Solved

DNS/DHCP issue

Posted on 2014-10-13
8
464 Views
Last Modified: 2014-10-14
Hello Everyone,

I am in the process of pushing new AV client to all clients from new ePO server in Toronto , and I am struggling with some DNS/network issues.

When a user located in Miami works from home it should get an IP address from the RAS VPN range in London or another VPN connection. Once the user is back to office, the computer picks up another IP address from internal network, however the DNS record is not been updated properly, therefore the only workaround, is  to manually delete the DNS record with the old IP address[IP obtained from VPN], wait for DNS replication and push the client again.

All users are either located in Miami or London, We have multiple servers across all regions, and the main AV server in located in Washington

For example

User A laptop setting:

Name: xxxxxxxxxx

Current DNS IP address record: 172.20.x.x

Current IP address assigned to laptop: 172.26.x.x

User B laptop setting:

Name:  yyyyyyyy

Current DNS IP address record: 1.0.x.x

Current IP address assigned to laptop: 172.26.x.x

The only difference I've noticed on the DHCP scope in Servers in London and Miami, is the DNS dynamic updates settings in the DHCP scope. Please see attached files

Can anyone point me on the right direction?
serverLondon.jpg
serverMiami.jpg
0
Comment
Question by:Jerry Seinfield
  • 4
  • 4
8 Comments
 
LVL 25

Expert Comment

by:DrDave242
ID: 40377406
Try configuring the London DHCP server to Always dynamically update DNS A and PTR records like the Miami server, and make sure both DHCP servers are members of the built-in DnsUpdateProxy group, so that each one can update DNS records registered by the other one.

More information on DHCP/DNS interaction can be found here.
0
 

Author Comment

by:Jerry Seinfield
ID: 40377667
HI DrDave, forgot to say that my DHCP servers at all locations are Windows 2003 R2 servers. The link attached above, applies to Windows 2008

Any other ideas?
0
 
LVL 25

Expert Comment

by:DrDave242
ID: 40377708
Sorry - a comparable article for 2003 is here. I don't believe there are any significant differences between the two, though.
0
 

Author Comment

by:Jerry Seinfield
ID: 40377814
Dr Dave, to prevent this issue in the future, what would be the ideal configuration on all DHCP servers? please pick one of the below, and explain the reasons


1. To dynamically update DNS A and PTR records only if requested by the DHCP clients.
2. Always dynamically update update DNS A and PTR records

Can you please indicate all steps to add DHCP servers for different locations to be part of DnsUpdateProxy group? Please step-by-step
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:Jerry Seinfield
ID: 40378381
Can i get an update to my last reply? Thanks in advance
0
 
LVL 25

Accepted Solution

by:
DrDave242 earned 500 total points
ID: 40378798
I intended my comment as a suggestion for resolving the current issue (a "try this and see if it works" type of thing), rather than a policy to be implemented from now on. It would be a good idea to do some testing with one configuration or the other to see which one gives better results in your environment before deciding that one will always be put in place.

Windows DHCP clients (from Windows 2000 onward) should be able to manage their own dynamic DNS registrations, so there shouldn't be a need for the DHCP server to do it for them. I suspect the issue in your case is caused by the differing configurations on the two DHCP servers. Since one of them is configured to always register A and PTR records for clients, that server ends up owning those records, and they can't be modified by the clients themselves or the other DHCP server. I suspect that choosing either of the two configurations you posted will resolve the issue, as long as both servers are configured the same.

If you do choose Always dynamically update update DNS A and PTR records, the DHCP servers should be added to the DnsUpdateProxy group if your environment allows only secure dynamic updates to DNS (which is the recommended configuration for AD-integrated zones). Adding the DHCP servers to that group is a simple process:

1.

Open the AD Users and Computers console and locate the DnsUpdateProxy group, which is in the Users container by default.

2.

Right-click the group and select Properties.

3.

Select the Members tab of the properties window and click the Add... button.

4.

Click the Object Types... button and select Computers, then click OK.

5.

Type the names of your DHCP servers separated by semicolons and click Check Names.

6.

Assuming the names are valid, click OK until all property windows are closed.
If any of your DHCP servers are also domain controllers, it is recommended for security reasons that you create a designated service account for DHCP to use when registering or updating DNS records. This is discussed in the link I posted in my previous comment.
0
 

Author Comment

by:Jerry Seinfield
ID: 40380965
Thanks Dr

Once I applied the changes below in all dhcp servers,

Should I restart the DHCP servers and DNS server/zones?

Please advice
0
 
LVL 25

Expert Comment

by:DrDave242
ID: 40380973
Actually, I don't think anything needs to be restarted to make these changes.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now