Solved

Strange DNS behaviour with Domain Controllers

Posted on 2014-10-29
7
55 Views
Last Modified: 2015-06-28
Hi there,

I have a really strange behaviour with DNS when asking for the name of a Domain Controller.
A while ago whenever i used the IP address to ask for the hostname of a DC, i just got the hostname back.

I don't what changed but now i get all kind of other answer including the "real" hostname sometimes.
I feels like good old round robin behaviour.
--------------------------
forestdnszones.domain.local
domaindnszones.domain.local
gc._msdcs.domain.local
domain.local
--------------------------

This is not much of an issue at the moment. But when i open DHCP console and try to connect to the one of the DC it tries to do that with one theses names and that failes. So i have to login to that second DC an open the console there.
Long story short, most remote task are not possible anymore, cause the connection is done with the wrong hostname.

Has anyone heard of this or has an idea how i can analyse this issue?

Best regards,
Simon
0
Comment
Question by:Psymonious
7 Comments
 
LVL 36

Expert Comment

by:Mahesh
ID: 40410311
Did not understand exact question
Are you sating that you are unable to find domain controllers?

Check your NS records, Host(A) records and PTR records for all domain controllers for stale records
Also check (Same as Parent folder) Host records in DNS, they might be pointing to stale servers
Also check Domain Controller CNAME Records under _msdcs.domain.com and see if they are resolving and able to ping  correct domain controllers, if they do fail, you will get difficulties
You can delete stale CNAME records and recreate correct one
The correct GUID to create CNAME for particular DC can be found under AD sites and services\sitename\servers\servername\ntds settings properties \ general tab
0
 
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
ID: 40410337
Set scavenge stale records on all DNS servers: http://technet.microsoft.com/en-us/library/cc753217.aspx
Ensure your DHCP are registering computers on DNS if they not register automatically: http://technet.microsoft.com/en-us/library/cc771732.aspx
Last one, DNS faulty (or have any kind of problem) consider remove DNS function and reinstall. I think you have your DNS infrastructure redundant, you can get your zones from the other DNS server.
0
 
LVL 1

Author Comment

by:Psymonious
ID: 40410342
Both DCs are up and running and do not have an other issues.
I just get the wrong names back when resolving name to the IP address.

If i do a query with the IP to get a name, the Reverse Lookup Zone is used right?
When i look at the records for the DCs in the Reverse Lookup Zone i can see all the names that i listed above.

As i don't have an other setup to compare it with the production, i do not know how it should look in general.
Do you have the possibilities to check which records (for the DCs) are normally added to the Reverse Lookup Zones in a standard setup?
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
ID: 40410345
By default, no reverse zones added (as least until 2008), when you do a direct query (name ask for IP) no reverse zones are involved, only to reverse query is used.
0
 
LVL 1

Accepted Solution

by:
Psymonious earned 0 total points
ID: 40410418
I think i found the root of the issue.
Somewhen in the past i decided to do a regular export of the dns zones, so i can now compare how it looked at the beginning of april.

And when you look at these two samples, it makes totally sense that i get round-robin answers when asking for the name of a DC using the IP address.

[now]
---------------------------------------------------------------
5.1.168                  PTR      hostname.domain.local.
                        600      PTR      gc._msdcs.domain.local.
                        600      PTR      domaindnszones.domain.local.
                        600      PTR      domain.local.
                        600      PTR      forestdnszones.domain.local.
---------------------------------------------------------------

[april]
---------------------------------------------------------------
5.1.168                  PTR      hostname.domain.local.
---------------------------------------------------------------

So it seems that someone or somewhat enabled the "Update associated pointer (PTR) record" option on these records.
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40855285
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question