DNS record does not show remote access client IP
RayRogers
access client connect to the network via VPN, I can see an IP from our DHCP
pool was assigned to that client. But I cannot see this client IP from DNS
record. Any idea why and how to fix it? Thanks in advance!
![Ace Fekay [Microsoft Certified Trainer]'s profile photo](http://lh3.googleusercontent.com/a-/ALV-UjXqqVhI7EaT7_gXkhFKCFQ8nhaZIbo-OzClrbzK6ofJwb4uPA=s40-c)
Ace Fekay [Microsoft Certified Trainer]
Ray <R...@discussions.microsoft.com>, posted the following:
> Any idea or suggestion?
> Thanks!
How do you have RRAS configured? To use DHCP from the inside interface, or
from an IP pool you created in RRAS?
If from DHCP, and it is not registering, check DHCP properties. Set it to
register everything, including clients that cannot register. If that works,
post back; I'll have additional instructions to configure DHCP to own the
record, as well as scavenging settings so the records do not linger.
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer
ace...@mvps.RemoveThisPart.org
For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Ace Fekay [Microsoft Certified Trainer]
Ray <R...@discussions.microsoft.com>, posted the following:
> Any idea or suggestion?
> Thanks!
>
> "RayRogers" wrote:
>
One more thing, can you post an ipconfig /all of the RRAS server, please?
Also, is the RRAS server a DC?
How do you have DNS configured? Is it set to listen to internal and external
interfaces, or just the internal interface? (Recommend just the internal
interface).
Ace
RayRogers
server (on same server as DNS, a DC) actually lists many DHCP's IPs from RRAS
server, BUT they are all with the SAME host name - the RRAS server name. So
I cannot tell the client actual IP.
Windows IP Configuration
Host Name . . . . . . . . . . . . : RASSVR01
Primary Dns Suffix . . . . . . . : ourdomain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : ourdomain.com
PPP adapter RAS Server (Dial In) Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.10.80
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Networ
Physical Address. . . . . . . . . : 00-12-3F-ED-11-A9
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.10.31
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.10.1
DNS Servers . . . . . . . . . . . : 192.168.10.4
192.168.20.3
192.168.30.3
Primary WINS Server . . . . . . . : 192.168.20.3
Secondary WINS Server . . . . . . : 192.168.10.3
DNS is set to listen to internal interface. When you said DHCP "Set it to
register everything, including clients that cannot register. " , how do I
check that if I had registered everything? Thanks!
Ace Fekay [Microsoft Certified Trainer]
RayRogers <RayR...@news.postalias>, posted the following:
Thanks for posting the info. Setting DHCP to register everything is a DHCP
properties setting. How do you check? Look in Active Leases. But if you are
saying that DNS shows RRAS as the hostname, then what appears to be
happening is when RRAS is set to use DHCP, it grabs a block of 10 IPs from
DHCP, then gives them out as needed, and is using it's own name.
Check the VPN connection settings on the client. See if under TCP/IP
properties, Advanced, it is set to register into DNS.
I assume the Primary DNS Suffix of the clients matches the DNS zone name,
"ourdomain.com."
Ace
Ray
on DHCP active address - just RRAS server name, no client host name. Yes.
Under the same tab, Append primary and connection specific DNS suffixes" is
checked. Append parents suffixes of primary DNS suffix is also checked .
Is DHCP supposed to shoe actually client host name connected to the RRAS
server? so as DNS?
Thanks!
"Ace Fekay [Microsoft Certified Trainer]" wrote:
Ace Fekay [Microsoft Certified Trainer]
> DHCP, then gives them out as needed, and is using it's own name.
> I checked "register the connection's address in DNS" and retry, same
> result on DHCP active address - just RRAS server name, no client host
> name. Yes. Primary DNS Suffix of the clients matches the DNS zone name
>
> Under the same tab, Append primary and connection specific DNS
> suffixes" is checked. Append parents suffixes of primary DNS suffix
> is also checked .
>
> Is DHCP supposed to shoe actually client host name connected to the
> RRAS server? so as DNS?
>
>
> Thanks!
Yes, DNS should show the client registration, not the RRAS server.
Once you set DHCP to force register everything, you should also set it so
DHCP owns the record it registers into DNS. But before you set this up, I
would like you to set a manual IP pool in RRAS, please, instead of getting
it from DHCP. Then look again.
==============================================
DHCP, Dynamice DNS Updates , Scavenging and the DnsProxyUpdate Group:
--------------------------------------------
The entity that registers it owns the record. The nice thing about DHCP
owning the record is it will update it if DHCP gives the machine a new IP.
Otherwise you'll see multiples of the same in DNS whether scavenging is
enabled or not. I would force DHCP to own the record as well as enable
scavenging to keep it clean. To force DHCP to own the record, you will need
to do the following:
1. Add the DHCP server to the DnsUpdateProxy Group.
2. Force DHCP to register all records, Forward and PTR, (whether a client
machine can do it or not) in the Option 081 tab (DHCP properties, DNS tab).
3. Set Option 015 to the AD domain name (such as example.com).
4. Set Option 006 to only the internal DNS servers.
5. If the zone is set for Secure Updates Only, then DHCP cannot update
non-Microsoft clients and Microsoft clients that are not joined to the
domain. In this case, you will need to create and configure a user account
for use as credentials for DHCP to register such clients.
If your DHCP servers are Windows 2003 or WIndows 2008, Configure a
dedicated the user account you created as credentials in DHCP by going into
DHCP COnsole, DHCP server properties, and on the Advanced tab of the DHCP
Server
Properties sheet click the Credentials button, and provide this account
info.
The user account does not need any elevated rights, a normal user account
is fine, however I recommend using a Strong non-expiring password on the
account.
Once you implement scavenging, you will need to wait at least a week for it
to
take effect. You can quicken it up by manually deleting the incorrect
records to
get started.
But more importantly, if DHCP is on a DC, it will not overwrite the
original host record for a machine getting a new lease with an IP
formerly belonging to another. To overcome this, add the DHCP server
(the DC) to the DnsProxyUpdate group. This will force DHCP to own
all records it will create moving forward and will update an IP with
a new name in DNS.
If you set this, but when a record shows up in the DHCP Lease list with a
pen
(which means that a write is pending), it m ay mean it is trying to register
into a zone that does not exist on the DNS servers. This happens in cases
where
the client machine is not joined to the domain and has a missing or
different
suffix than the zone in DNS. It can only register into a zone that exists on
DNS and that zone updates have been configured to allow updates.
If this is the case, go into the client machine's IP properties, and
on the DNS tab in TCP/IP properties, clear the "Register this connection's
addresses in DNS" as well as the "Use this connection's DNS suffix in DNS
registration"
check boxes, the DHCP Server will fill these in for you and register using
the domain name in Option 015.
The following links provide additional information on how it all works.
How to configure DNS dynamic updates in Windows Server 2003.
http://support.microsoft.com/kb/816592
Using DNS Aging and ScavengingAging and scavenging of stale resource records
are features of Domain Name System (DNS) that are available when you deploy
your server with primary zones.
http://technet.microsoft.com/en-us/library/cc757041.aspx
Microsoft Enterprise Networking Team : Don't be afraid of DNS ...Mar 19,
2008 ... DNS Scavenging is a great answer to a problem that has been nagging
everyone since RFC 2136 came out way back in 1997.
http://blogs.technet.com/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx
DHCP, DNS and the DNSUpdateProxy-Group - Directory Services/Active ...I had
a discussion in the Newsgroups lately about DHCP and the
DNSUpdateProxy-Group which is used to write unsecured DNS-Entries to a
DNS-Zone which only ...
http://msmvps.com/ulfbsimonweidner/archive/2004/11/15/19325.aspx
And from Kevin Goodnecht:
Setting up DHCP for DNS registrations
http://support.wftx.us/setting_up_dhcp_for_dns_registra.htm
317590 - HOW TO Configure DNS Dynamic Update in Windows 2000 and
DNSUpdateProxy Group:
http://support.microsoft.com/?id=317590
816592 - How to configure DNS dynamic updates in Windows Server 2003:
http://support.microsoft.com/kb/816592/
Follow up discussion on the DNSUpdateProxy-Group:
http://msmvps.com/ulfbsimonweidner/archive/2005/03/26/39841.aspx
==================================
Ace