none
moving between vlans; how fast dns should change RRS feed

  • Question

  • Windows Server 2008 R2

    we have many VLANs and mobile users. they frequently move between offices and i find that in the DNS, their computer names are not updated as soon as they connect to a new VLAN. if they cannot wait, i have to manually delete the old DNS info and either reboot or reregister the laptop.

    is what i'm observing in my DNS normal or should the changes happen in the blink of an eye?

    regards,

    Reno

    Sunday, July 30, 2017 7:47 AM

All replies

  • Hi

    To make sure enable DHCP dynamic update.

    Based on my understanding, there are 2 factors involved in how quickly a DNS change propagates:

    1. Zone transfers between the DNS servers that are authorative for a zone.
    2. The TTL set for single records in that zone.

    Zone Transfers

    Given that you need two distinct name servers to manage a zone, you'd want these servers to quickly have the latest version of that zone available to them.

    This is either achieved by pulling the latest version of the zone at a fixed interval, or waiting for a NOTIFY from an authorized name server.

    Given that this mechanism is under complete control of whoever runs the name servers, any delays in this area can be fully controlled.

    TTL

    The TTL is a timeout specified for every single resource record in a zone. This value defines how long the record should be cached by non-authorative DNS providers.

    Please keep in mind that this value only comes into play if an existing record is changed. New records can't be cached yet.

    If you are planning to make DNS changes soon, you will want to start by setting a low TTL. This helps ensure your changes will propagate, be recognized on the Internet, more quickly.

    Set DNS TTL minimum value to a number larger than 0. Never set your DNS TTL to 0. The number 0 is not defined in the standard, and it may cause your DNS information to be ignored or rejected.

    In additionyou could check your DHCP server if it was in group DNSUPDATEPROXY.

    More information about DNSUPDATEPROXY,  please refer to the following article

    https://technet.microsoft.com/en-us/library/dd334715(v=ws.10).aspx

    Best Regards,

    Frank


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, July 31, 2017 6:39 AM
  • Hi,
    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Frank

    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, August 2, 2017 8:15 AM
  • Presume your using DHCP and active-directory integrated DNS? Have you configured your DHCP server to 'Discard A and PTR records when a lease is deleted' (DNS tab on DHCP server properties) and 'Dynamically update only if requested by Clients'.

    Depending on those settings the client should release the DHCP IP lease and if configured the DHCP server will delete the DNS record that was registered on its behalf or the client. If its the DHCP server that registered the record then it owns that static record - so a laptop moving to another site and getting another IP address won't be able to update the DNS record. You can easily check that by looking at the security of the DNS record for the client, is the machine account there with full control or the DHCP server? If its the client then you should have no problem in registering your DNS record, assuming its getting its new DNS servers correctly. You will also see events on the client about failing to register DNS records if it can't reach DNS or update it host records.

    So to answer your question DNS updates straight away - locally at the new site, it then replicates DNS through AD replication to other AD/DNS servers at your other sites which of course depends on your AD replication topology - 15 minutes to an hour?

    If it is configured to be owned by DHCP but set to cleanup any records then you might find it is a case of users not releasing the lease. That's done on a shutdown of the OS and mobile users ten to slam the lid and move on.  

    Also  check if DNS is configured to lookup in WINS because I've seen the same situation that if DNS can't find a record it uses WINS and then it finds an old record there.

    Wednesday, August 2, 2017 8:40 AM
  • Hi,

    Was your issue resolved? 

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.
    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.
    If no, please reply and tell us the current situation in order to provide further help.

    Best Regards,
    Frank

    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, August 11, 2017 4:17 AM