Re: Scavenging DNS records

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Nancy Kafer (nkafer_at_homesteaderslife.com)
Date: 12/13/04

  • Next message: Herb Martin: "Re: Scavenging DNS records" 
    Date: Mon, 13 Dec 2004 14:31:43 -0600

    I guess I'm confused about where you're looking. Can you provide me with
    some more information about what screens you're looking at and where?

    Thanks.

    Nancy

    "Herb Martin" <news@LearnQuick.com> wrote in message
    news:O8gNSmT3EHA.524@TK2MSFTNGP09.phx.gbl...
    > "Nancy Kafer" <nkafer@homesteaderslife.com> wrote in message
    > news:eqgVYAT3EHA.3452@TK2MSFTNGP14.phx.gbl...
    > > You're talking about the "Dial-in" tab on the user properties in the
    > "Active
    > > Directory Users and Computers"? I look at this and see where you can
    > assign
    > > a static IP address. We've tried that but it doesn't assign the IP
    address
    > > correctly. Could there be something we're doing wrong?
    >
    > Could be -- it works (in general) if you allow the
    > client to assign it's own IP on the SERVER SIDE
    > and if you assign an appropriate IP.
    >
    > I was really (first) focusing on the DNS settings and
    > REGISTER this address etc, rather than static address
    > on the client side.
    >
    >
    > --
    > Herb Martin
    >
    >
    > >
    > > Thanks.
    > >
    > > Nancy
    > >
    > >
    > > "Herb Martin" <news@LearnQuick.com> wrote in message
    > > news:%23j3447J3EHA.2592@TK2MSFTNGP09.phx.gbl...
    > > > "Nancy Kafer" <nkafer@homesteaderslife.com> wrote in message
    > > > news:OFOWumI3EHA.1144@TK2MSFTNGP09.phx.gbl...
    > > > > Thanks for the advice. Here's my dilemma. I am trying to remote
    > control
    > > > > these remote laptops however, I am running into an issue where more
    > than
    > > > one
    > > > > machine is registered in DNS with the same IP. This happens because
    > > these
    > > > > addresses are being used for VPN connections. When I try to control
    > the
    > > > > laptop from SMS it uses the IP address and is trying to control the
    > > wrong
    > > > > machine.
    > > > >
    > > > > Is there a better way to keep DNS cleaned up so this doesn't happen?
    > > I've
    > > > > thought about just assigning static IP addresses to these users via
    a
    > > > > DHCP/MAC address match. However the issue I run into here is that I
    > need
    > > > to
    > > > > be able to assign the address to the network adapter on the VPN
    > client.
    > > >
    > > > In Native+ mode you can assign the IP to the USER
    > > > (in the user property ***) for RRAS connections.
    > > >
    > > > There is actually a CLIENT IP property *** on the
    > > > RRAS (Dial/VPN) on both the client and server side
    > > > and you MIGHT be able to set it on the clients so they
    > > > register their addresses (just like you can set it on
    > > > ever real NIC.)
    > > >
    > > > You have to look in the connection Advanced properties
    > > > (or whatever it's called -- I think of it as "behind" the
    > > > main property *** for Dial/VPN connections.)
    > > >
    > > > Once you display that, it looks JUST LIKE a NIC property
    > > > *** and you can override all sorts of things -- be careful,
    > > > most of the time you want the RRAS server to set this stuff
    > > > like DHCP would.
    > > >
    > > >
    > > >
    > > > --
    > > > Herb Martin
    > > >
    > > >
    > > > >
    > > > > Thanks.
    > > > >
    > > > > Nancy
    > > > >
    > > > > "Herb Martin" <news@LearnQuick.com> wrote in message
    > > > > news:%23u%23axfH3EHA.1152@TK2MSFTNGP14.phx.gbl...
    > > > > > "Nancy Kafer" <nkafer@homesteaderslife.com> wrote in message
    > > > > > news:#kGQlIH3EHA.1452@TK2MSFTNGP11.phx.gbl...
    > > > > > > I have configured my DNS server according to the HOWTO: article
    on
    > > > > > > Microsoft's website. I have set the refresh interval and
    > no-refresh
    > > > > > interval
    > > > > > > to 1 hour.
    > > > > >
    > > > > > Don't do this unless you are absolutely sure that 1) you
    > > > > > REQUIRE this and 2) you have TESTED it.
    > > > > >
    > > > > > Especially if you have WANS.
    > > > > >
    > > > > > Scavenging should seldom be set faster than the default
    > > > > > of 2-3 weeks.
    > > > > >
    > > > > > > I also set the automatic scavenging property on the DNS server
    > > > > > > itself to 1 hour. When I look at my DNS records I see records
    that
    > I
    > > > > think
    > > > > > > should have been scavenged because the time to scavenge property
    > is
    > > > > > earlier
    > > > > > > than the current time + the no-refresh interval + the refresh
    > > > interval.
    > > > > > >
    > > > > > > Why are these records not being scavenged? Here's my dilemma. I
    > have
    > > > > > remote
    > > > > > > users that VPN into our network. Right now if I look at the DNS
    > > > records
    > > > > > for
    > > > > > > the IP addresses that are associated with my VPN users I see
    > > multiple
    > > > > > > records for a particular IP address. I need these records to
    > > disappear
    > > > > as
    > > > > > > soon as possible after the user disconnects their VPN
    connection.
    > > How
    > > > > can
    > > > > > I
    > > > > > > achieve this?
    > > > > >
    > > > > > If you lose connection between AD integrated DNS DCs
    > > > > > for more than the scavenging period they will scavenge
    > > > > > each other's records and lose connectivity -- requiring you
    > > > > > to re-initialize you DNS and then your AD replication from
    > > > > > (near) scratch.
    > > > > >
    > > > > >
    > > > >
    > > > >
    > > >
    > > >
    > >
    > >
    >
    >

  • Next message: Herb Martin: "Re: Scavenging DNS records"
    • Quantcast