Solved

AD 2008 DNS and DHCP not in sync

Posted on 2014-12-17
13
216 Views
Last Modified: 2014-12-23
I have a Windows 2008 Active Directory environment. I have 2 domain controllers. Often the IP address which a machine has been given through DHCP is not updated in DNS. For example I checked now in the DHCP for a particular machine has a new IP address but in DNS it still shows the old IP address. Not sure which settings to look at to see why the DNS is not getting updated.

My lease duration is set to 1 day on my DHCP

I have attached a screen shot of my DNS settings under the DHCP scope properties

Thanks,
0
Comment
Question by:swenger7
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
13 Comments
 
LVL 40

Expert Comment

by:footech
ID: 40506572
There's nothing attached to your post.

The problem is likely due to the ownership of the record not allowing it to be overwritten.  Also, do you have DNS scavenging enabled on the zone?  If so, what are the refresh and no-refresh intervals set to?
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 500 total points
ID: 40506843
No of things to check
1st check if your AD integrated domain dns zone (domain.com) is set to secure dynamic update, if not set it in zone properties

Then in DHCP advanced DNS properties ensure that "always update host(A) and PTR records" is selected
Ensure that discard A and PTR records when lease expires is selected

Also on general tab set credentials, this would be standard domain account, this is required
Also note that while entering account credentials enter it correctly, DHCP will not throw any errors, however then it will refuse dynamic dns update

Add DHCP server in DNS Update Proxy group on domain controller
http://blogs.msmvps.com/acefekay/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group/

Set DNS scavenging as per below post based on your dhcp lease duration, ensure that scavenging will be setup on any one DNS server under server and zone level both, other wise it won't work
Scavenging will help you to keep your dns clean and healthy
http://think-like-a-computer.com/2012/04/27/dns-scavenging/
http://blogs.technet.com/b/askpfe/archive/2011/06/03/how-dns-scavenging-and-the-dhcp-lease-duration-relate.aspx
0
 

Author Comment

by:swenger7
ID: 40506991
Sorry here is the attachment I forgot
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 

Author Comment

by:swenger7
ID: 40506993
0
 

Author Comment

by:swenger7
ID: 40507136
1. Was already set to Secure
2. Was set to first option "Dynamically update...only if requested by DHCP clients". Changed this to second option "Always...."
3. The scavenging properties were set except for the "Enable automatic scavenging of stale records" which I now checked. This was only on one of my DC. The other one had it checked.

Now that I made these changes I will check the server for the next 7-10 days to see if it is working now as it should
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 40507186
Have you set credentials and added DHCP server in dnsupdate proxy group on DC

also check earlier articles to figure out scavenging period based on your dhcp scope lease duration
0
 

Author Comment

by:swenger7
ID: 40507282
It seems that you want me to enable DHCP name protection as in attached screenshot. Is that correct? Is there any down side to this?

Also I always had 1 zone for my computers which I split a couple of months to 2 zones. I had created a second zone in the Forward but not in the reverse. Should I add this second zone to the reverse as well?

Thanks,
Capture.JPG
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 40507501
No,
There is General tab besides DNS tab
There one option called credentials at bottom,
There u need to setup standard domain user account (service account) as dhcp record registration account
Then restart DHCP server service once to make it effect
Also add DHCP server account in AD to dnsupdateproxy group on domain controller

What do you mean by split zone, sorry I don't understand
Ur computer accounts host(A) records will be registered only in main domain.com dns zone, also you have to have AD integrated reverse lookup zones for all computer subnets so that DHCP can register PTR records there.
No need to split zones, at least I am not aware with zone split concept,
0
 

Author Comment

by:swenger7
ID: 40507510
Sorry for the confusion.

I set the credentials. The article also mentions that with 2008 R2, you can also set the DHCP name protection which I did. I was wondering if there was a down side to this.

What I meant by split zones was that I have 2 Vlans. one is 192.168.1.x and the other is 192.168.20.x which I added recently. At the time of the adding of the Vlan on my network I added the zone for this to the forward zone in DNS but forgot to add the reverse for this zone which I now added.
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 40507572
Not sure how you add dns zone pointing to subnets in forward lookup zone

The zone for subnets can only be added into reverse lookup zones only

your domain.com forward lookup zone can handle all subnet without any problems and configuration
No need to create any extra forward lookup zones
0
 

Author Comment

by:swenger7
ID: 40507588
Sorry. That is correct. I didn't add the zone to the Forward. I added the zone as a scope to DHCP but didn't add the reverse Zone to DNS which I have now done.

Back to my other question is there any downside to setting the DHCP Name Protection on?
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 40507922
You can enable name protection
It is mechanism to secure DNS records against duplication meaning once record registered successfully in dns for one host, another host cannot register the same host record

Name protection behavior:
http://blogs.technet.com/b/teamdhcp/archive/2009/01/29/what-is-name-protection.aspx
0
 

Author Comment

by:swenger7
ID: 40515482
So doesn't seem like this is working.
In my forward zone, I have a computer name which has a time stamp of Dec 18 with IP 192.168.20.157
There is another computer name which has a time stamp of Dec 22 with the same IP.

The reverse zone only has the first name so if I ping the second name or use remote access tools with the second name, I end up getting the computer of the first name.

I have also enabled Name Protection thinking it should have prevented this.

Not sure how to stop this from happening
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Suggested Courses

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question