Solved

VPN Clients and DNS

Posted on 2014-03-26
11
266 Views
Last Modified: 2014-05-29
I have a strange issue with my remote clients (those that dont have a local DHCP/DNS server) that are getting duplicate records in DNS.
Here is a post that is related: http://www.experts-exchange.com/Networking/Protocols/DNS/Q_28390927.html

Ideas how to stop the duplicates?

Thanks
0
Comment
Question by:CHI-LTD
  • 8
  • 3
11 Comments
 
LVL 3

Accepted Solution

by:
Guillermin-go earned 500 total points
ID: 39959452
How is the DNS zone on the DNS servers configured to update records?
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 39959471
not sure i follow you?
0
 
LVL 3

Expert Comment

by:Guillermin-go
ID: 39959544
ok.

  I´ve reading the link you provided.  wich DNS records update policy are you using actually? If there are duplicated records for the same hostname with different IP,there is obviously an obsolete PTR record that should be manually removed (the one that points to the wrong IP) To find the problem, first we need to know how is the DNS zone configured to update records.
 
  In your other related post on experts-exchange, you´ve been prompted to run "Dnscmd /Config /OpenACLOnProxyUpdates 0 " on a ws2008.
If you are using secure only updates, the dhcp server that owns the scope where you have wrong PTR records is a 2008 and you havent ran the command,you should remove the wrong record, run  the command and keep an eye on the PTR records for the DNS zone, to check if the command works.
0
The New “Normal” in Modern Enterprise Operations

DevOps for the modern enterprise offers many benefits — increased agility, productivity, and more, but digital transformation isn’t easy, especially if you’re not addressing the right issues. Register for the webinar to dive into the “new normal” for enterprise modern ops.

 
LVL 1

Author Comment

by:CHI-LTD
ID: 39959564
oll my dhcp servers all are dynamically set.

i have also ran that command on all dhcp/dns server (also DCs) and rebooted DHCP.

i will delete another one of the records and update results here..

ps - the machines that are consistently duplicating are remote machines over a vpn connection, with IPs distributed by the firewall.  no real involvement from dns or dhcp..

just wondering is we actually need to have the reverse lookup zone for these remote users?
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 39959570
we did have wins enabled at one point on the servers..
0
 
LVL 3

Expert Comment

by:Guillermin-go
ID: 39961109
so the problem is solved?
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 39961275
no, same
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40049880
same problem.  
narrowed down to DNS not updating the remote clients @ 10.255 range on the DNS servers, and these clients still referencing an IP address in DNS that is LAN based e.g 192.168 or 172.19 IP.
Also we think NAT could be an issue now.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40049885
proved by manually deleting the dns record of the client pointing to the 192 LAN ip and then re-connect on the vpn which then shows correct 10.255 ip on the correct zone in DNS.  I can then ping servers over the branch VPN to other servers.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40058736
going to change the scavenging back to defaults
0
 
LVL 1

Author Closing Comment

by:CHI-LTD
ID: 40098298
nailed down the zones to refresh after hours, that then cleared up the old DNS records.

Still doesnt help clear old LAN records/computers...
0

Featured Post

MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

There are times where you would like to have access to information that is only available from a different network. This network could be down the hall, or across country. If each of the network sites have access to the internet, you can create a ne…
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question