Active Directory Integrated DNS not updating old records
I have an Active Directory domain with two 2012 domain controllers both running active directory integrated DNS. There is a forward lookup zone and a reverse lookup zone.
The issue I'm having is that the records in the zones are not updating when I rename a workstation or remove an old workstation from the domain.
As an example when I install Symantec Endpoint to a workstation and I search for a machine by IP, it finds the machine, but shows a name that does not match the IP. If I search for the machine called workstation-1, the correct ip is listed but Symantec shows the name as old-workstation-2 in the list of workstations that it found.
How do I get DNS to update whenever a machine is renamed or removed from the domain?
Thanks,
cja
The issue I'm having is that the records in the zones are not updating when I rename a workstation or remove an old workstation from the domain.
As an example when I install Symantec Endpoint to a workstation and I search for a machine by IP, it finds the machine, but shows a name that does not match the IP. If I search for the machine called workstation-1, the correct ip is listed but Symantec shows the name as old-workstation-2 in the list of workstations that it found.
How do I get DNS to update whenever a machine is renamed or removed from the domain?
Thanks,
cja
ASKER
Enable this on the domain controller with the PDC Master role only? Both domain controllers are running DNS.
Thanks,
Thanks,
Yes, u will find it on dns server property page
Also ensure that aging is enabled in zone properties
Also ensure that aging is enabled in zone properties
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Scavenging wont be the issue if existing workstations cannot update their own IP - that's more if old, unused records are not cleaned out.
We find the most common scenario for this is that the DHCP server owns the DNS record instead of the computer, and the DHCP server has either moved or otherwise changed.
To check this, go into the DNS record and then the security tab
Check if the computer account has access to modify the record. I believe by default, this shows up as "special" in the GUI - but once you go into advanced, you will see it has all properties ticked. You will also notice the owner is listed, this should be the computer.
If the owner is listed as your DHCP server - there's your issue
There are a couple of ways to fix this (if this is what you are having) - but my suggestion is
- Delete the record and let the computer re-register
- Configure DHCP not to register DNS records on behalf of clients
- Do this for all client machines with the issue
If that's not your issue - then sorry for the long-winded unhelpful response!
We find the most common scenario for this is that the DHCP server owns the DNS record instead of the computer, and the DHCP server has either moved or otherwise changed.
To check this, go into the DNS record and then the security tab
Check if the computer account has access to modify the record. I believe by default, this shows up as "special" in the GUI - but once you go into advanced, you will see it has all properties ticked. You will also notice the owner is listed, this should be the computer.
If the owner is listed as your DHCP server - there's your issue
There are a couple of ways to fix this (if this is what you are having) - but my suggestion is
- Delete the record and let the computer re-register
- Configure DHCP not to register DNS records on behalf of clients
- Do this for all client machines with the issue
If that's not your issue - then sorry for the long-winded unhelpful response!
ASKER
My firewall is doing DHCP, not my domain controllers. I will see if I can set this on the firewall.
Thanks,
cja
Thanks,
cja
ASKER
Thanks
Enable dns Scavenging on pdc master server, it will clear out stale / old records
Search google how to enable Scavenging