?
Solved

DNS/DHCP issue

Posted on 2014-10-13
8
Medium Priority
?
502 Views
Last Modified: 2014-10-14
Hello Everyone,

I am in the process of pushing new AV client to all clients from new ePO server in Toronto , and I am struggling with some DNS/network issues.

When a user located in Miami works from home it should get an IP address from the RAS VPN range in London or another VPN connection. Once the user is back to office, the computer picks up another IP address from internal network, however the DNS record is not been updated properly, therefore the only workaround, is  to manually delete the DNS record with the old IP address[IP obtained from VPN], wait for DNS replication and push the client again.

All users are either located in Miami or London, We have multiple servers across all regions, and the main AV server in located in Washington

For example

User A laptop setting:

Name: xxxxxxxxxx

Current DNS IP address record: 172.20.x.x

Current IP address assigned to laptop: 172.26.x.x

User B laptop setting:

Name:  yyyyyyyy

Current DNS IP address record: 1.0.x.x

Current IP address assigned to laptop: 172.26.x.x

The only difference I've noticed on the DHCP scope in Servers in London and Miami, is the DNS dynamic updates settings in the DHCP scope. Please see attached files

Can anyone point me on the right direction?
serverLondon.jpg
serverMiami.jpg
0
Comment
Question by:Jerry Seinfield
  • 4
  • 4
8 Comments
 
LVL 27

Expert Comment

by:DrDave242
ID: 40377406
Try configuring the London DHCP server to Always dynamically update DNS A and PTR records like the Miami server, and make sure both DHCP servers are members of the built-in DnsUpdateProxy group, so that each one can update DNS records registered by the other one.

More information on DHCP/DNS interaction can be found here.
0
 

Author Comment

by:Jerry Seinfield
ID: 40377667
HI DrDave, forgot to say that my DHCP servers at all locations are Windows 2003 R2 servers. The link attached above, applies to Windows 2008

Any other ideas?
0
 
LVL 27

Expert Comment

by:DrDave242
ID: 40377708
Sorry - a comparable article for 2003 is here. I don't believe there are any significant differences between the two, though.
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 

Author Comment

by:Jerry Seinfield
ID: 40377814
Dr Dave, to prevent this issue in the future, what would be the ideal configuration on all DHCP servers? please pick one of the below, and explain the reasons


1. To dynamically update DNS A and PTR records only if requested by the DHCP clients.
2. Always dynamically update update DNS A and PTR records

Can you please indicate all steps to add DHCP servers for different locations to be part of DnsUpdateProxy group? Please step-by-step
0
 

Author Comment

by:Jerry Seinfield
ID: 40378381
Can i get an update to my last reply? Thanks in advance
0
 
LVL 27

Accepted Solution

by:
DrDave242 earned 2000 total points
ID: 40378798
I intended my comment as a suggestion for resolving the current issue (a "try this and see if it works" type of thing), rather than a policy to be implemented from now on. It would be a good idea to do some testing with one configuration or the other to see which one gives better results in your environment before deciding that one will always be put in place.

Windows DHCP clients (from Windows 2000 onward) should be able to manage their own dynamic DNS registrations, so there shouldn't be a need for the DHCP server to do it for them. I suspect the issue in your case is caused by the differing configurations on the two DHCP servers. Since one of them is configured to always register A and PTR records for clients, that server ends up owning those records, and they can't be modified by the clients themselves or the other DHCP server. I suspect that choosing either of the two configurations you posted will resolve the issue, as long as both servers are configured the same.

If you do choose Always dynamically update update DNS A and PTR records, the DHCP servers should be added to the DnsUpdateProxy group if your environment allows only secure dynamic updates to DNS (which is the recommended configuration for AD-integrated zones). Adding the DHCP servers to that group is a simple process:

1.

Open the AD Users and Computers console and locate the DnsUpdateProxy group, which is in the Users container by default.

2.

Right-click the group and select Properties.

3.

Select the Members tab of the properties window and click the Add... button.

4.

Click the Object Types... button and select Computers, then click OK.

5.

Type the names of your DHCP servers separated by semicolons and click Check Names.

6.

Assuming the names are valid, click OK until all property windows are closed.
If any of your DHCP servers are also domain controllers, it is recommended for security reasons that you create a designated service account for DHCP to use when registering or updating DNS records. This is discussed in the link I posted in my previous comment.
0
 

Author Comment

by:Jerry Seinfield
ID: 40380965
Thanks Dr

Once I applied the changes below in all dhcp servers,

Should I restart the DHCP servers and DNS server/zones?

Please advice
0
 
LVL 27

Expert Comment

by:DrDave242
ID: 40380973
Actually, I don't think anything needs to be restarted to make these changes.
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
This applies to Dell but may also apply to other manufacturers as well. We ran across a few machines that just dropped recently it trust relationship with the server. After doing the basic removing and joining the domain again, it changed to No logo…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question