Re: Multiple hosts listed with duplicate IP addresses

Tech-Archive recommends: Speed Up your PC by fixing your registry

Read inline please.

In news:687C11B9-ABDA-48EC-916C-685156F9AB6F@xxxxxxxxxxxxx,
TSAM <TSAM@xxxxxxxxxxxxxxxxxxxxxxxxx> typed:
Thanks Kevin,

Our cultprits are workstations and laptops. Currently we don't use
scavenging on DNS servers. Our DHCP servers are set to Always
dynamically update DNS A and PTR records and Discard A and PTR
records when the lease is deleted. Couple of queries:

Though one would expect these DHCP setting will delete the A records
from
DNS once DHCP lease is deleted, in my case these records stay in DNS
thus creating multiple hosts with same IP address.

DHCP will only delete records that it has registered, if a client registers
the record, DHCP cannot delete it.
That's why you should clear the "Register this connection's addresses in
DNS" on the DHCP clients. What I have done for some clients, is to create a
new OU in ADUC for the DHCP clients, then created a new linked GPO that has
this setting set to disabled. Do not apply this setting to Statically
addressed clients that must be registered in DNS!
By doing this, a client cannot register itself, but a DHCP server with the
"Dynamically update DNS A and PTR records for DHCP clients that do not
request updates (for example, clients running Windows NT4.0)" can register.
This gives DHCP full control over DNS registrations for DHCP clients



Will it be good idea to set conflict detection attempts in DHCP >
Advanced settings to a number hoigher than 0, say 2?
Yes, this is the number of times the DHCP server uses to detect IP
conflicts, it has nothing to do with DNS.


Currently machines and laptops are released to users with "Register
this connections addresses in DNS" in LAN Properties> Advanced TCP/IP
Settings > DNS.

It would be better to disable this setting, especially on laptops, and
configure DHCP to register for clients that do not request updates.

As our DHCP settings is set to "Always dynamically
update DNS A and PTR records", does this settings on workstations/
laptops have any value? If we turn it off on workstation /laptop what
can be the implication.

Here is an excerpt from a post I recently made:
In addition to using the DNSUpdateProxy group, you should create a new
dedicated user account with a non-expiring password and configure those
credentials on the Advanced tab of the DHCP server properties ***. This
account needs no special or elevated privileges, a normal user is fine.

How to configure DNS dynamic updates in Windows Server 2003:
http://support.microsoft.com/default.aspx?scid=kb;en-us;816592

If you have DHCP properly configured, it will update DNS for all clients,
and allow the DHCP server to remove records for expired or deleted leases.
This is the only way to go for laptops because those users, rarely, if ever,
release their IP lease before disconnecting from the network. Then you end
up with a bunch of records left in DNS. PTRs are the worse, because of
ownership issues, one client cannot update or remove a PTR created by
another client. If you let DHCP register all the records, since it created
the records, it can remove them.

On all networks I manage, I have cleared the "Register this connection's
addresses in DNS" check box on all DHCP addressed clients, and configured
DHCP to register for the clients.

Here are the recommended DHCP options I use.
In addition to Options, 003 (router), 006 (DNS Server), 044 (WINS Servers)
046 (Node type 0x8) 015 (DNS Domain Name)

I have these:
1. Microsoft Windows 2000 option 001 (0x0)
2. Microsoft Windows 2000 option 002 (0x1)
On the DNS tab of the DHCP server properties ***:
3. Enable DNS updates according to the settings below:
4. Always dynamically update DNS A and PTR records
5. Discard A and PTR records when lease is deleted.
6. Dynamically update DNS A and PTR records for DHCP clients that do not
request updates (for example, clients running Windows NT4.0)
This final setting is what allows clients that have DNS registrations
disabled in TCP/IP on the DNS tab, to be registered in DNS.

These settings even allow my son's Xbox and my DirecTV HR20 DVR which runs
Linux to be registered in DNS. (For whatever use it is, it just proves that
DHCP can register for Linux servers)




--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps

===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================


.

Quantcast