DNS question with DHCP

Hi Experts,

I am getting ready to demote a Domain Controller from our domain.
Yesterday I removed this server from the DNS listings of our DHCP clients.  The only DNS servers assigned were the 2 other DC that were previously there and working fine.

Once their leases were renewed and they received these settings, the internet was hit or miss.  Some sites didn't work at all while others took forever to load.  It was clear to me at the time that it was looking for the other DNS server but it was not listed in their DNS servers and even if something was referencing it, it was still available.

I ended up putting it back into the scope and all has returned to normal.  Here is my question:

Why did this happen?  Does DHCP still know of it's existence even though I removed it?
If and when I demote this domain controller, will this automatically remove it from DHCP or will/or should I do this step again after?

Thank you for your help

Karen
klsphotosAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dan McFaddenSystems EngineerCommented:
The clients need to renew their leases in order for them to get the modified DNS servers.  Changes to the DHCP scopes do not automatically get passed down to the DHCP clients until a renew command from the client is sent.

Meaning that is would take approximately your DHCP lease duration (possibly only half that) to reconfigure your desktops.

Dan
Tom CieslikIT EngineerCommented:
Did you checked in your DHCP server that DNS you want to demote is not listed in scope options under your DHCP scope ? also is not listed as Time and WINS server ?
klsphotosAuthor Commented:
Yes, our lease is 12 hours so I confirmed on all systems including my own that the server I planned to demote was not on their systems.  I made the change the day before. They received the change correctly but could only access web pages and connectivity part of the time.  I confirmed all settings and time server multiple times, all systems were consistent.  Time server is our PDC and was available.  They didn't work properly until I added this DC back to the scope for DNS and released and renewed their settings.

I don't get it?

I have demoted domain controllers many times, we have migrated twice since I have been here.  I have never seen this behavior before.

They are currently working but I need to demote that DC so I am confused.  I was trying to be pro-active and have removed this reference everywhere else.
Cloud as a Security Delivery Platform for MSSPs

Every Managed Security Service Provider (MSSP) needs a platform to deliver effective and efficient security-as-a-service to their customers. Scale, elasticity and profitability are a few of the many features that a Cloud platform offers. View our on-demand webinar to learn more!

Dan McFaddenSystems EngineerCommented:
Have you confirmed the changes went thru on the client side?  From the client side, did you do an ipconfig /release and then an ipconfig /renew?

Also, have you:

1. verified the DNS configuration on the other DC/DNS servers?
2. verified that the other DC/DNS servers can get thru the firewall?

If you use NSLOOKUP and set your DNS server to one of the servers that remain, can you resolve IP addresses?

Dan
klsphotosAuthor Commented:
Dan - yes.  Some of what you asked I confirmed in the above comment.
Dan McFaddenSystems EngineerCommented:
Can you be a little more specific as to what you have confirmed?

Dan
RoninCommented:
Validate correct configuration of forwarders or root hints on the other servers.
Tom CieslikIT EngineerCommented:
Check forwarders in your other DNS servers, maybe for some reason they was asking disabled DNS
Also you can remove 1-2 top root hits from DNS servers and check if this will work.
klsphotosAuthor Commented:
I think I see it, in our DNS zone the server I am going to demote is listed as the SOA.  I can browse and pick another so is this what it was?  It certainly matches the behavior.

Checking forwarders now
Tom CieslikIT EngineerCommented:
Yes, SOA (Start of Authority) it can be a problem.
If you can change set different server as SOA it should help

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
RoninCommented:
That's very wierd, SOA should NOT cause issue with name resolution.
klsphotosAuthor Commented:
Yes I’m still concerned about this, I need to demote this server
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DHCP

From novice to tech pro — start learning today.