We help IT Professionals succeed at work.

Check out this week's podcast, "Dairy Farms to Databases: Community's Hand in Technology"Listen Now

x

Windows domain DNS issues!

70 Views
1 Endorsement
Last Modified: 2020-10-15
Multiple Host A records on the same IP address in domain DNS servers? Is that valid?
Comment
Watch Question

Hello ThereSystem Administrator
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
No. You shouldn't see this.

Open DHCP console -> right-click the IPv4 -> DNS tab -> make sure that "Allways dynamically update DNS records" and "Discard A and PTR records..." options are checked.
GiboSystems Engineer

Author

Commented:
May I know why?

BTW this is actually a DNS server with TWO(2) different Host A records pointing to TWO(2) different domain names or FQDN but with the same static IP address

Something is not right?
GiboSystems Engineer

Author

Commented:
under the forward lookup zones
GiboSystems Engineer

Author

Commented:
Those DHCP Options were already configured that way before

Should we delete the duplicate Host A DNS record? & which one?
DrDave242Principal Support Engineer
CERTIFIED EXPERT

Commented:
Are both records in the same forward lookup zone? Also, are they static or dynamic records? If they're dynamic, do they have wildly different timestamps?
GiboSystems Engineer

Author

Commented:
Well under forward lookup zones they have 2 Host A entries with the same IP address on different domains, .local & .com
Hello ThereSystem Administrator
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
Basically, the IP address should be unique in the network so if you see multiple entries in DNS, something might be wrong.

this is actually a DNS server with TWO(2) different Host A records pointing to TWO(2) different domain names or FQDN but with the same static IP address
You should have mentioned this in the original post. In this case, I understand why two hostnames are assigned to one IP address. That's ok.
kevinhsiehNetwork Engineer
CERTIFIED EXPERT

Commented:
Do you mean that you have something like this in your forward zone?

host1  a 10.10.10.10
host2  a 10.10.10.10

Yes, that is fine. It could be a little weird in the reverse zone, but you can do it no problem in the forward zone.

It might be better to have

host1 a 10.10.10.10
host2 cname host1.ad.yourdomain.com.

but that wouldn't be valid for servers with MX records, so use two A records instead.
DrDave242Principal Support Engineer
CERTIFIED EXPERT

Commented:
That may be perfectly fine. The .com entry could be there to allow your internal users to access an internal server by its public DNS name for certificate purposes.
GiboSystems Engineer

Author

Commented:
host.com A 10.10.10.10
host.local A 10.10.10.10

Is that okay?
GiboSystems Engineer

Author

Commented:
please take note, there are ADs

one .local & the other .com
Hello ThereSystem Administrator
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
Do not delete any DNS records. This is fine. However, I agree with kevinhsieh... The best practice is to use a CNAME record to point to the A record.
domain.com      A             10.10.10.10
domain.local     CNAME   domain.com
Network Engineer
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
DrDave242Principal Support Engineer
CERTIFIED EXPERT

Commented:
host.com A 10.10.10.10
host.local A 10.10.10.10

Is that okay?

Probably. (I can't really give a definite answer without knowing a lot about your environment.) This is a sort of split DNS scenario that allows internal users to browse to the server at 10.10.10.10 using its public DNS name (the same name external users would use to browse to it). This is done so that an SSL/TLS certificate with that name installed on that server will be seen as valid by those internal users; their browsers won't give scary warnings about visiting a possible phishing site.
GiboSystems Engineer

Author

Commented:
So why then we had DNS issues like IP address from some servers or machines not resolving their host names? Outdated DNS entry errors using RDPs?

Any ideas?
GiboSystems Engineer

Author

Commented:
Are these DNS stale records creating those issues?

Sometimes UNC paths does not work too?
DrDave242Principal Support Engineer
CERTIFIED EXPERT

Commented:
If you've got problems with stale DNS entries, you should look into enabling aging and scavenging on one of your DNS servers. Here's a great article on how it works:

https://web.archive.org/web/20150110071847/http://blogs.technet.com/b/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx?PageIndex=3

(Retrieved from archive.org after Microsoft's disastrous migration of their old blogs made most of the information contained within them essentially inaccessible.)
GiboSystems Engineer

Author

Commented:
Is it safe to enable aging & scavenging in DNS? Any repercussions?
DrDave242Principal Support Engineer
CERTIFIED EXPERT

Commented:
There can be risks associated with enabling it (you can end up with valid records disappearing, for example), so I encourage you to read the linked article carefully, as it goes into a fair amount of detail on how scavenging works.
GiboSystems Engineer

Author

Commented:
Or probably try to clear first the DNS server cache?
DrDave242Principal Support Engineer
CERTIFIED EXPERT

Commented:
Clearing the cache is simple enough, but the server only caches records that aren't in its own database; records that you see in the forward lookup zones on the server won't be affected by clearing the server cache. (Clients will likely have some of those records cached, but clearing the server cache also won't affect records that are cached on the client side.)
GiboSystems Engineer

Author

Commented:
& is it correct or wrong to make your DNS forwarding to 8.8.8.8 or Google DNS?

Aren’t we supposed to forward DNS to our ISPs?
Hello ThereSystem Administrator
CERTIFIED EXPERT
Distinguished Expert 2018
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
GiboSystems Engineer

Author

Commented:
Probably use our ISP external DNS as forwarder instead of Google Public DNS in the DNS servers
GiboSystems Engineer

Author

Commented:
Have someone used MS DNS Best Practice Analyzer in Windows Server  Manager?
Hello ThereSystem Administrator
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
You can safely run the tool. It scans the server and checks the configuration and as an output, you get the list of potential problems or configuration issues.

If you are interested in this topic... DNS Best Practices
https://activedirectorypro.com/dns-best-practices/#dns-analyzer
kevinhsiehNetwork Engineer
CERTIFIED EXPERT

Commented:
Can you lease explain what problems you're having? As we said, it's fine to have 2 different hosts names pointing to same IP addresses.

Now, you seem to be bringing up actual problems, what are they? Do you have multiple AD domains, or one?

Are you seeing issues where the information in the DNS zone is actually incorrect?

Could there be issues with accessing something that isn's in the same DNS namespace as the AD domain? For example, if you are in domain.local, and you're trying to access host2 in domain.com, that will only work if host2 doesn't exist in domain.local, and you have a search domain for domain.com. Otherwise, you need to access \\host.domain.com .

If you are accessing host2.domain.com via a Microsoft protocol such as SMB, and host2 is in domain.local, then even if DNS is okay you could have Service Principal Name issues.
Hello ThereSystem Administrator
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
You already got answers to your questions. And much more.

If you want to troubleshoot an issue, it's better to ask a new question.
GiboSystems Engineer

Author

Commented:
Yes 2 AD Domains, .local & .com

Actual DNS server is in .local but has 2 DNS Host A records in both domains under the same forward lookup zones

I find it strange?
GiboSystems Engineer

Author

Commented:
Perhaps a DNS stub zone should have been used for 2 domains instead of creating multiple Host A DNS records with the same IP address?
DrDave242Principal Support Engineer
CERTIFIED EXPERT

Commented:
Perhaps a DNS stub zone should have been used for 2 domains instead of creating multiple Host A DNS records with the same IP address?

Again, without extensive knowledge of your environment, I can only speculate, but a stub zone is probably not what you want. If you're trying to resolve DNS records across domains, then yes, a stub zone can work well for that, as can conditional forwarders. It doesn't sound like that's what you're trying to do, though.
Senior IT System EngineerSenior Systems Engineer
CERTIFIED EXPERT

Commented:
Use the below script to list all of the other static DNS records in your DNS zone.

Note: In Windows DNS, a record is defined as static if it doesn't have a timestamp; thus, the answer you are looking for is "get all those records with timestamp set to 0".

Clear-Host
$PathToReport = "C:\Temp"
$To = Read-Host "Please enter the email address you wish to send this report to:"
$From = Read-Host "Please enter the sending email address for this report:"
$SMTPServer = Read-Host "Please enter your SMTP server name:"
$ZoneName = Read-Host "Please enter the zone name for which you wish to retrieve static DNS records.  This may be your DNS suffix, for instance:"
$DomainController = Read-Host "Enter name of one of your domain controllers that stores DNS records:"

#Get Current date for input into report
$CurrentDate = Get-Date -Format "MMMM, yyyy"
#region Functions

Function Set-AlternatingRows {
    [CmdletBinding()]
         Param(
             [Parameter(Mandatory=$True,ValueFromPipeline=$True)]
             [object[]]$HTMLDocument,

             [Parameter(Mandatory=$True)]
             [string]$CSSEvenClass,

             [Parameter(Mandatory=$True)]
             [string]$CSSOddClass
         )
     Begin {
         $ClassName = $CSSEvenClass
     }
     Process {
         [string]$Line = $HTMLDocument
         $Line = $Line.Replace("<tr>","<tr $ClassName"">")
         If ($ClassName -eq $CSSEvenClass) {
             $ClassName = $CSSOddClass
         }
         Else {
             $ClassName = $CSSEvenClass
         }
         $Line = $Line.Replace("<table>","<table width=""20%"">")
         Return $Line
     }
}
#endregion

$Header = @"
<style>
TABLE {border-width: 1px;border-style: solid;border-color: black;border-collapse: collapse;}
TH {border-width: 1px;padding: 3px;border-style: solid;border-color: black;background-color: #D8E4FA;}
TD {border-width: 1px;padding: 3px;border-style: solid;border-color: black;}
.odd  { background-color:#ffffff; }
.even { background-color:#dddddd; }
</style>
<title>Static DNS A Records across all Nodes of $ZoneName Domain for $CurrentDate</title>
"@

$Report = Get-DnsServerResourceRecord -ZoneName $ZoneName -ComputerName $DomainController -RRType A | Where-Object Timestamp -eq $Null | Select-Object -Property HostName,RecordType -ExpandProperty RecordData
$NumberOfRecords = $Report | Measure-Object HostName | Select-Object -Property Count
$Report = $Report | Select-Object HostName,RecordType,IPv4Address |
            ConvertTo-Html -Head $Header -PreContent "<p><h2>Static DNS A Records across all Nodes of $ZoneName Domain for $CurrentDate</h2></p><br><p><h3>$NumberOfRecords Records listed</h3></p>" |
            Set-AlternatingRows -CSSEvenClass even -CSSOddClass odd
$Report | Out-File $PathToReport\Output_AD_GetListStaticARecords.html
Send-MailMessage -To $To -From $From -Subject "Static DNS A Records across all Nodes of $ZoneName Domain for $CurrentDate" -Body ($Report | Out-String) -BodyAsHtml -SmtpServer $SMTPServer

Write-Host "Script completed!" -ForegroundColor Green

Open in new window

Hello ThereSystem Administrator
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
There are multiple answers that provide useful info. Also, there are three answers marked by others as "This is a solution". Points should be split between all these answers, not just two of them.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.