Solved

VPN Clients and DNS

Posted on 2014-03-26
11
270 Views
Last Modified: 2014-05-29
I have a strange issue with my remote clients (those that dont have a local DHCP/DNS server) that are getting duplicate records in DNS.
Here is a post that is related: http://www.experts-exchange.com/Networking/Protocols/DNS/Q_28390927.html

Ideas how to stop the duplicates?

Thanks
0
Comment
Question by:CHI-LTD
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 3
11 Comments
 
LVL 3

Accepted Solution

by:
Guillermin-go earned 500 total points
ID: 39959452
How is the DNS zone on the DNS servers configured to update records?
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 39959471
not sure i follow you?
0
 
LVL 3

Expert Comment

by:Guillermin-go
ID: 39959544
ok.

  I´ve reading the link you provided.  wich DNS records update policy are you using actually? If there are duplicated records for the same hostname with different IP,there is obviously an obsolete PTR record that should be manually removed (the one that points to the wrong IP) To find the problem, first we need to know how is the DNS zone configured to update records.
 
  In your other related post on experts-exchange, you´ve been prompted to run "Dnscmd /Config /OpenACLOnProxyUpdates 0 " on a ws2008.
If you are using secure only updates, the dhcp server that owns the scope where you have wrong PTR records is a 2008 and you havent ran the command,you should remove the wrong record, run  the command and keep an eye on the PTR records for the DNS zone, to check if the command works.
0
 Watch the Recording: Learning MySQL 5.7

MySQL 5.7 has a lot of new features. If you've dabbled with an older version of MySQL, it is definitely worth learning.

 
LVL 1

Author Comment

by:CHI-LTD
ID: 39959564
oll my dhcp servers all are dynamically set.

i have also ran that command on all dhcp/dns server (also DCs) and rebooted DHCP.

i will delete another one of the records and update results here..

ps - the machines that are consistently duplicating are remote machines over a vpn connection, with IPs distributed by the firewall.  no real involvement from dns or dhcp..

just wondering is we actually need to have the reverse lookup zone for these remote users?
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 39959570
we did have wins enabled at one point on the servers..
0
 
LVL 3

Expert Comment

by:Guillermin-go
ID: 39961109
so the problem is solved?
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 39961275
no, same
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40049880
same problem.  
narrowed down to DNS not updating the remote clients @ 10.255 range on the DNS servers, and these clients still referencing an IP address in DNS that is LAN based e.g 192.168 or 172.19 IP.
Also we think NAT could be an issue now.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40049885
proved by manually deleting the dns record of the client pointing to the 192 LAN ip and then re-connect on the vpn which then shows correct 10.255 ip on the correct zone in DNS.  I can then ping servers over the branch VPN to other servers.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40058736
going to change the scavenging back to defaults
0
 
LVL 1

Author Closing Comment

by:CHI-LTD
ID: 40098298
nailed down the zones to refresh after hours, that then cleared up the old DNS records.

Still doesnt help clear old LAN records/computers...
0

Featured Post

Get MySQL database support online, now!

At Percona’s web store you can order your MySQL database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question