none
Server 2012 registering multiple A records for the same host instead of just updating the single A record RRS feed

  • Question

  • Having a random issue with our DNS server. I have scavenging enabled on 1 server for the zone. I left the default scavenging in place of 7 for non refresh and 7 for the refresh. I noticed today that a hostname such as "computer0084" has 2 A records both with different IP's. Why is my DNS server all of a sudden registering multiple DNS records for a machine instead of just updating the original? This is obviously causing an issue when pinging machines. What made me notice this was we are trying to use the forticlient to deploy the vpn client to machines. Well when the forti server tries to push the software it is getting the invalid IP from one of the A records. Has anyone seen this before?
    Tuesday, July 18, 2017 5:42 PM

All replies

  • Is it in the same DNS zone ?

    Does your DNS is configures for Secure Updates Only ?

    If so, which account has full control on both A records (security tab) ?


    This posting is provided AS IS without warranty of any kind

    Tuesday, July 18, 2017 6:28 PM
  • Yes it is in the same DNS zone.Yes the zone is configured for Secure Only

    Looks like the "enterprise admins" account has full control on both A records.

    Tuesday, July 18, 2017 6:37 PM
  • Also just to test I went ahead and deleted both A records for one of our hosts "computer0001". I confirmed it replicated and removed these records from the other DC's. I had the helpdesk tech boot the PC back up and it registered with DNS getting a 10.50.50.x IP. I had him jump on VPN which hands out 192.x.x.x IP's and it created another record instead of just updating the current record.
    Tuesday, July 18, 2017 6:38 PM
  • Does a record is static ?

    Normally in the security tab, you should see the computer account (ComputerName$), is it the case ?


    This posting is provided AS IS without warranty of any kind

    Tuesday, July 18, 2017 6:40 PM
  • I do not have any issues with the static records. Since these A records are from workstations they are dynamic...

    Yes I see the computer account "ComputerName$" in the security tab. It is set for read, write, and special permissions.

    Tuesday, July 18, 2017 6:43 PM
  • And the security permissions are the same for both records ?

    This posting is provided AS IS without warranty of any kind

    Tuesday, July 18, 2017 6:50 PM
  • Yes it appears as though the security permissions are the same for the duplicate records.
    Tuesday, July 18, 2017 6:53 PM
  • And does your DNS is AD integrated ?

    If so, what is your Replication frequency ?


    This posting is provided AS IS without warranty of any kind

    Tuesday, July 18, 2017 7:07 PM
  • Yes it is AD Integrated. Appears the replication is set to 30 minutes. It seems to replicate fine as I am able to delete records and it updates automatically to the other DC's.
    Tuesday, July 18, 2017 7:13 PM
  • Is the DHCP Server is running on a DC ?

    Do you have the same issue for all VLAN or only between an internal IP range and the VPN IP range ?


    This posting is provided AS IS without warranty of any kind

    Wednesday, July 19, 2017 1:21 AM
  • Hi hidden_process

    >>it is getting the invalid IP from one of the A records

    Please enable the DNS debug to view who is registering this IP address.

    In addition, what did you choose in the following checkbox?

     

    Best Regards,

    Candy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Wednesday, July 19, 2017 8:42 AM
  • It is set to Always dynamically update DNS records. Do you think this is the problem?
    Wednesday, July 19, 2017 1:07 PM
  • Hi hidden_process

    As I understand it, the issue you are experiencing is: there are multiple DNS records for the same DNS client.
    Issue Definition: Server 2012 registering multiple A records for the same host instead of just updating the single A record.
    Scope Agreement: Let the DNS server has single record for a host, or find this is by-design or cause by 3rd party software.
    If I have misunderstood your concern, please don't hesitate to let me know.

    To have a better understanding, please help me know the following:
    • Does DNS client have multiple NICs?
    • Are these two A records in same subnet and scope?
    • Are these two A records has the same owner?

    If there two A records are from different subnets, and have different owners, confirm that these DNS records are registered by DHCP server in both subnets, or by DNS client in both subnets.

    Besides, check if DHCP lease time is smaller than 14 days (no-refresh interval + refresh interval). If yes, reduce no-refresh interval and refresh interval to let the sum equals DHCP lease time. For example, if DHCP lease time is 8-day, set no-refresh interval and refresh interval to 4 days.

    If the above does not help, try the following configuration:

    Step 1: On DHCP scope properties, select “Always dynamic update DNS records”, “Discard A and PTR records when lease is deleted” and check “Dynamically Update DNS records for DHCP client that …”:

    Step 2: On DNS client, uncheck “Register this connection’s address in DNS”:

    If there is anything unclear, please feel free to let me know.

    Best regards,

    Candy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.



    Friday, July 21, 2017 2:20 AM
  • Hi hidden_process

    Just want to confirm the current situations.

    Please feel free to let us know if you need further assistance.

    Best Regards,

    Candy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, July 24, 2017 1:46 AM
  • Hi hidden_process

    Was your issue resolved?

    Just want to confirm the current situations.

    Please feel free to let us know if you need further assistance.              

    Best Regards,

    Candy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, August 1, 2017 9:53 AM