klsphotos
asked on
DNS question with DHCP
Hi Experts,
I am getting ready to demote a Domain Controller from our domain.
Yesterday I removed this server from the DNS listings of our DHCP clients. The only DNS servers assigned were the 2 other DC that were previously there and working fine.
Once their leases were renewed and they received these settings, the internet was hit or miss. Some sites didn't work at all while others took forever to load. It was clear to me at the time that it was looking for the other DNS server but it was not listed in their DNS servers and even if something was referencing it, it was still available.
I ended up putting it back into the scope and all has returned to normal. Here is my question:
Why did this happen? Does DHCP still know of it's existence even though I removed it?
If and when I demote this domain controller, will this automatically remove it from DHCP or will/or should I do this step again after?
Thank you for your help
Karen
I am getting ready to demote a Domain Controller from our domain.
Yesterday I removed this server from the DNS listings of our DHCP clients. The only DNS servers assigned were the 2 other DC that were previously there and working fine.
Once their leases were renewed and they received these settings, the internet was hit or miss. Some sites didn't work at all while others took forever to load. It was clear to me at the time that it was looking for the other DNS server but it was not listed in their DNS servers and even if something was referencing it, it was still available.
I ended up putting it back into the scope and all has returned to normal. Here is my question:
Why did this happen? Does DHCP still know of it's existence even though I removed it?
If and when I demote this domain controller, will this automatically remove it from DHCP or will/or should I do this step again after?
Thank you for your help
Karen
Did you checked in your DHCP server that DNS you want to demote is not listed in scope options under your DHCP scope ? also is not listed as Time and WINS server ?
ASKER
Yes, our lease is 12 hours so I confirmed on all systems including my own that the server I planned to demote was not on their systems. I made the change the day before. They received the change correctly but could only access web pages and connectivity part of the time. I confirmed all settings and time server multiple times, all systems were consistent. Time server is our PDC and was available. They didn't work properly until I added this DC back to the scope for DNS and released and renewed their settings.
I don't get it?
I have demoted domain controllers many times, we have migrated twice since I have been here. I have never seen this behavior before.
They are currently working but I need to demote that DC so I am confused. I was trying to be pro-active and have removed this reference everywhere else.
I don't get it?
I have demoted domain controllers many times, we have migrated twice since I have been here. I have never seen this behavior before.
They are currently working but I need to demote that DC so I am confused. I was trying to be pro-active and have removed this reference everywhere else.
Have you confirmed the changes went thru on the client side? From the client side, did you do an ipconfig /release and then an ipconfig /renew?
Also, have you:
1. verified the DNS configuration on the other DC/DNS servers?
2. verified that the other DC/DNS servers can get thru the firewall?
If you use NSLOOKUP and set your DNS server to one of the servers that remain, can you resolve IP addresses?
Dan
Also, have you:
1. verified the DNS configuration on the other DC/DNS servers?
2. verified that the other DC/DNS servers can get thru the firewall?
If you use NSLOOKUP and set your DNS server to one of the servers that remain, can you resolve IP addresses?
Dan
ASKER
Dan - yes. Some of what you asked I confirmed in the above comment.
Can you be a little more specific as to what you have confirmed?
Dan
Dan
Validate correct configuration of forwarders or root hints on the other servers.
Check forwarders in your other DNS servers, maybe for some reason they was asking disabled DNS
Also you can remove 1-2 top root hits from DNS servers and check if this will work.
Also you can remove 1-2 top root hits from DNS servers and check if this will work.
ASKER
I think I see it, in our DNS zone the server I am going to demote is listed as the SOA. I can browse and pick another so is this what it was? It certainly matches the behavior.
Checking forwarders now
Checking forwarders now
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
That's very wierd, SOA should NOT cause issue with name resolution.
ASKER
Yes I’m still concerned about this, I need to demote this server
Meaning that is would take approximately your DHCP lease duration (possibly only half that) to reconfigure your desktops.
Dan