Solved

Strange DNS behaviour with Domain Controllers

Posted on 2014-10-29
7
63 Views
Last Modified: 2015-06-28
Hi there,

I have a really strange behaviour with DNS when asking for the name of a Domain Controller.
A while ago whenever i used the IP address to ask for the hostname of a DC, i just got the hostname back.

I don't what changed but now i get all kind of other answer including the "real" hostname sometimes.
I feels like good old round robin behaviour.
--------------------------
forestdnszones.domain.local
domaindnszones.domain.local
gc._msdcs.domain.local
domain.local
--------------------------

This is not much of an issue at the moment. But when i open DHCP console and try to connect to the one of the DC it tries to do that with one theses names and that failes. So i have to login to that second DC an open the console there.
Long story short, most remote task are not possible anymore, cause the connection is done with the wrong hostname.

Has anyone heard of this or has an idea how i can analyse this issue?

Best regards,
Simon
0
Comment
Question by:Psymonious
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 37

Expert Comment

by:Mahesh
ID: 40410311
Did not understand exact question
Are you sating that you are unable to find domain controllers?

Check your NS records, Host(A) records and PTR records for all domain controllers for stale records
Also check (Same as Parent folder) Host records in DNS, they might be pointing to stale servers
Also check Domain Controller CNAME Records under _msdcs.domain.com and see if they are resolving and able to ping  correct domain controllers, if they do fail, you will get difficulties
You can delete stale CNAME records and recreate correct one
The correct GUID to create CNAME for particular DC can be found under AD sites and services\sitename\servers\servername\ntds settings properties \ general tab
0
 
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
ID: 40410337
Set scavenge stale records on all DNS servers: http://technet.microsoft.com/en-us/library/cc753217.aspx
Ensure your DHCP are registering computers on DNS if they not register automatically: http://technet.microsoft.com/en-us/library/cc771732.aspx
Last one, DNS faulty (or have any kind of problem) consider remove DNS function and reinstall. I think you have your DNS infrastructure redundant, you can get your zones from the other DNS server.
0
 
LVL 1

Author Comment

by:Psymonious
ID: 40410342
Both DCs are up and running and do not have an other issues.
I just get the wrong names back when resolving name to the IP address.

If i do a query with the IP to get a name, the Reverse Lookup Zone is used right?
When i look at the records for the DCs in the Reverse Lookup Zone i can see all the names that i listed above.

As i don't have an other setup to compare it with the production, i do not know how it should look in general.
Do you have the possibilities to check which records (for the DCs) are normally added to the Reverse Lookup Zones in a standard setup?
0
SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

 
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
ID: 40410345
By default, no reverse zones added (as least until 2008), when you do a direct query (name ask for IP) no reverse zones are involved, only to reverse query is used.
0
 
LVL 1

Accepted Solution

by:
Psymonious earned 0 total points
ID: 40410418
I think i found the root of the issue.
Somewhen in the past i decided to do a regular export of the dns zones, so i can now compare how it looked at the beginning of april.

And when you look at these two samples, it makes totally sense that i get round-robin answers when asking for the name of a DC using the IP address.

[now]
---------------------------------------------------------------
5.1.168                  PTR      hostname.domain.local.
                        600      PTR      gc._msdcs.domain.local.
                        600      PTR      domaindnszones.domain.local.
                        600      PTR      domain.local.
                        600      PTR      forestdnszones.domain.local.
---------------------------------------------------------------

[april]
---------------------------------------------------------------
5.1.168                  PTR      hostname.domain.local.
---------------------------------------------------------------

So it seems that someone or somewhat enabled the "Update associated pointer (PTR) record" option on these records.
0
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40855285
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Enroll in June's Course of the Month

June's Course of the Month is now available! Every 10 seconds, a consumer gets hit with ransomware. Refresh your knowledge of ransomware best practices by enrolling in this month's complimentary course for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question