Gibo
asked on
Windows domain DNS issues!
Multiple Host A records on the same IP address in domain DNS servers? Is that valid?
ASKER
May I know why?
BTW this is actually a DNS server with TWO(2) different Host A records pointing to TWO(2) different domain names or FQDN but with the same static IP address
Something is not right?
BTW this is actually a DNS server with TWO(2) different Host A records pointing to TWO(2) different domain names or FQDN but with the same static IP address
Something is not right?
ASKER
under the forward lookup zones
ASKER
Those DHCP Options were already configured that way before
Should we delete the duplicate Host A DNS record? & which one?
Should we delete the duplicate Host A DNS record? & which one?
Are both records in the same forward lookup zone? Also, are they static or dynamic records? If they're dynamic, do they have wildly different timestamps?
ASKER
Well under forward lookup zones they have 2 Host A entries with the same IP address on different domains, .local & .com
Basically, the IP address should be unique in the network so if you see multiple entries in DNS, something might be wrong.
this is actually a DNS server with TWO(2) different Host A records pointing to TWO(2) different domain names or FQDN but with the same static IP addressYou should have mentioned this in the original post. In this case, I understand why two hostnames are assigned to one IP address. That's ok.
Do you mean that you have something like this in your forward zone?
host1 a 10.10.10.10
host2 a 10.10.10.10
Yes, that is fine. It could be a little weird in the reverse zone, but you can do it no problem in the forward zone.
It might be better to have
host1 a 10.10.10.10
host2 cname host1.ad.yourdomain.com.
but that wouldn't be valid for servers with MX records, so use two A records instead.
host1 a 10.10.10.10
host2 a 10.10.10.10
Yes, that is fine. It could be a little weird in the reverse zone, but you can do it no problem in the forward zone.
It might be better to have
host1 a 10.10.10.10
host2 cname host1.ad.yourdomain.com.
but that wouldn't be valid for servers with MX records, so use two A records instead.
That may be perfectly fine. The .com entry could be there to allow your internal users to access an internal server by its public DNS name for certificate purposes.
ASKER
host.com A 10.10.10.10
host.local A 10.10.10.10
Is that okay?
host.local A 10.10.10.10
Is that okay?
ASKER
please take note, there are ADs
one .local & the other .com
one .local & the other .com
Do not delete any DNS records. This is fine. However, I agree with kevinhsieh... The best practice is to use a CNAME record to point to the A record.
domain.com A 10.10.10.10
domain.local CNAME domain.com
domain.com A 10.10.10.10
domain.local CNAME domain.com
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
host.com A 10.10.10.10
host.local A 10.10.10.10
Is that okay?
Probably. (I can't really give a definite answer without knowing a lot about your environment.) This is a sort of split DNS scenario that allows internal users to browse to the server at 10.10.10.10 using its public DNS name (the same name external users would use to browse to it). This is done so that an SSL/TLS certificate with that name installed on that server will be seen as valid by those internal users; their browsers won't give scary warnings about visiting a possible phishing site.
ASKER
So why then we had DNS issues like IP address from some servers or machines not resolving their host names? Outdated DNS entry errors using RDPs?
Any ideas?
Any ideas?
ASKER
Are these DNS stale records creating those issues?
Sometimes UNC paths does not work too?
Sometimes UNC paths does not work too?
If you've got problems with stale DNS entries, you should look into enabling aging and scavenging on one of your DNS servers. Here's a great article on how it works:
https://web.archive.org/web/20150110071847/http://blogs.technet.com/b/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx?PageIndex=3
(Retrieved from archive.org after Microsoft's disastrous migration of their old blogs made most of the information contained within them essentially inaccessible.)
https://web.archive.org/web/20150110071847/http://blogs.technet.com/b/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx?PageIndex=3
(Retrieved from archive.org after Microsoft's disastrous migration of their old blogs made most of the information contained within them essentially inaccessible.)
ASKER
Is it safe to enable aging & scavenging in DNS? Any repercussions?
There can be risks associated with enabling it (you can end up with valid records disappearing, for example), so I encourage you to read the linked article carefully, as it goes into a fair amount of detail on how scavenging works.
ASKER
Or probably try to clear first the DNS server cache?
Clearing the cache is simple enough, but the server only caches records that aren't in its own database; records that you see in the forward lookup zones on the server won't be affected by clearing the server cache. (Clients will likely have some of those records cached, but clearing the server cache also won't affect records that are cached on the client side.)
ASKER
& is it correct or wrong to make your DNS forwarding to 8.8.8.8 or Google DNS?
Aren’t we supposed to forward DNS to our ISPs?
Aren’t we supposed to forward DNS to our ISPs?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Probably use our ISP external DNS as forwarder instead of Google Public DNS in the DNS servers
ASKER
Have someone used MS DNS Best Practice Analyzer in Windows Server Manager?
You can safely run the tool. It scans the server and checks the configuration and as an output, you get the list of potential problems or configuration issues.
If you are interested in this topic... DNS Best Practices
https://activedirectorypro.com/dns-best-practices/#dns-analyzer
If you are interested in this topic... DNS Best Practices
https://activedirectorypro.com/dns-best-practices/#dns-analyzer
Can you lease explain what problems you're having? As we said, it's fine to have 2 different hosts names pointing to same IP addresses.
Now, you seem to be bringing up actual problems, what are they? Do you have multiple AD domains, or one?
Are you seeing issues where the information in the DNS zone is actually incorrect?
Could there be issues with accessing something that isn's in the same DNS namespace as the AD domain? For example, if you are in domain.local, and you're trying to access host2 in domain.com, that will only work if host2 doesn't exist in domain.local, and you have a search domain for domain.com. Otherwise, you need to access \\host.domain.com .
If you are accessing host2.domain.com via a Microsoft protocol such as SMB, and host2 is in domain.local, then even if DNS is okay you could have Service Principal Name issues.
Now, you seem to be bringing up actual problems, what are they? Do you have multiple AD domains, or one?
Are you seeing issues where the information in the DNS zone is actually incorrect?
Could there be issues with accessing something that isn's in the same DNS namespace as the AD domain? For example, if you are in domain.local, and you're trying to access host2 in domain.com, that will only work if host2 doesn't exist in domain.local, and you have a search domain for domain.com. Otherwise, you need to access \\host.domain.com .
If you are accessing host2.domain.com via a Microsoft protocol such as SMB, and host2 is in domain.local, then even if DNS is okay you could have Service Principal Name issues.
You already got answers to your questions. And much more.
If you want to troubleshoot an issue, it's better to ask a new question.
If you want to troubleshoot an issue, it's better to ask a new question.
ASKER
Yes 2 AD Domains, .local & .com
Actual DNS server is in .local but has 2 DNS Host A records in both domains under the same forward lookup zones
I find it strange?
Actual DNS server is in .local but has 2 DNS Host A records in both domains under the same forward lookup zones
I find it strange?
ASKER
Perhaps a DNS stub zone should have been used for 2 domains instead of creating multiple Host A DNS records with the same IP address?
Perhaps a DNS stub zone should have been used for 2 domains instead of creating multiple Host A DNS records with the same IP address?
Again, without extensive knowledge of your environment, I can only speculate, but a stub zone is probably not what you want. If you're trying to resolve DNS records across domains, then yes, a stub zone can work well for that, as can conditional forwarders. It doesn't sound like that's what you're trying to do, though.
Use the below script to list all of the other static DNS records in your DNS zone.
Note: In Windows DNS, a record is defined as static if it doesn't have a timestamp; thus, the answer you are looking for is "get all those records with timestamp set to 0".
Note: In Windows DNS, a record is defined as static if it doesn't have a timestamp; thus, the answer you are looking for is "get all those records with timestamp set to 0".
Clear-Host
$PathToReport = "C:\Temp"
$To = Read-Host "Please enter the email address you wish to send this report to:"
$From = Read-Host "Please enter the sending email address for this report:"
$SMTPServer = Read-Host "Please enter your SMTP server name:"
$ZoneName = Read-Host "Please enter the zone name for which you wish to retrieve static DNS records. This may be your DNS suffix, for instance:"
$DomainController = Read-Host "Enter name of one of your domain controllers that stores DNS records:"
#Get Current date for input into report
$CurrentDate = Get-Date -Format "MMMM, yyyy"
#region Functions
Function Set-AlternatingRows {
[CmdletBinding()]
Param(
[Parameter(Mandatory=$True,ValueFromPipeline=$True)]
[object[]]$HTMLDocument,
[Parameter(Mandatory=$True)]
[string]$CSSEvenClass,
[Parameter(Mandatory=$True)]
[string]$CSSOddClass
)
Begin {
$ClassName = $CSSEvenClass
}
Process {
[string]$Line = $HTMLDocument
$Line = $Line.Replace("<tr>","<tr $ClassName"">")
If ($ClassName -eq $CSSEvenClass) {
$ClassName = $CSSOddClass
}
Else {
$ClassName = $CSSEvenClass
}
$Line = $Line.Replace("<table>","<table width=""20%"">")
Return $Line
}
}
#endregion
$Header = @"
<style>
TABLE {border-width: 1px;border-style: solid;border-color: black;border-collapse: collapse;}
TH {border-width: 1px;padding: 3px;border-style: solid;border-color: black;background-color: #D8E4FA;}
TD {border-width: 1px;padding: 3px;border-style: solid;border-color: black;}
.odd { background-color:#ffffff; }
.even { background-color:#dddddd; }
</style>
<title>Static DNS A Records across all Nodes of $ZoneName Domain for $CurrentDate</title>
"@
$Report = Get-DnsServerResourceRecord -ZoneName $ZoneName -ComputerName $DomainController -RRType A | Where-Object Timestamp -eq $Null | Select-Object -Property HostName,RecordType -ExpandProperty RecordData
$NumberOfRecords = $Report | Measure-Object HostName | Select-Object -Property Count
$Report = $Report | Select-Object HostName,RecordType,IPv4Address |
ConvertTo-Html -Head $Header -PreContent "<p><h2>Static DNS A Records across all Nodes of $ZoneName Domain for $CurrentDate</h2></p><br><p><h3>$NumberOfRecords Records listed</h3></p>" |
Set-AlternatingRows -CSSEvenClass even -CSSOddClass odd
$Report | Out-File $PathToReport\Output_AD_GetListStaticARecords.html
Send-MailMessage -To $To -From $From -Subject "Static DNS A Records across all Nodes of $ZoneName Domain for $CurrentDate" -Body ($Report | Out-String) -BodyAsHtml -SmtpServer $SMTPServer
Write-Host "Script completed!" -ForegroundColor Green
There are multiple answers that provide useful info. Also, there are three answers marked by others as "This is a solution". Points should be split between all these answers, not just two of them.
Open DHCP console -> right-click the IPv4 -> DNS tab -> make sure that "Allways dynamically update DNS records" and "Discard A and PTR records..." options are checked.