DNS question with DHCP

Hi Experts,

I am getting ready to demote a Domain Controller from our domain.
Yesterday I removed this server from the DNS listings of our DHCP clients.  The only DNS servers assigned were the 2 other DC that were previously there and working fine.

Once their leases were renewed and they received these settings, the internet was hit or miss.  Some sites didn't work at all while others took forever to load.  It was clear to me at the time that it was looking for the other DNS server but it was not listed in their DNS servers and even if something was referencing it, it was still available.

I ended up putting it back into the scope and all has returned to normal.  Here is my question:

Why did this happen?  Does DHCP still know of it's existence even though I removed it?
If and when I demote this domain controller, will this automatically remove it from DHCP or will/or should I do this step again after?

Thank you for your help

Karen
klsphotosAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dan McFaddenSystems EngineerCommented:
The clients need to renew their leases in order for them to get the modified DNS servers.  Changes to the DHCP scopes do not automatically get passed down to the DHCP clients until a renew command from the client is sent.

Meaning that is would take approximately your DHCP lease duration (possibly only half that) to reconfigure your desktops.

Dan
0
Tom CieslikIT EngineerCommented:
Did you checked in your DHCP server that DNS you want to demote is not listed in scope options under your DHCP scope ? also is not listed as Time and WINS server ?
0
klsphotosAuthor Commented:
Yes, our lease is 12 hours so I confirmed on all systems including my own that the server I planned to demote was not on their systems.  I made the change the day before. They received the change correctly but could only access web pages and connectivity part of the time.  I confirmed all settings and time server multiple times, all systems were consistent.  Time server is our PDC and was available.  They didn't work properly until I added this DC back to the scope for DNS and released and renewed their settings.

I don't get it?

I have demoted domain controllers many times, we have migrated twice since I have been here.  I have never seen this behavior before.

They are currently working but I need to demote that DC so I am confused.  I was trying to be pro-active and have removed this reference everywhere else.
0
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

Dan McFaddenSystems EngineerCommented:
Have you confirmed the changes went thru on the client side?  From the client side, did you do an ipconfig /release and then an ipconfig /renew?

Also, have you:

1. verified the DNS configuration on the other DC/DNS servers?
2. verified that the other DC/DNS servers can get thru the firewall?

If you use NSLOOKUP and set your DNS server to one of the servers that remain, can you resolve IP addresses?

Dan
0
klsphotosAuthor Commented:
Dan - yes.  Some of what you asked I confirmed in the above comment.
0
Dan McFaddenSystems EngineerCommented:
Can you be a little more specific as to what you have confirmed?

Dan
0
RoninCommented:
Validate correct configuration of forwarders or root hints on the other servers.
0
Tom CieslikIT EngineerCommented:
Check forwarders in your other DNS servers, maybe for some reason they was asking disabled DNS
Also you can remove 1-2 top root hits from DNS servers and check if this will work.
0
klsphotosAuthor Commented:
I think I see it, in our DNS zone the server I am going to demote is listed as the SOA.  I can browse and pick another so is this what it was?  It certainly matches the behavior.

Checking forwarders now
0
Tom CieslikIT EngineerCommented:
Yes, SOA (Start of Authority) it can be a problem.
If you can change set different server as SOA it should help
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
RoninCommented:
That's very wierd, SOA should NOT cause issue with name resolution.
0
klsphotosAuthor Commented:
Yes I’m still concerned about this, I need to demote this server
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DHCP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.