We help IT Professionals succeed at work.

DNS and DHCP Interaction

jskfan
jskfan asked
on
Medium Priority
77 Views
Last Modified: 2020-02-19
DNS and DHCP Interaction

Recently we had to replace old  computers with new ones but we kept the same hostname , the new computers get different IP address than the old ones from DHCP.

Example :

Old ComputerA  replaced and named  the same ComputerA
Old ComputerA IP address: 10.10.10.10
New ComputerA IP address: 20.20.20.20

What I have noticed after replacement:
If I login locally to New ComputerA, and run Ipconfig, I will see 20.20.20.20  which is correct.
If Remotely I ping by hostname the ComputerA,  I get 10.10.10.10 with Destination Host Unreachable. [you can see it looks for old IP address]
if Remotely I ping Reverse lookup : Ping -a 20.20.20.20 , it will Reply properly and shows ComputerA  with IP 20.20.20.20


So the problem seems to be the DNS A record does not get update quickly,  I said Quickly because after sometime, if I go and ping by hostname ,ie : Ping ComputerA, I get a proper Reply with 20.20.20.20

My question is I do not understand why Reverse Ping [Ping -a <IP address>] will Reply quickly and Ping Hostname did not Reply until later time....

Any clarification will be very much appreciated.

Thank you
Comment
Watch Question

CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Can we assume that you have a Windows server handling both DHCP and DNS?

What are the settings on your DNS server? Such as having scavenging turned on or the amount of time that DNS records are valid for. You could lower the TTL for DNS to a lower threshold. Scavenging should be turned on to get rid of stale records. However, remember that DNS is not inherently instantaneous. It takes time for actions to occur that would give proper cause to update records.

My question is I do not understand why Reverse Ping [Ping -a <IP address>] will Reply quickly and Ping Hostname did not Reply until later time....
Because it's new. Updates of old records do take a bit of time. If you want to get through it all faster, you can also delete the DNS records when you're replacing the machines...
nociSoftware Engineer
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
It can also be multicast DNS (mDNS)   you need to change the name of the old computerA to computerAA for example.
(mDNS uses port 5353 in stead of port 53).
Shabarinath RamadasanInfrastructure Architect
CERTIFIED EXPERT

Commented:
Hello,
The first part is to check if the DNS zone is configured for "Secure Updates" specific to dynamic updates. If thats true, then I suspect the below is your issue.

DNS records for DHCP clients can be updated using two different methods.

1) Use the client to be responsible for updating the dynamic DNS Records from clients.
This option is commonly used however needs the below consideration.
* Client is responsible for creating/updating the DNS record
* Client Computer object will have the rights the update the respective DNS record
* In the scenario of replacing a computer (new hardware, swapping) with the same name, AD Object is deleted and the new machine with the same computer name is getting added back to the domain - which will break the permission of the DNS record created by the old computer.

I suspect this as a potential issue in your scenario, but you need to validate if you did the same sequence as I mentioned.

2) Instead of client being responsible for updating the DNS records, make DHCP responsible for updating the records.
* DHCP will be responsible for creating/updating the DNS record as and when new IP is assigned to clients
* DNS record will be created by a service account configured on the DHCP Server configuration

If this was your configuration, this issue would never happen for you. Because the DNS record are created by the service account, which infact delegates the update rights on the DNS record. So if you change the physical hardware of a client computer and re-use the same IP address, DHCP will still update the new IP address as the DHCP service account is still having the permission to update the record. In short, this approach will decouple the individual computer AD object permission with the DNS record.

If your scenario is exactly as what I told,  Either one of the below should happen for the new DNS record to get created with the correct IP address.

* Existing DNS Records will get cleared of if savaging is configured
OR
* Existing DNS Records needs an additional delegated right for the service account if you plan to setup a service account on DHCP Server
OR
* An Administrator needs to delete the DNS record

These are from my memory based on an issue which I worked in relation with Citrix VDIs 3 years back.
Refer the below technet wiki to be double sure.

https://social.technet.microsoft.com/wiki/contents/articles/51810.windows-server-integration-between-dns-and-dhcp.aspx

Cheers !
Shaba

Author

Commented:
What I do not understand why the issue was just with A Record and not PTR Record.
Software Engineer
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
It depends on the hostname used and order of requesting it....

ComputerA[new] requests DHCP gets 10.10.10.10   this creates:
    ComputerA.zone A  10.10.10.10
    10.10.10.10.in-addr.arpa PTR ComputerA.zone

Then the old one requests DHCP
ComputerA[old] requests DHCP gets 20.20.20.20 the creates:
    ComputerA.zone A 20.20.20.20   (wiping the 10.10.10.10 entry)
    20.20.20.20.in-addr.arp  PTR ComputerA.zone   (different name in DNS)....

Does that help.
DNS is a hierarchical name system WITHOUT any linkage except in human heads.  (it also is mean for Human heads).
==> there is no correlation  between 10.10.10.10.in-addr.arpa and ComputernameA.zone

The reverse lookup is equivalent to a request for hostname 10 in the 10.10.10.in-addr.arpa zone......
with PTR record type in stead of A.

Author

Commented:
Thank you Guys
Will come back to this topic another time