DNS - A and PTR records

[Arsi]

Hi.


I have created 4 dc's A and PTR records manually. Now it seems that
those records are being edited by some service or something else that
keeps changing them to dynamic so the 'Delete this record when it
becomes stale' option is on. Is this normal?

If we have scavenging enabled does it really delete those 4 domain
controllers A and PTR records?

I have tried to disable the 'Register this connection's addresses in
DNS' option under the NIC but it still keeps changing the A record to
dynamic.

 

[Herb Martin]

Hi.
I have created 4 dc's A and PTR records manually. Now it seems that those
records are being edited by some service or something else that keeps
changing them to dynamic so the 'Delete this record when it becomes stale'
option is on. Is this normal?

You shouldn't do that. DCs maintain their own records,
especially in the forward zone.

If we have scavenging enabled does it really delete those 4 domain
controllers A and PTR records?

It shouldn't if they are manual -- but then you shouldn't be creating
manual records for DCs.....

I have tried to disable the 'Register this connection's addresses in DNS'
option under the NIC but it still keeps changing the A record to dynamic.

That isn't the critical place for a *DC* -- DCs do this to make
AD replication AND authentication work.

Let the DCs do their job.

 

[Paul Bergson]

Everytime a dc reboots (I believ it is the netlogon service starts) it
should be reregistering its dns records. Leave your dc dns records alone
and yes it should be dynamic. Not only are the A and PTR records created
there are multiple service records created for GC's, LDAP, etc... See the
link below for further details.

http://www.petri.co.il/active_directory_srv_records.htm

 

[Herb Martin]

Everytime a dc reboots (I believ it is the netlogon service starts) it
should be reregistering its dns records.

Right. One trick to get a DC to (re-)register is to stop and start
the NetLogon service -- of course, as you say, this also happens
on each reboot as well.

Leave your dc dns records alone and yes it should be dynamic. Not only
are the A and PTR records created there are multiple service records
created for GC's, LDAP, etc... See the link below for further details.

http://www.petri.co.il/active_directory_srv_records.htm

Here! Hear! (I agree)

 

[Arsi]

Ok, this is good to hear. I just had a little bit of a panic because
somehow one DC stopped replication. And I found out that other 3 DC's
had lost the DNS site for that DC / site (DNS\SERVER\Forward Lookup
Zones\_msdcs.domain.com\dc\_sites). I fixed it with netdiag /fix and I
had to raise the Domain first DC's DNS SOA serial number to get it
working. Somehow the DC that lost the replication had bigger serial
number and increasing the other DC's serial helped me after I did the
netdiag /fix. Hope you understood what I meant.

I thought that the dynamic updates was to blaim but you proved that I
was wrong. So I prolly remembered wrong of making those DC's records
manually.

Now what I have is that that one DC which is also DNS server doesn't
make it's records dynamic. And everytime I make a PTR record for it it
disappears. Have to do some googling and see what's wrong with it. It is
the one which I had to netdiag /fix

Thank you for your help Herb and Paul.


-Arsi

 

[Herb Martin]

Ok, this is good to hear. I just had a little bit of a panic because
somehow one DC stopped replication. And I found out that other 3 DC's had
lost the DNS site for that DC / site (DNS\SERVER\Forward Lookup
Zones\_msdcs.domain.com\dc\_sites). I fixed it with netdiag /fix and I had
to raise the Domain first DC's DNS SOA serial number to get it working.
Somehow the DC that lost the replication had bigger serial number and
increasing the other DC's serial helped me after I did the netdiag /fix.
Hope you understood what I meant.

First: You are on the right track when you use NetDiag and DCDiag
to both diagnose such problems and to /fix them (sometimes).

DCDiag should be run regularly on EVERY DC.

Serial numbers are ONLY an issue if you use SECONDARIES and
not AD Integrated DNS (DCs).

Generally, the serial number only gets messed up if you manually
do that -- if you use the GUI tools it is automanaged.

I thought that the dynamic updates was to blaim but you proved that I was
wrong. So I prolly remembered wrong of making those DC's records manually.

Ok, but if they are dynamic then they will get updated AND possible
scavenged if abandoned.

Make sure that every DC can "get to" the MASTER DNS Server(s).
(so they can each register.)

Now what I have is that that one DC which is also DNS server doesn't make
it's records dynamic.

A DC can be a Secondary (it is not required to be a AD-integrated) but
generally once you get everything working (i.e., fully replicated) you
can/should make each DNS-DC AD Integrated.

And everytime I make a PTR record for it it disappears. Have to do some
googling and see what's wrong with it. It is the one which I had to
netdiag /fix

Chances are it is not replicating correctly.

Check explicitly for the TYPE of DNS (Primary/AD/Secondary) and the
zone dynamic replication setting....

Thank you for your help Herb and Paul.

We try to help...

 

[Arsi]

First: You are on the right track when you use NetDiag and DCDiag
to both diagnose such problems and to /fix them (sometimes).

DCDiag should be run regularly on EVERY DC.

Serial numbers are ONLY an issue if you use SECONDARIES and
not AD Integrated DNS (DCs).

Generally, the serial number only gets messed up if you manually
do that -- if you use the GUI tools it is automanaged.

I used the GUI tool and the 'Increment' button because the function was
already there so I figured that it'll work.

Ok, but if they are dynamic then they will get updated AND possible
scavenged if abandoned.

Ok.

Make sure that every DC can "get to" the MASTER DNS Server(s).
(so they can each register.)




A DC can be a Secondary (it is not required to be a AD-integrated) but
generally once you get everything working (i.e., fully replicated) you
can/should make each DNS-DC AD Integrated.




Chances are it is not replicating correctly.

Check explicitly for the TYPE of DNS (Primary/AD/Secondary) and the
zone dynamic replication setting....

ipconfig /registerdns on the 'broken' DNS server did the trick. The
replication worked before this (after netdiag /fix) the but now the PTR
record stays and the A and PTR records are dynamic.

 

[Herb Martin]

Generally, the serial number only gets messed up if you manually

I used the GUI tool and the 'Increment' button because the function was
already there so I figured that it'll work.

Well, generally you shouldn't mess with the serial number
on a Secondary even that way.

ipconfig /registerdns on the 'broken' DNS server did the trick. The
replication worked before this (after netdiag /fix) the but now the PTR
record stays and the A and PTR records are dynamic.

Ok, but remember that "ipconfig /registerDNS" is INSUFFICIENT
for Domain Controllers. It only registers the "client" type records,
i.e., A and PTR.