VPN Clients and DNS

I have a strange issue with my remote clients (those that dont have a local DHCP/DNS server) that are getting duplicate records in DNS.
Here is a post that is related: http://www.experts-exchange.com/Networking/Protocols/DNS/Q_28390927.html

Ideas how to stop the duplicates?

Thanks
LVL 1
CHI-LTDAsked:
Who is Participating?
 
Guillermo FeijóoSystems administratorCommented:
How is the DNS zone on the DNS servers configured to update records?
0
 
CHI-LTDAuthor Commented:
not sure i follow you?
0
 
Guillermo FeijóoSystems administratorCommented:
ok.

  I´ve reading the link you provided.  wich DNS records update policy are you using actually? If there are duplicated records for the same hostname with different IP,there is obviously an obsolete PTR record that should be manually removed (the one that points to the wrong IP) To find the problem, first we need to know how is the DNS zone configured to update records.
 
  In your other related post on experts-exchange, you´ve been prompted to run "Dnscmd /Config /OpenACLOnProxyUpdates 0 " on a ws2008.
If you are using secure only updates, the dhcp server that owns the scope where you have wrong PTR records is a 2008 and you havent ran the command,you should remove the wrong record, run  the command and keep an eye on the PTR records for the DNS zone, to check if the command works.
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
CHI-LTDAuthor Commented:
oll my dhcp servers all are dynamically set.

i have also ran that command on all dhcp/dns server (also DCs) and rebooted DHCP.

i will delete another one of the records and update results here..

ps - the machines that are consistently duplicating are remote machines over a vpn connection, with IPs distributed by the firewall.  no real involvement from dns or dhcp..

just wondering is we actually need to have the reverse lookup zone for these remote users?
0
 
CHI-LTDAuthor Commented:
we did have wins enabled at one point on the servers..
0
 
Guillermo FeijóoSystems administratorCommented:
so the problem is solved?
0
 
CHI-LTDAuthor Commented:
no, same
0
 
CHI-LTDAuthor Commented:
same problem.  
narrowed down to DNS not updating the remote clients @ 10.255 range on the DNS servers, and these clients still referencing an IP address in DNS that is LAN based e.g 192.168 or 172.19 IP.
Also we think NAT could be an issue now.
0
 
CHI-LTDAuthor Commented:
proved by manually deleting the dns record of the client pointing to the 192 LAN ip and then re-connect on the vpn which then shows correct 10.255 ip on the correct zone in DNS.  I can then ping servers over the branch VPN to other servers.
0
 
CHI-LTDAuthor Commented:
going to change the scavenging back to defaults
0
 
CHI-LTDAuthor Commented:
nailed down the zones to refresh after hours, that then cleared up the old DNS records.

Still doesnt help clear old LAN records/computers...
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.