1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Windows 2003 DNS Server - Client Records not being deleted.

Discussion in 'Networking' started by StumpedTechy, Feb 14, 2006.

Thread Status:
Not open for further replies.
  1. StumpedTechy

    StumpedTechy Thread Starter

    Joined:
    Jul 7, 2004
    Messages:
    7,234
    Okay let me give you all the facts up until about 6 months we ran hardcoded PC's across the board. We then got more and more laptops and are finding it easier to now run DHCP. One issue I have is we are running DHCP off a Cicso router and not off the Windows 2003 server. Also remember we have a bunch of subnets as each location is on its own vlan (while this does not matter the same problem is happening with the local LAN with the hosting servers).

    I just now went into DNS and noticed that our records are not being updated within DNS. We had some records that are in our forward lookup zones that were 3 months old + that have no computername any longer even on the network. In the reverse lookup zones there is more of the same where we have multiple records with the same IP.

    This is happening in both forward and reverse lookup zones and is on 2 different DNS servers. Now scavenging was set for the forward lokup zones for 7 days abut the reverse lookup zone was NOT enabled. We went ahead and enabled it and then I did a forced Scavenge Stale resource records on both servers at the same time.

    This did part of what I wanted but did not fix the entire problem. In the forward lookup zones the A records that were stale are now gone (at least the main ones that caused me to notice the problem to begin with). In the reverse lookup zones there are still a TON of duplicates - PTR records for 2 different PC's on the same IP and PTR records for 1 PC on 2 different IP's

    Now to sum it up and how to fix this -
    1) Why isn't the forward lookup zone scavenging anything more than 7 days out to begin with?
    2) Why won't the reverse lookup zones scavenge even with 7 days scavenging?

    Note some of these records date back over a year and I know they are stale but they are not being scavenged.

    Is there any wayt to get a Cicso router that is handling DHCP to also update the Windows 2003 DNS or is this asking the impossible?
     
  2. waymanjp

    waymanjp

    Joined:
    Mar 20, 2007
    Messages:
    7
    Hello Stumped!

    I am having the same problem in my environment with my reverse lookup zones. I have duplicate PTR records and scavenging does not seem to be working for the reverse lookup zones. I am at the point now where I am considering deleting my reverse lookup zone and recreating. I just have to answer a few questions about how I am going to recreate the reverse lookup entries that were created from manual forward entries. I would hate to have to do that part manually.

    At any rate, I believe I can at least speak to your question regarding a Cisco device being used for dynamic DNS.

    You're Windows 2000/XP clients should register their forward lookup name themselves. The DHCP server registers the PTR records on the client’s behalf. The client has the option of requesting to update both records; however, it is only responsible for actually updating the forward lookup zone. The reverse lookup zone in a Microsoft scenario is always updated by the DHCP server.

    I have not been able to determine that Cisco routers actually support dynamic DNS. I have seen some documentation for security appliances that make it possible (but I don't think they work with MS DNS)

    As far as what I've found from Cisco, they sell a DNS/DHCP solution called Cisco Network Registrar which supports dynamic DNS. My suggestion would be to pick one solution or the other. (I have no experience with CNR and I have no idea what it costs)

    http://www.cisco.com/en/US/products...ducts_user_guide_chapter09186a00801ef249.html

    If you are using Microsoft DNS servers, I would be inclined to also use Microsoft DHCP servers for IP address assignment. What is the reason that you guys do this in your environment? As a network analyst my main concern with reverse lookup zones is simply that they work properly, so many network scanning/information gathering tools use reverse lookups to resolve host names and it's nice when the correct names are resolved.


    Back to the Microsoft Reverse lookup zone stuff.

    (I have not tested this, but as a side note you may play with turning off the round robin lookup feature that is enabled by default in Microsoft DNS, this is a feature that allows for load balancing. You can have multiple host records of the same name that point to different IP addresses, the DNS server responds in a round robin fashion to requests. Returning one result for the first query and the next result for the second query and so on. The only thing I don't know is how it will respond if this feature is off, if it uses the newest entry by default then this could be a temporary fix for your problem) I am thinking about playing with this in my environment temporarily until I can fix my reverse lookup zones for good. Take a reverse lookup entry that has duplicates and try this out. Do a nslookup xxx.xxx.xxx.xxx and see how it responds each time, it should rotate through the list of duplicate entries.

    At any rate, I hope this helps. Have you discovered anything new with the reverse lookup zone issue?

    Thanks,

    Jon
     
  3. StumpedTechy

    StumpedTechy Thread Starter

    Joined:
    Jul 7, 2004
    Messages:
    7,234
    Actually I left employment there and went to a company with even larger DNS issues. o_O My last boss didn't want me touching the DNS settings and was willing to work with a broken DNS system so I let him deal with it while I found other employment.

    Here at my new job the DNS isn't so much broken as it is multilayered and thus sometimes returns wrong queries but they are working towards rectifying it but it will take them quite a long time to fix it as its a large corporation.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/442571

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice