Is this also true where only secure updates are allowed for the server or zone? One of the immediate effects of allowing only secure updates (in addition to scavenging) was the removal of all non-member (9x, NT) machine's A records from the zone. This is what we wanted.
-----Original Message----- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 18, 2003 10:07 To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] DNS Inconsistency Your second statement, about the DNS proxy group, is only true for supporting downlevel clients. In addition, it opens up some new and interesting security issues, because now your DHCP servers can injecy ANY record they want into DNS, including bogus DC and GC records. ------------------------------------------------------ Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -----Original Message----- > From: Todd Povilaitis [mailto:[EMAIL PROTECTED]] > Sent: Monday, February 17, 2003 11:57 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] DNS Inconsistency > > > I had the very same problem. It was affecting my scripts > because I wasn't connecting to the machines I thought I was. > > * You need to enable DNS scavenging. Don't set anything > below 48 hours. > * If you are using DHCP, add your DHCP servers to the > DnsUpdateProxy group. > > -Todd > > -----Original Message----- > From: Oluwaseyi Owoeye [mailto:[EMAIL PROTECTED]] > Sent: Monday, February 17, 2003 05:32 > To: [EMAIL PROTECTED] > Subject: [ActiveDir] DNS Inconsistency > > > Hi Guys, > > I am having a major problem in my organization over here. I > have set up active directory for about 800 users and about > 500 workstations. But for some reasons or the other my DNS > seems to be misbehaving. > When I ping a host I get a reply from a particular IP > address, but when I do a ping -a of the same IP address I get > an entirely different host. For some reason or the other the > record I have in my forward lookup zones and my reverse > lookup zones are not synchronized. > Is there any way I can resolve this inconsistency because it > gets worse and worse everyday. Is there any tool I can use to > correct this. > > Thanks > Seyi > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
