Why does the DNS cache keep old ip addresses?
Hello,
I would like to ask you for help with an error appeared in server. It is caused by assigning an IP address from DHCP to new device, but the old one, with same IP address (already disconnected) is still in the DNS cache. The precise description of the error is:
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server ´´X´´. The target name used was ´´Y´´. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named server accounts in the target realm ´´Z´´, and the client realm ´´Z´´. Please contact your system administrator.
I think, it would be solved with settings I sent out in attachment, but I would like to know what is the best solution of this error.
Thanks for the response.
EN--295511-.png
EN--295511-b.png
I would like to ask you for help with an error appeared in server. It is caused by assigning an IP address from DHCP to new device, but the old one, with same IP address (already disconnected) is still in the DNS cache. The precise description of the error is:
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server ´´X´´. The target name used was ´´Y´´. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named server accounts in the target realm ´´Z´´, and the client realm ´´Z´´. Please contact your system administrator.
I think, it would be solved with settings I sent out in attachment, but I would like to know what is the best solution of this error.
Thanks for the response.
EN--295511-.png
EN--295511-b.png
ASKER
Hi Stolsie, I'm Admin of several customers. This error appears randomly od different Windows Servers with DNS and DHCP roles. I don't need to solve particular occurrence, but set up servers correctly to prevent this happen.
Regards,
Jarda
Regards,
Jarda
There is/was a bug that causes some server 2008+ and the like to not register in DNS (or at least not correctly)
I think is been fixed, not had an issue for a while.
If the server fails to register, the old IP will remain against the name.
If your DNS server has a cache then you might want to adjust the time it keeps entries cached. (TTL)
I think is been fixed, not had an issue for a while.
If the server fails to register, the old IP will remain against the name.
If your DNS server has a cache then you might want to adjust the time it keeps entries cached. (TTL)
ASKER
Stolsie, what exactly should I set up?
Do you have real experience with this settings, or you just guess?
Jarda
Do you have real experience with this settings, or you just guess?
Jarda
You should have a TTL field in your SOA for the domain you have an "issue"
The only thing I could be guessing is how you have set up DNS and how it works with MS.
I'm using infoblox, back end Linux.
apologies you feel I'm guessing... kind of feel like I'm wasting my time and yours.
good luck.
The only thing I could be guessing is how you have set up DNS and how it works with MS.
I'm using infoblox, back end Linux.
apologies you feel I'm guessing... kind of feel like I'm wasting my time and yours.
good luck.
ASKER
Still waiting for next occurrance to check Stolsies suggestion.
Regards,
Jarda
Regards,
Jarda
ASKER
Dear Stolsie,
New occurrance appeared on my server. Now I can see:
DNS records
192.168.0.95 - NB-Tomas (timestamp: 6.4.2016)
192.168.0.95 - PC-Barbora (timestamp: 23.3.2016)
DHCP server
192.168.0.95 - NB-Tomas
I can solve it by simply deleting DNS record for PC-Barbora, but I want to prevent this error appears again.
I tried to flush DNS cache, did not help.
There is the SOA record in forward lookup zones - domainname.local, you can see screenshot in attachment. TTL is 1hr, so it is not the solution also.
I need to find how can I configure Windows Server DNS and/or DHCP to prevent this error.
Regards,
Jarda
SOA.png
New occurrance appeared on my server. Now I can see:
DNS records
192.168.0.95 - NB-Tomas (timestamp: 6.4.2016)
192.168.0.95 - PC-Barbora (timestamp: 23.3.2016)
DHCP server
192.168.0.95 - NB-Tomas
I can solve it by simply deleting DNS record for PC-Barbora, but I want to prevent this error appears again.
I tried to flush DNS cache, did not help.
There is the SOA record in forward lookup zones - domainname.local, you can see screenshot in attachment. TTL is 1hr, so it is not the solution also.
I need to find how can I configure Windows Server DNS and/or DHCP to prevent this error.
Regards,
Jarda
SOA.png
ASKER
I found default DHCP setting on WS2012R2 is configured as:
1, go to on DNS tab
2, tick "enable DNS dynamics updates according to the settings bellow"
3, select "Dynamically update DNS A and PTR records only if requested by the DHCP clients"
4, tick "discard A and PTR records when lease is deleted"
You can see the configuration in attachment.
I configured all my older Windows servers with DHCP role (SBS2008, SBS2011, SRV2008, SRV2008R2) and will se if it helps.
Regards,
Jarda
DHCP-new_settings.png
1, go to on DNS tab
2, tick "enable DNS dynamics updates according to the settings bellow"
3, select "Dynamically update DNS A and PTR records only if requested by the DHCP clients"
4, tick "discard A and PTR records when lease is deleted"
You can see the configuration in attachment.
I configured all my older Windows servers with DHCP role (SBS2008, SBS2011, SRV2008, SRV2008R2) and will se if it helps.
Regards,
Jarda
DHCP-new_settings.png
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
have you maybe got the old information in a host file on the server with the issue?
have you still got the old information in your DNS server?