DNS Issues

[FN-GM]

Hi

Our windows DNS Servers on some machines are showing the wrong IP address. This is causing a few problems for example Websense isn’t filtering some machines, When we VNC to another computer it goes to another machine.

How do I fix this. Is it a case of editing each record manually? Our servers are Windows Server 2003

Thanks

[Domino]

so, hang on, i'm a bit confused.

the machine has an IP, but the DNS is resolving that ip to a different machine name? is that it?

[bizzel]

Okay, we've had to sort out something similar recently. Can you try deleting a record that's known to be wrong and then go to that PC and run a repair on the network connection - that should re-register it in DNS. Do you have scavening enabled on both your forward and reverse lookup zones? Also, is DHCP set to perform dynamic updates?

[FN-GM]

We have DHCP yes.

Whats happening is there is computer a with ip address 172.24.45.1. In the DNS computer a & computer b has the ip address 172.24.45.1

Z

Update: I deleted the DNS record for our test machine and when I rebooted it added its self back into the DNS. Would I just clear all the clients out of the dns before I go home and when they reboot tonight (script tells it to) they should add them selves again with the correct address?

[DMcCoy]

Do you have scavenging enabled?

[FN-GM]

what is scavenging how do i find this out please?

Z

[bizzel]

Scavenging removes old "stale" records. Assume that PC X registers with DNS and is then taken off site forever. Even though it's not coming back, its record will remain in DNS.

The same goes for PCs on site. Let's assume we have two PCs - A and B. A connects to the network, gets an IP from DHCP and puts a record in DNS along the lines of:

A - 192.168.1.145

A is turned off for a while and its DHCP lease expires. PC B, which has been off, is then turned on and is given the same IP by DHCP, it then registers in DNS like this:

B - 192.168.1.145

DNS allows duplicate entries, which I gather is what you're seeing. Now, as long as PC A is off, it won't get a new IP and wont update its entry so you'll have duplicates. Scavenging will wipe out A's old, inactive record after a number of days which tidies things up a lot. Hope that helps explain what it is and what it does.

Turning scavenging on can be harder than it should be, you need to turn it on in several places.

*All the below should be done on one server only - you don't need all your DNS servers scavenging if the zones are AD integrated. If they're not AD integrated, do it on your primary.*

First, from the DNS console, right click the server icon and choose properties. Go to the advanced tab and make sure that "Enable automatic scavenging of records" is enabled. Leave it at the default of 7 days.

Then, expand the Forward lookup zones folder, then expand your domain.internal entry. Right click that and choose properties. Press Ageing. Check the box marked "Scavenge stale resource records". Post the no-refresh and refresh intervals here so we can make sure they're okay. For reference, mine are 3 days and 4 days respectively.

Finally, right click the server icon again and choose Set Ageing and Scavenging for all zones. For some reason that excludes the forward lookup zone, at least, it only modified the reverse lookup zones for us. Again, tick the box marked "Scavenge stale resource records" and post your no-refresh and refresh intervals here.

[projector1]

microsoft link for scavenging

http://technet2.microsoft.com/window....mspx?mfr=true

[FN-GM]

Right i will setup scavenging on Monday. Will i be ok to delete all DNS records and let the records populate themselves over the weekend?

[bizzel]

I'm not sure is the honest answer. If you do, be very careful that you don't delete any static records, server records, aliases, nameservers or...you get the idea! It'd be a good idea to force a scavenge cycle after you set it up. You could leave it to kick in but that can take up to a week.

[FN-GM]

I would love to but i need the webfilter to work.

I will only remove DHCP clients.

[DMcCoy]

Right i will setup scavenging on Monday. Will i be ok to delete all DNS records and let the records populate themselves over the weekend?

No, static records will not get recreated. Scavenging only gets rid of those that have expired, and the dhcp server registers dns addresses with an expiery date. Make sure your dhcp lease time is the same as the limit you set for scavenging.

[FN-GM]

Ok thanks. Will i be safe to clear out DHCP clients from the DNS?

Thanks

[DMcCoy]

Ok thanks. Will i be safe to clear out DHCP clients from the DNS?

Thanks

You can clear out the forward and reverse lookups for the dhcp clients as long as you are careful. The should be recreated as the leases are reobtained, but it may take a few days to catch up.

[FN-GM]

I will remote in and do it later then. Thanks