DNS/DHCP issue

Hello Everyone,

I am in the process of pushing new AV client to all clients from new ePO server in Toronto , and I am struggling with some DNS/network issues.

When a user located in Miami works from home it should get an IP address from the RAS VPN range in London or another VPN connection. Once the user is back to office, the computer picks up another IP address from internal network, however the DNS record is not been updated properly, therefore the only workaround, is  to manually delete the DNS record with the old IP address[IP obtained from VPN], wait for DNS replication and push the client again.

All users are either located in Miami or London, We have multiple servers across all regions, and the main AV server in located in Washington

For example

User A laptop setting:

Name: xxxxxxxxxx

Current DNS IP address record: 172.20.x.x

Current IP address assigned to laptop: 172.26.x.x

User B laptop setting:

Name:  yyyyyyyy

Current DNS IP address record: 1.0.x.x

Current IP address assigned to laptop: 172.26.x.x

The only difference I've noticed on the DHCP scope in Servers in London and Miami, is the DNS dynamic updates settings in the DHCP scope. Please see attached files

Can anyone point me on the right direction?
serverLondon.jpg
serverMiami.jpg
Jerry SeinfieldAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

DrDave242Commented:
Try configuring the London DHCP server to Always dynamically update DNS A and PTR records like the Miami server, and make sure both DHCP servers are members of the built-in DnsUpdateProxy group, so that each one can update DNS records registered by the other one.

More information on DHCP/DNS interaction can be found here.
0
Jerry SeinfieldAuthor Commented:
HI DrDave, forgot to say that my DHCP servers at all locations are Windows 2003 R2 servers. The link attached above, applies to Windows 2008

Any other ideas?
0
DrDave242Commented:
Sorry - a comparable article for 2003 is here. I don't believe there are any significant differences between the two, though.
0
Hey MSSPs! What's your total cost of ownership?

WEBINAR: Managed security service providers often deploy & manage products from a variety of solution vendors. But is this really the best approach when it comes to saving time AND money? Join us on Aug. 15th to learn how you can improve your total cost of ownership today!

Jerry SeinfieldAuthor Commented:
Dr Dave, to prevent this issue in the future, what would be the ideal configuration on all DHCP servers? please pick one of the below, and explain the reasons


1. To dynamically update DNS A and PTR records only if requested by the DHCP clients.
2. Always dynamically update update DNS A and PTR records

Can you please indicate all steps to add DHCP servers for different locations to be part of DnsUpdateProxy group? Please step-by-step
0
Jerry SeinfieldAuthor Commented:
Can i get an update to my last reply? Thanks in advance
0
DrDave242Commented:
I intended my comment as a suggestion for resolving the current issue (a "try this and see if it works" type of thing), rather than a policy to be implemented from now on. It would be a good idea to do some testing with one configuration or the other to see which one gives better results in your environment before deciding that one will always be put in place.

Windows DHCP clients (from Windows 2000 onward) should be able to manage their own dynamic DNS registrations, so there shouldn't be a need for the DHCP server to do it for them. I suspect the issue in your case is caused by the differing configurations on the two DHCP servers. Since one of them is configured to always register A and PTR records for clients, that server ends up owning those records, and they can't be modified by the clients themselves or the other DHCP server. I suspect that choosing either of the two configurations you posted will resolve the issue, as long as both servers are configured the same.

If you do choose Always dynamically update update DNS A and PTR records, the DHCP servers should be added to the DnsUpdateProxy group if your environment allows only secure dynamic updates to DNS (which is the recommended configuration for AD-integrated zones). Adding the DHCP servers to that group is a simple process:

1.

Open the AD Users and Computers console and locate the DnsUpdateProxy group, which is in the Users container by default.

2.

Right-click the group and select Properties.

3.

Select the Members tab of the properties window and click the Add... button.

4.

Click the Object Types... button and select Computers, then click OK.

5.

Type the names of your DHCP servers separated by semicolons and click Check Names.

6.

Assuming the names are valid, click OK until all property windows are closed.
If any of your DHCP servers are also domain controllers, it is recommended for security reasons that you create a designated service account for DHCP to use when registering or updating DNS records. This is discussed in the link I posted in my previous comment.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jerry SeinfieldAuthor Commented:
Thanks Dr

Once I applied the changes below in all dhcp servers,

Should I restart the DHCP servers and DNS server/zones?

Please advice
0
DrDave242Commented:
Actually, I don't think anything needs to be restarted to make these changes.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DHCP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.