Re: Scavenging DNS records

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Herb Martin (news_at_LearnQuick.com)
Date: 12/15/04 

Date: Wed, 15 Dec 2004 17:35:23 -0600

"Nancy Kafer" <nkafer@homesteaderslife.com> wrote in message
news:eyKrEYu4EHA.3504@TK2MSFTNGP12.phx.gbl...
> I'm not seeing the RRAS/VPN connections you're talking about. All I see is
> Local Area Connections (one of which is the Cisco VPN connection). So it's
> possible that given our configuration this won't work. You mentioned DNS.

Server:
It's on the Interface at the top of the RRAS MMC, if you
fiddle with all of the buttons or tabs you will find a place
where it looks just like a NIC with IP properties and then
everything else.

Client:
Similar but in the Network and Dial Up properties for the
VPN, right click properties and look for the right tab or
button.

They aren't hard to find when you're looking but they are
sort of designed not to be found by accident.

> What you're saying there is to register each machine name in DNS with it's
> own static IP address and then don't let scavenging get rid of it?

That would work. Either by machine or user. RRAS
has the ability to assign an IP, let the machine assign
it's own (usually a bad idea but if you really need it),
or in AD (native mode+) you can assign the IP to a
USER. 

-- 
Herb Martin
>
> Nancy
>
>
> "Herb Martin" <news@LearnQuick.com> wrote in message
> news:eOG0u2V4EHA.3708@TK2MSFTNGP14.phx.gbl...
> >
> > "Nancy Kafer" <nkafer@homesteaderslife.com> wrote in message
> > news:#j6uELV4EHA.2804@TK2MSFTNGP15.phx.gbl...
> > > I guess I'm confused about where you're looking. Can you provide me
with
> > > some more information about what screens you're looking at and where?
> > >
> >
> > In Network and Dial Up connections there is an
> > advanced button or some such to reach the IP settings.
> >
> > It will look JUST like a Regular NIC IP settings.
> >
> > There is a similar dialog in the RRAS/VPN server on
> > each INTERFACE.
> >
> > -- 
> > Herb Martin
> >
> >
> > > Thanks.
> > >
> > > Nancy
> > >
> > >
> > > "Herb Martin" <news@LearnQuick.com> wrote in message
> > > news:O8gNSmT3EHA.524@TK2MSFTNGP09.phx.gbl...
> > > > "Nancy Kafer" <nkafer@homesteaderslife.com> wrote in message
> > > > news:eqgVYAT3EHA.3452@TK2MSFTNGP14.phx.gbl...
> > > > > You're talking about the "Dial-in" tab on the user properties in
the
> > > > "Active
> > > > > Directory  Users and Computers"? I look at this and see where you
> can
> > > > assign
> > > > > a static IP address. We've tried that but it doesn't assign the IP
> > > address
> > > > > correctly. Could there be something we're doing wrong?
> > > >
> > > > Could be -- it works (in general) if you allow the
> > > > client to assign it's own IP on the SERVER SIDE
> > > > and if you assign an appropriate IP.
> > > >
> > > > I was really (first) focusing on the DNS settings and
> > > > REGISTER this address etc, rather than static address
> > > > on the client side.
> > > >
> > > >
> > > > -- 
> > > > Herb Martin
> > > >
> > > >
> > > > >
> > > > > Thanks.
> > > > >
> > > > > Nancy
> > > > >
> > > > >
> > > > > "Herb Martin" <news@LearnQuick.com> wrote in message
> > > > > news:%23j3447J3EHA.2592@TK2MSFTNGP09.phx.gbl...
> > > > > > "Nancy Kafer" <nkafer@homesteaderslife.com> wrote in message
> > > > > > news:OFOWumI3EHA.1144@TK2MSFTNGP09.phx.gbl...
> > > > > > > Thanks for the advice. Here's my dilemma. I am trying to
remote
> > > > control
> > > > > > > these remote laptops however, I am running into an issue where
> > more
> > > > than
> > > > > > one
> > > > > > > machine is registered in DNS with the same IP. This happens
> > because
> > > > > these
> > > > > > > addresses are being used for VPN connections. When I try to
> > control
> > > > the
> > > > > > > laptop from SMS it uses the IP address and is trying to
control
> > the
> > > > > wrong
> > > > > > > machine.
> > > > > > >
> > > > > > > Is there a better way to keep DNS cleaned up so this doesn't
> > happen?
> > > > > I've
> > > > > > > thought about just assigning static IP addresses to these
users
> > via
> > > a
> > > > > > > DHCP/MAC address match. However the issue I run into here is
> that
> > I
> > > > need
> > > > > > to
> > > > > > > be able to assign the address to the network adapter on the
VPN
> > > > client.
> > > > > >
> > > > > > In Native+ mode you can assign the IP to the USER
> > > > > > (in the user property ***) for RRAS connections.
> > > > > >
> > > > > > There is actually a CLIENT IP property *** on the
> > > > > > RRAS (Dial/VPN) on both the client and server side
> > > > > > and you MIGHT be able to set it on the clients so they
> > > > > > register their addresses (just like you can set it on
> > > > > > ever real NIC.)
> > > > > >
> > > > > > You have to look in the connection Advanced properties
> > > > > > (or whatever it's called -- I think of it as "behind" the
> > > > > > main property *** for Dial/VPN connections.)
> > > > > >
> > > > > > Once you display that, it looks JUST LIKE a NIC property
> > > > > > *** and you can override all sorts of things -- be careful,
> > > > > > most of the time you want the RRAS server to set this stuff
> > > > > > like DHCP would.
> > > > > >
> > > > > >
> > > > > >
> > > > > > -- 
> > > > > > Herb Martin
> > > > > >
> > > > > >
> > > > > > >
> > > > > > > Thanks.
> > > > > > >
> > > > > > > Nancy
> > > > > > >
> > > > > > > "Herb Martin" <news@LearnQuick.com> wrote in message
> > > > > > > news:%23u%23axfH3EHA.1152@TK2MSFTNGP14.phx.gbl...
> > > > > > > > "Nancy Kafer" <nkafer@homesteaderslife.com> wrote in message
> > > > > > > > news:#kGQlIH3EHA.1452@TK2MSFTNGP11.phx.gbl...
> > > > > > > > > I have configured my DNS server according to the HOWTO:
> > article
> > > on
> > > > > > > > > Microsoft's website. I have set the refresh interval and
> > > > no-refresh
> > > > > > > > interval
> > > > > > > > > to 1 hour.
> > > > > > > >
> > > > > > > > Don't do this unless you are absolutely sure that 1) you
> > > > > > > > REQUIRE this and 2) you have TESTED it.
> > > > > > > >
> > > > > > > > Especially if you have WANS.
> > > > > > > >
> > > > > > > > Scavenging should seldom be set faster than the default
> > > > > > > > of 2-3 weeks.
> > > > > > > >
> > > > > > > > >  I also set the automatic scavenging property on the DNS
> > server
> > > > > > > > > itself to 1 hour. When I look at my DNS records I see
> records
> > > that
> > > > I
> > > > > > > think
> > > > > > > > > should have been scavenged because the time to scavenge
> > property
> > > > is
> > > > > > > > earlier
> > > > > > > > > than the current time + the no-refresh interval + the
> refresh
> > > > > > interval.
> > > > > > > > >
> > > > > > > > > Why are these records not being scavenged? Here's my
> dilemma.
> > I
> > > > have
> > > > > > > > remote
> > > > > > > > > users that VPN into our network. Right now if I look at
the
> > DNS
> > > > > > records
> > > > > > > > for
> > > > > > > > > the IP addresses that are associated with my VPN users I
see
> > > > > multiple
> > > > > > > > > records for a particular IP address. I need these records
to
> > > > > disappear
> > > > > > > as
> > > > > > > > > soon as possible after the user disconnects their VPN
> > > connection.
> > > > > How
> > > > > > > can
> > > > > > > > I
> > > > > > > > > achieve this?
> > > > > > > >
> > > > > > > > If you lose connection between AD integrated DNS DCs
> > > > > > > > for more than the scavenging period they will scavenge
> > > > > > > > each other's records and lose connectivity -- requiring you
> > > > > > > > to re-initialize you DNS and then your AD replication from
> > > > > > > > (near) scratch.
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
Quantcast