
Shaun
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Group Policy Mapped Drives - Work Offline? 7 42
User Being Logged Out of AD 6 65
How often Should you reconcile DHCP manually? 1 24
Modify Permissions in Windows Folders. 15 30
I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question