Here is an update to my DNS issue. I was focusing on one of our two domains since that is the only place there were issues. Now I have heard it is happening in the other domain. I have narrowed down the problem. Here is what I am seeing.
We have three servers: SVR1 - DNS SVR2 - DHCP SVR3 - DNS and DHCP A client requests and DHCP-assigned IP from SVR3: Everything works as expected. If a client requests from SVR2, it received and IP address and it shows in DHCP. However, neither DNS server gets updated. I can see the DHCP entry has an icon with a pen on it meaning it is waiting to write to DNS. Those are the facts. Here is my speculation. Each time I reboot SVR2, everything will work for a certain time (haven't had time to figure out how long that is just yet). At some point, that DHCP server stops updating DNS. Then DNS goes through its scavenging and cleans out those records since it thinks they are stale. Aside from scheduling a server reboot within the scavenging period, does anyone have any suggestions? I have reset the credentials so that is not a problem. I do have reverse DNS set up. Any other suggestions? Thanks! Craig From: Brian Desmond [mailto:[email protected]] Sent: Friday, January 30, 2009 11:49 PM To: NT System Admin Issues Subject: RE: Weird DNS issue You might set some auditing on the DNS containers in AD such that events get logged when the entries get deleted and see where it's coming from. I'd venture to guess that your records aren't being refreshed for one reason or another and are thus being scavenged. Don't forget there are two scavenging settings: è The interval the actual thread runs (this is on the properties of the DNS server in the UI) è The timeout for the zone (this is on the properties of the zone, Advanced tab or something similar in the UI) Thanks, Brian Desmond [email protected] c - 312.731.3132 From: Sauvigne, Craig M [mailto:[email protected]] Sent: Friday, January 30, 2009 10:04 AM To: NT System Admin Issues Subject: RE: Weird DNS issue I sent this earlier but had a technical issue so it may not have gone out. Here it is again. Let's see if I can answer everyone's questions. I should have given all this info in my original post but was rushed while trying to send it. The DNS entry does actually disappear from the zone on the DNS servers (we have two and the entries are gone from both). Each building (which means each lab) is in a different subnet. We are a Windows shop so our DNS, DHCP, AD (obviously) are all Windows boxes. We have a few Win2000 but most are Win2003 (no 2008 just yet). Scavenging is set to 7 days. When running an nslookup by hostname or FQDN, it returns a message saying "non-existent domain". Sometimes, other machines in that lab may respond. I have checked the configs for our different zones and they look the same. This issue only affects the one zone that is used for our computer labs. And we are a single site. I think that was just about all the questions. Let me know if there is more I can provide to help get this resolved. Thanks everyone! Craig ________________________________ From: Stephan Barr on behalf of lists Sent: Thu 29-Jan-09 5:10 PM To: NT System Admin Issues Subject: RE: Weird DNS issue Tell us more please. One subnet or more? Windows version. All in one site or more? What does your DNS config look like? Cheers. ________________________________ From: Sauvigne, Craig M [mailto:[email protected]] Sent: Thursday, January 29, 2009 4:00 PM To: NT System Admin Issues Subject: Weird DNS issue Okay. I have something odd going on that I can't seem to nail down. I work for a University and we have a home-grown system that monitors all the lab computers around campus to see if someone is logged on (headcount tracking). Every few weeks, that system will suddenly show labs as empty that are not. In troubleshooting, we have found that those empty seats result from those machines having lost their record in DNS. The machines can't be pinged by hostname since there is no DNS entry anymore. The machines are still online (ping by IP works, remote management by IP works, computer is still usable). It just drops out of DNS. Today this happened in the middle of the day. The machines worked fine until around 1pm or 2pm. I don't show anything in logs on the DNS servers that look relevant. Does anyone have any ideas on what I can look for? It is an odd one because it is random when it happens and random as to which machines are affected. It usually happens to a full lab of computers but other machines in that building are unaffected. Any help will be greatly appreciated! Thanks. ==================== Craig M. Sauvigne System Administrator Winthrop University Rock Hill, SC 29733 [email protected] SC143 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
