| Home | Register | Members | Search | Windows Vista Tips | File Database | Links |
 |
| Thread Tools | Display Modes |
|
Guest
Posts: n/a
|
|
|
|
||
|
|
| |
|
Guest
Posts: n/a
|
|
|
|
|
||
|
Guest
Posts: n/a
|
HI,
As suggested i did both the options 1. configure scavenging on the DNS faulty reverse lookup zones, not less then 24 and did the manual/ start scavenging of the stale resource records but still the duplicate ip's and name are there . 2. Used the DHCP server to update DNS records: selecting the below options. a  select the Dynamically update DNS A and PTR records only if requested bythe DHCP clients check box, which is located in Properties on the DNS tab on the applicable DHCP server or on one of its scopes. b Discard A and PTR records when the lease is deleted.BUT STILL there are duplicate ip's and names . "Meinolf Weber [MVP-DS]" wrote: > Hello aMIT, > > Either configure scavenging on the DNS servers or zones, not less then 24 > hours, or use the DHCP server to update DNS records: > http://technet.microsoft.com/en-us/l...41(WS.10).aspx > > http://technet.microsoft.com/en-us/l...34(WS.10).aspx > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and confers > no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > > > > Hi, > > > > I am having any issue with reverse lookup zone, i am seeing lot of > > duplicate IP address for different machines and duplicate names as > > well with different IP address, so what setting i have to change to > > get rid of this ?? > > > > Currently there is a Windows 2003 DC on which i am observing these > > things - duplicate IP address and names . Apart from that Allow > > dynamic updates" are enabled and set to Only secure updates, and no, > > scavenging option is not checked but showing no-refresh interval and > > refersh interval is set for 7 days. > > > > > |
|
|
|
|
|||
|
Guest
Posts: n/a
|
|
|
|
|
||
|
Guest
Posts: n/a
|
Hello aMIT,
This will not remove the exisitng ones, mark the servername in DNS management console, rightclick and choose "Scavenge Stale Resource Records". This should cleanup old ones. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > HI, > > As suggested i did both the options > > 1. configure scavenging on the DNS faulty reverse lookup zones, not > less then 24 and did the manual/ start scavenging of the stale > resource records but still the duplicate ip's and name are there . > > 2. Used the DHCP server to update DNS records: selecting the below > options. > > a select the Dynamically update DNS A and PTR records only if> requested by the DHCP clients check box, which is located in > Properties on the DNS tab on the applicable DHCP server or on one of > its scopes. > > b Discard A and PTR records when the lease is deleted.> > BUT STILL there are duplicate ip's and names . > > "Meinolf Weber [MVP-DS]" wrote: > >> Hello aMIT, >> >> Either configure scavenging on the DNS servers or zones, not less >> then 24 hours, or use the DHCP server to update DNS records: >> http://technet.microsoft.com/en-us/l...41(WS.10).aspx >> >> http://technet.microsoft.com/en-us/l...34(WS.10).aspx >> >> Best regards >> >> Meinolf Weber >> Disclaimer: This posting is provided "AS IS" with no warranties, and >> confers >> no rights. >> ** Please do NOT email, only reply to Newsgroups >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >>> Hi, >>> >>> I am having any issue with reverse lookup zone, i am seeing lot of >>> duplicate IP address for different machines and duplicate names as >>> well with different IP address, so what setting i have to change to >>> get rid of this ?? >>> >>> Currently there is a Windows 2003 DC on which i am observing these >>> things - duplicate IP address and names . Apart from that Allow >>> dynamic updates" are enabled and set to Only secure updates, and no, >>> scavenging option is not checked but showing no-refresh interval and >>> refersh interval is set for 7 days. >>> |
|
|
|
|
|||
|
Guest
Posts: n/a
|
"aMIT" <> wrote in message news:54F4D5CE-5FF9-4167-A610-... > HI, > > As suggested i did both the options > > 1. configure scavenging on the DNS faulty reverse lookup zones, not less > then 24 and did the manual/ start scavenging of the stale resource records > but still the duplicate ip's and name are there . > > 2. Used the DHCP server to update DNS records: selecting the below > options. > > a select the Dynamically update DNS A and PTR records only if requested> by > the DHCP clients check box, which is located in Properties on the DNS tab > on > the applicable DHCP server or on one of its scopes. > > b Discard A and PTR records when the lease is deleted.> > BUT STILL there are duplicate ip's and names . > You will need to delete any existing ones. Also you have to force DHCP to own the record it registers, otherwise it cannot update it, therefore it creates a dupe. Until you address that, the dupe issue will continue. Meinolf's second link explains this. Did you get a chance to read it? For your convenience, the following is my blog on it. I hope it helps. I left the timestamps portion out of it. (Some of the links were already provided by Chris and Meinolf in the 'related links' section.) ================================================== ================ DHCP, Dynamic DNS Updates , Scavenging, static entries & timestamps, and the DnsProxyUpdate Group --- By Ace Fekay, MCT, MCTS Exchange 2007, MCSE & MCSA 2000/2003, MCSA Messaging First compiled 4/2006 Updated 7/2009 --- Keep in mind, the entity that registers the record in DNS, owns the record. By default, a Windows 2000 and newer statically configured machines will register their A record (hostname) and PTR (reverse entry) into DNS. If set to DHCP, the Windows 2000 and new machines will request DHCP so that the machine itself will register its own A record, but DHCP will register its PRT record. However, you can configure DHCP to update the record for the client, no matter what the client asks. However one problem with that, if the client shuts down, and later on when it comes back up past the lease time, it may get a different IP address. What happens here is a duplicate A record gets created with the new IP. This happens even though DHCP registered the record. This is because DHCP doesn't own the record, the client does, even though DHCP registered it. What we want to do to keep DNS clean without additional records with the same name but different IP address in DNS, is to configure DHCP to own the record, so it can keep it up to date. The nice thing about DHCP owning the record is it will update it if DHCP gives the machine a new IP. Otherwise you'll see multiples of the same in DNS whether scavenging is enabled or not. I would force DHCP to own the record as well as enable scavenging to keep it clean. To force DHCP to own the record, you have two options: Option 1 is to add the DHCP server to the DnsUpdateProxy group. However this is a security risk if DHCP is on a DC. And Option 2, which is preferred, whether DHCP is on a DC or not, is to create a user account for the sole purpose of using it as credentials that DHCP will use to update records. This is a regular Domain User account, and not an admin account. Option 1: 1. Add the DHCP server to the DnsUpdateProxy Group. 2. Force DHCP to register all records, Forward and PTR, (whether a client machine can do it or not) in the Option 081 tab (DHCP properties, DNS tab). 3. Set Option 015 to the AD domain name (such as example.com). 4. Set Option 006 to only the internal DNS servers. 5. If the zone is set for Secure Updates Only, then DHCP cannot update non-Microsoft clients and Microsoft clients that are not joined to the domain. In this case, you will need to create and configure a user account for use as credentials for DHCP to register such clients. Option 2: (Steps 1 and 2 are for Windows 2003) 1. In AD, create and configure a dedicated Domain User account to use as credentials in DHCP. The user account does not need any elevated rights, a normal user account is fine, however I recommend using a Strong non-expiring password on the account. 2. In the DHCP Console, DHCP server properties, select the Advanced tab, click the Credentials button, and provide the account's credentials. 3. If using Windows 2000, it must be done with the Netsh command. Windows 2003 and newer can also be done with the Netsh command, if you desire. Providing DHCP credentials, or using the DnsUpdateProxy group, will also allow DHCP to register Win9x machines, as well as non-Windows machines, such as Linux, OSx (BIND based), and other Unix flavors. With regards to the DnsProxyUpdate Group, as said, this is one method, but normally, for the most part, it is not advised to use it as it weakens security including the DC records if DHCP is on a DC. Preferably configure DHCP with an account. Once you've implemented scavenging, you will need to wait at least a week for it to take effect. You can quicken it up by manually deleting the incorrect records to give yourself a head start. Configuring credentials or using the DnsUpdateProxy group, will allevaite another issue - If DHCP is on a DC, it will not overwrite the original host record for a machine getting a new lease with an IP previoulsy belonging to another host. ====== Scavenging Scavenging is a feature that will remove expired records based on their Timestamps. Scavenging is not enabled by default. To set aging and scavenging properties for a DNS server using the DNS Console: 1. In the DNS console, right-click the DNS server name, and choose "Set Aging/Scavenging for All Zones. 3. Select the Scavenge stale resource records check box. 4. You can now either choose to set Scavenging for all zones, or choose No, and manually set each zone individually. I suggest setting it for all zones. 5. It's recommended to go with the defaults of 7 days. If you choose to change it, it should reflect and stay in line with DHCP's lease times. Now I've never found anything specific stating this, but keeping the scavenge setting to the lease minus one day, ensures that records will be deleted one day before lease renewal so it will be deleted if that record were actually not in use by a client, and has expired. If still in use, it will go through the scavenging refresh period and scavenge lifetime until the next expiration time. The following related links provide additional information on how it all works. How to configure DNS dynamic updates in Windows Server 2003. http://support.microsoft.com/kb/816592 Using DNS Aging and ScavengingAging and scavenging of stale resource records are features of Domain Name System (DNS) that are available when you deploy your server with primary zones. http://technet.microsoft.com/en-us/l.../cc757041.aspx Microsoft Enterprise Networking Team : Don't be afraid of DNS, Mar 19, 2008 DNS Scavenging is a great answer to a problem that has been nagging everyone since RFC 2136 came out in 1997. http://blogs.technet.com/networking/...e-patient.aspx DHCP, DNS and the DNSUpdateProxy-Group - Directory Services/Active ...I had a discussion in the Newsgroups lately about DHCP and the DNSUpdateProxy-Group which is used to write unsecured DNS-Entries to a DNS-Zone which only ... http://msmvps.com/ulfbsimonweidner/a.../15/19325.aspx And from Kevin Goodnecht: Setting up DHCP for DNS registrations http://support.wftx.us/setting_up_dh...s_registra.htm 317590 - HOW TO Configure DNS Dynamic Update in Windows 2000 and DNSUpdateProxy Group: http://support.microsoft.com/kb=317590 816592 - How to configure DNS dynamic updates in Windows Server 2003: http://support.microsoft.com/kb/816592 Follow up discussion on the DNSUpdateProxy-Group: http://msmvps.com/ulfbsimonweidner/a.../26/39841.aspx ================================================== ================ -- Ace This posting is provided "AS-IS" with no warranties or guarantees and confers no rights. Please reply back to the newsgroup or forum to benefit from collaboration among responding engineers, and to help others benefit from your resolution. Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging Microsoft Certified Trainer For urgent issues, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers. |
|
|
|
|
|||
|
|
| |
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Duplicate PTR records in reverse lookup zone | TSAM | DNS Server | 4 | 11-13-2008 12:54 AM |
| duplicate entries for reverse DNS zone | iwannabfishn | Active Directory | 6 | 10-19-2006 05:27 PM |
| Duplicate reverse lookup entries/nslookup problems | Roger | DNS Server | 4 | 01-17-2006 05:01 PM |
| Duplicate dns entries in reverse lookup zones | Jeremy | DNS Server | 0 | 08-10-2004 01:44 PM |
| Invalid DNS entries in Reverse Lookup Zone | Christer | DNS Server | 2 | 05-06-2004 10:54 AM |
Linear Mode
