PRT records being removed

Discussion in 'DNS Server' started by BrianB, Nov 24, 2009.

  1. BrianB

    BrianB Guest

    We have 1 DHCP server for the clients on several different subnets. The
    properties of the DHCP server are "checked" as follows...
    -Enable DNS dynamic updates according to the settings below.
    -Always dynamically update DNS A and PTR records.
    -Discard A and PTR records when lease is deleted
    -Dynamically update DNS A and PTR records for DHCP clients that do not
    request...

    We have an account in the "DNSPROXYUPDATE" group along with the DHCP Server
    and have set the credentials on the advanced tab on the properties pages of
    the DHCP server.

    All reverse lookup zones/subnets are/have been created. Scavanging is set
    to default (7 days) and DHCP leases are for 2 days.

    We have a few PTR records in some subnets and none in others. There should
    be at least 50 per records per subnet.

    A few months ago they were populated and now there aren't any. Any ideas?

    The forward records are fine.

    Thanks,
    Brian
     
    BrianB, Nov 24, 2009
    #1
    1. Advertisements

  2. What may have changed between a few months ago and today?

    Do you have more than one DHCP server? I ask because you stated you have
    more than one subnet.

    Do you have more than one reverse zone, or a single zone such as, 10.10.x.x,
    and for example, 10.10.20.x records are registered under a "20" folder under
    the 10.10.x.x zone?

    I assume updates are allowed in the reverse zone(s).


    --
    Ace

    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    Please reply back to the newsgroup or forum for collaboration benefit among
    responding engineers, and to help others benefit from your resolution.

    Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
    2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer

    For urgent issues, please contact Microsoft PSS directly. Please check
    http://support.microsoft.com for regional support phone numbers.
     
    Ace Fekay [MCT], Nov 24, 2009
    #2
    1. Advertisements

  3. BrianB

    BrianB Guest

    Hey Ace,

    Prior to May 9th, 2009 there were no PTR records.
    We then set the DNS updates for "secure and non-secure" and configured the
    DNSUPDATEPROXY. Over time the PTR records were being populated. We just
    checked recently to find that most are no longer there, hence the question.

    Other than the changes on the 9th of May, nothing changed.

    We use only 1 DHCP server.

    We have multiple reverse lookup zones, but all the users fall under
    20.20.x.x zone, such as 20.20.10.x and 20.20.11.x. Verified that we don't
    have a zone and a subfolder for subnet.

    Thanks,
    Brian
     
    BrianB, Nov 24, 2009
    #3
  4. Ok, let me see if I understand your reverse zone description. YOu have a
    20.20.x.x reverse zone. YOu have clients that should be updating into the
    20.20.x.x zone. Therefore, you should see subfolders under the 20.20.x.x
    zone, at least one called "10" and another called "11."

    If not, then something else is going on.

    Regarding the DNSProxyUpdate group and setting credentials, the idea is to
    do one or the other, not both. I've never tried or tested it, regarding if
    any issues arise, to do both. You would either add the DHCP server to the
    DnsUpdateProxy group (whichever DC it is and the DnsUpdateProxy group method
    only applies to DCs that are DHCP servers, not member servers) , or create a
    plain-Jane user account, provide a strong password, and set this account as
    credentials (on either a DC or member server DHCP server).

    More info here in my blog, here:

    DHCP, Dynamic DNS Updates, Scavenging, static entries & timestamps, and the
    DnsProxyUpdate Group (How to remove duplicate DNS host records)
    http://msmvps.com/blogs/acefekay/ar...-timestamps-and-the-dnsproxyupdate-group.aspx

    It may also be helpful to post an ipconfig /all of a sample client that is
    not updating, as well as from the DHCP server.

    Regarding Johnathan's suggestions, if there are any Event log errors on the
    DC/DNS servers or on the client side, they would be helpful as well.

    Thanks,
    Ace
     
    Ace Fekay [MCT], Nov 25, 2009
    #4
  5. BrianB

    BrianB Guest

    What an insightful little rant that was. Thanks so much for the wonderful
    enlightenment.
     
    BrianB, Nov 25, 2009
    #5
  6. BrianB

    BrianB Guest

    Followup information...

    Reverse Lookup Zones
    |-20.20.x.x
    |-20.20.10.x
    |-20.20.11.x

    I have removed the credentials and left the DHCP server in the
    DNSPRoxyUpdate group.

    DHCP logs...
    31,11/25/09,11:47:54,DNS Update
    Failed,20.20.10.30,workstation.domain.domain.domain,-1,
    31,11/25/09,11:47:54,DNS Update
    Failed,20.20.1031,workstation.domain.domain.domain,-1,
    31,11/25/09,11:47:54,DNS Update
    Failed,20.20.11.32,workstation.domain.domain.domain,-1,

    Per company policy, I cannot post the IPconfig /all output, but can report
    no issues.

    DNS server logs report no errors.

    Thanks,
    Brian
     
    BrianB, Nov 25, 2009
    #6
  7. I can understand not being able to post the actual one. You can change the
    domain names, etc. What we look for is Prim DNS Suffix, if routing is
    enabled, multihoming, single label name, disjointed namespace, and ifusing
    an external DNS. Yes, the ipconfg gives us all that info.

    I assumed you've restarted the DHCP server after removing the credentials.

    Otherwise, from what you posted, it is definitely difficult to tell where
    the problem lies, especially when this usually just works by default.
    Apparently something else is amiss, such as the credentials and
    DnsUpdateProxy config, and not sure what else was configured (either
    correctly or incorrectly) but I can't determine that at this point.

    If security it a concern posting any info, which I fully understand, if I
    may suggest, it may be better placing a call with Microsoft PSS to assist
    you. They will keep your info confidential.

    Ace
     
    Ace Fekay [MCT], Nov 26, 2009
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.