+ Post New Thread
Page 1 of 3 123 LastLast
Results 1 to 15 of 35
Windows Server 2000/2003 Thread, DNS reverse lookup Server 2003 in Technical; Hi, We are having issues with reverse lookup on DNS. The scenario is this: When I run nslookup command in ...
  1. #1

    Join Date
    Sep 2009
    Location
    Northern Ireland
    Posts
    32
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    DNS reverse lookup Server 2003

    Hi,

    We are having issues with reverse lookup on DNS. The scenario is this:

    When I run nslookup command in the format "nslookup computername" eg nslookup ot11-wks01, it will contact the primary DNS server and return the correct IP address for that computer, in this example I will use 10.50.23.20 as the returned ip address.

    If I then run nslookup on the IP address eg nslookup 10.50.23.20 it will return the FQDN of a completely different computer.

    I believe this to be a reverse lookup problem. It may not seem important but we use 8e6 iR3000 as our web filter and review the websites students are viewing regularly. the r3000 returns IP addresses used to access websites and we need to be able to resolve the ip address to a computer name in order to locate the offending user in the college. We had an occasion recently where a student was falsely accused of accessing a computer in a staff area because nslookup returned the wrong computer name

    My DNS settings on reverse lookup zones are:
    Scavenging time 7 Days (actually another technician has just changed this to 1 hour for testing)
    refresh interval 15 mins
    expires after 1 day
    Minimum Time to Live 1 hour

    Under DHCP settings the DNS tab is
    Enable DNS Dynamic updates (tick)
    Always Dynamically update DNS A and PTR records (tick)
    Discard A and PTR records when lease is deleted (tick)
    Everything else unticked

    There's alot of information there so thanks for anyone who took the time to read it and I hope someone can help.

  2. #2

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,144
    Thank Post
    113
    Thanked 518 Times in 447 Posts
    Blog Entries
    2
    Rep Power
    121
    I hate DNS for things like this - I don't think I ever really understood it so I just followed the instructions and it did all work in the end.

    The MS docs are here -http://technet.microsoft.com/en-us/library/cc757041(WS.10).aspx and should help if you follow them through.

    Plan B is to add something to the user logon script which logs their IP address somewhere. You've then got a much simpler link to who did what (you link IP to user rather than IP to machine and machine to user)

  3. Thanks to srochford from:

    mac_shinobi (24th February 2010)

  4. #3

    Join Date
    Sep 2009
    Location
    Northern Ireland
    Posts
    32
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Hey, thanks for replying. Yea I hate DNS too! Unfortuneatly we can't use Plan B to use a script to link usernames to ip address as we have ercently got a suite of iMacs and have had issues connecting them to our AD structure. According to Apple they are very sensitive to DNS so we need to get this issue resolved to rule out that being an issue there too!

  5. #4
    ind1ekid's Avatar
    Join Date
    Jul 2008
    Location
    Nottinghamshire
    Posts
    82
    Thank Post
    6
    Thanked 16 Times in 13 Posts
    Rep Power
    14
    I had a similar issue to this a while ago when I set Squid up for webfiltering. I needed to create various acls in squid based on netbios/fqdn names of clients which meant reverse dns records needed to be accurate.

    Your heading in the right direction I'd say though. Scavenging more frequently will help. If you have enough addresses to do so in DHCP, maybe increase the lease time? would mean IP addresses werent changing as much, and lesson the problem further.


  6. #5

    Join Date
    Sep 2009
    Location
    Northern Ireland
    Posts
    32
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Ok, I've set scavenging automatically for all zones to 2 hours to see if it clears it up, I will increase this value if and when this is proven to work. I could probably increase DHCP lease if necessary as well, we have loads of IP addressess available.

  7. #6

    Join Date
    Sep 2009
    Location
    Northern Ireland
    Posts
    32
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Well, I arrived in at work this morning and tried nslookup on the IP address, still returning a different computer. Any ideas?

  8. #7

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,184
    Thank Post
    299
    Thanked 211 Times in 181 Posts
    Rep Power
    55
    Reserved Ip addresses and manually entered DNS entries?

    This is what i used a year ago and everything seemed to work relatively well. This year i have not done it and my DNS is also in a terrible state. I may be going back to doing a manual reserved IP range for the macs at least.

    You can use the netsh command to create the DHCP scope and add the reserved Ip addresses and associated mac addresses. It can also be scripted. You can also do the same for the DNS entries too.

    I have the commands somewhere if you're interested.

    Oh and if you have ARD obtaining a list of the Mac addresses for the macs is a relatively painless task. Just run a report for the network section of the system. This should give you the info you are after along with the name of the machine.
    Last edited by HodgeHi; 25th February 2010 at 10:17 AM. Reason: ARD note

  9. #8

    Join Date
    Sep 2009
    Location
    Northern Ireland
    Posts
    32
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Hey Hodge, thanks for your suggestion. We tend to move our computers about quite a bit and that means they get assigned different computer names according to their location. It's also the reason why we don't want to go down the static DNS route.

    I've just notived something interesting..which maybe implies that there is something completely wrong with my DNS settings. I set a computer with a static PTR record in the reverse lookup zone yesterday. I've just performed NSlookup on it's ip address and it has returned a completely different computer......and that's a static record!

    What could be causing this?

  10. #9
    Jamo's Avatar
    Join Date
    Jan 2009
    Posts
    1,346
    Thank Post
    66
    Thanked 174 Times in 146 Posts
    Rep Power
    59
    Can you use wireshark and intercept the DNS request from the PC and see where it is going and who replies? Do you have a rogue DNS server somewhere on the network?!

  11. #10

    Join Date
    Sep 2009
    Location
    Northern Ireland
    Posts
    32
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Good suggestion! will try that thanks. I'll look for rogue DNS servers, we do have about 6 different DNS servers across 4 geographical sites which replicate frequently over Fibre Optic lines. I'm pretty sure the client is sending the DNS request to the correct server ip address as configured by DHCP but will still follow your suggestion as I'm fast running out of ideas!

  12. #11

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,184
    Thank Post
    299
    Thanked 211 Times in 181 Posts
    Rep Power
    55
    What i think happens is that Windows automatically updates the DNS entries when it gets a new IP address from the DHCP Server. Windows clients are allowed to do this as they are part of the Active Directory and therefore as secure updates is usually the default option when setting up AD and DNS, XP can update the records.

    OS X does not do this. If OS X takes a new DHCP IP then the DNS records do not get updated causing DNS records to become incorrect.

    If you dual boot your macs you have the same machine with the same mac address with 2 operating systems that behave differently when it comes to IP leasing and DNS updating. I believe this to be the cause of my and maybe your issues. although i may be completely wrong.

    Take this example:

    Server1.example.com has an IP address 192.168.1.1

    DNS entry for this machine is currently 192.168.1.1

    you run OS X. Th machine obtains a new IP 192.168.1.2. The DNS records do not get updated.

    You then run XP. In turn Xp gets the new Ip 192.168.1.2 and updates the records accordingly.

    DNS now reads 192.168.1.2.

    IIRC if you manually create the reverse lookup records they stay and a new one gets created. So now you have 2 reverse lookup records that point to different IP addresses.

    I can't remember which way round it is and i always get confused when thinking about this. I haven't looked at my own DNS yet. When i do i will update on my findings.

  13. #12

    Join Date
    Sep 2009
    Location
    Northern Ireland
    Posts
    32
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I understand what you're saying. We have very few Mac's on the network, in fact there's none on my campus at all. We have recently setup a suite of about 20 iMacs on another campus and none of the iMacs are dual boot. The DNS problem was there before we got the macs, we just didn't have the time to look at it, it's only now when we are trying to perform more frequent audits on internet use and since we got the macs that it has become important to resolve the issue.

    We had specialists come in to setup the Macs but they didn't know how to update the Active Directory Schema so had to perform work arounds on the Macs which are seperate issues. I knew how to update the schema but as this was taking place on a different site I was never made aware of the issue until the Mac guys had left. If I can get the DNS working perfect on the Windows computers then we can start to look at the problems on the iMacs.

    Cheers

  14. #13
    ind1ekid's Avatar
    Join Date
    Jul 2008
    Location
    Nottinghamshire
    Posts
    82
    Thank Post
    6
    Thanked 16 Times in 13 Posts
    Rep Power
    14
    Does it not return the correct FQDN for anything?
    Have you tried deleting the PTR records from the reverse zone then waiting for DHCP to add them back in there .. correctly I'd hope?

  15. #14

    Join Date
    Sep 2009
    Location
    Northern Ireland
    Posts
    32
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Doen't seem to, any computers I've tried at least. It is an option just to delete all PTR records in reverse lookup but it still doesn't really fix our problem as when we move computers or change names it still won't update dynamically. I haven't had time just yet but am going to investigate the possibility of a rogue DNS server first.

  16. #15
    ind1ekid's Avatar
    Join Date
    Jul 2008
    Location
    Nottinghamshire
    Posts
    82
    Thank Post
    6
    Thanked 16 Times in 13 Posts
    Rep Power
    14
    If deleting the current PTR's (im not suggesting do all of them at once ) and waiting for the DHCP leases to renew and add the PTR's, and you still end up with incorrect records then I'd be at a loss

SHARE:
+ Post New Thread
Page 1 of 3 123 LastLast

Similar Threads

  1. DNS reverse lookup problem - NSlookup
    By william-swc in forum Wireless Networks
    Replies: 2
    Last Post: 9th April 2010, 11:47 AM
  2. dotNet: DNS PTR (reverse) queries
    By PiqueABoo in forum Coding
    Replies: 4
    Last Post: 16th June 2008, 11:49 PM
  3. 2003 DNS server missing records
    By Oops_my_bad in forum Windows
    Replies: 1
    Last Post: 9th January 2008, 10:51 PM
  4. DNS reverse look up zones.
    By Kyle in forum Windows
    Replies: 1
    Last Post: 16th October 2007, 08:42 AM
  5. DNS Forward Lookup Zone query
    By SpuffMonkey in forum Windows
    Replies: 0
    Last Post: 19th February 2007, 04:20 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •