Announcement

Collapse
No announcement yet.

Windows 2003 DNS / Subnets / PTR Records

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Windows 2003 DNS / Subnets / PTR Records

    Hello.
    I am new to this site so please accept my apology if my question is somewhere on this site.
    I have an interesting situation that I would like assistance with if possible.
    Let me explain my environment.

    Currently we have a Cisco PIX asa 5510 firewall providing DHCP to about 20-25 desktops. I have 2 Windows 2003 DC's - 1 of them is an exchange 2003 server and the other is a file server and my primary dns server. I know putting exchange on a DC is not recommended but due to financial costs , we had no other choice.

    Prior to upgrading our infrastructure, the network had only 1 subnet - 192.168.1.x network. The DNS forward and reverse lookup zones were running just fine. After upgrading, we decided to VLAN our network into 3 subnets.

    1. 192.168.1.x - servers/cisco equipment
    2. 192.168.2.x - desktops (ie: dept a)
    3. 192.168.3.x - desktops (ie: dept b)

    Since this change, I went ahead and created a reverse lookup zone for the 192.168.2.x network and then 192.168.3.x network.
    I do see all of the workstations in the forward lookup zone but their PTR records dont seem to be updating and appearing in the other reverse lookup zones I created. I can ping ip addresses on all subnets, regardless of which subnet i am on.

    Can someone advise what I might be missing? I can certainly add the PTR record manually but I would rather DNS update this automatically. I'm not getting any errors in the event log, but did received an event 4521 after creating the 192.168.2.x and 192.168.3.x reverse lookup zones. It states that "DNS server encountered error 32 attempting to load zone 2.168.192.in-addr.arpa from Active Directory. DNS server will attempt to load this zone again on the next timeout cycle. this can be caused by high AD load and may be a trainsient condition"

    Thanks
    Jamie

  • #2
    Re: Windows 2003 DNS / Subnets / PTR Records

    I'm assuming that each reverse lookup zone is configured to allow dynamic updates? If not then that is the most likely problem.

    Also, do the A records show the correct ip addresses for the hosts on each VLAN?

    Try deleting one A record and rebooting one of the computers on the .2 or .3 subnet.

    I'm not sure how the Cisco DHCP figures in to this but a Windows 2003 DHCP server can be configured to create and update A and PTR records on behalf of the client. You might consider using Windows 2003 DHCP instead.

    Comment


    • #3
      Re: Windows 2003 DNS / Subnets / PTR Records

      Yes - all of the reverse look up zones are set to "secure only" for dynamic updates. The 192.168.1.x network will create PTR records when new A records are added. ( i manually deleted an A record, executed ipconfig/registerdns, looked on my dns server and it was there along with the PTR record) My PC is on the 192.168.2.x subnet. I tried manually deleting my A record, then on my pc executed the ipconfig/registerdns command, saw the A record get re-created but the PTR record did not get created.

      Yes - the A records are showing the correct IP addresses in the forward lookup zone.

      It doesn't make sense to me that the 192.168.1.x network creates ptr records but not the other 2 subnets.

      Since reverse look up zones are normally geared to an exchange environment (which we have but we're only using exch for Public folders, calendar and outgoing mail) would each PC need to be registered in the reverse look up zone when sending emails or is it just the exchange server that is needed?

      Comment


      • #4
        Re: Windows 2003 DNS / Subnets / PTR Records

        Does anyone have any solutions as to what might be happening with my DNS environment? I know that using windows to provide DHCP is the way to go, but unfortunately i don't have the option of changing this any time soon.
        PTR records only seem to be created on the 192.168.1.x subnet, but not the 192.168.2.x and 192.168.3.x subnet. I can't seem to figure out why

        Comment


        • #5
          Re: Windows 2003 DNS / Subnets / PTR Records

          On the DNS tab of the properties sheets for the affected scopes in DHCP what options do you have selected?

          Comment


          • #6
            Re: Windows 2003 DNS / Subnets / PTR Records

            Ok -

            1. 192.168.2.x & 192.168.3.x reverse lookup properties
            a. gerneal tab - status running, type: AD integrated, dynamtic updates set to secure only - aging is set to default
            b. SOA Tab - serial # is 10 ; primary server says "myservername.domain.local"
            responsible person - hostmaster.mydomain.local
            refresh interval - 15 minutes
            retry interval - 10 minutes
            expires = 1 day
            min. TTL - 1 hour

            c. Name server tab - shows both of my domain controllers. does it matter if my secondary DC is the 1st name server?

            d. WINS-R Tab - nothing is checked
            e. Zone transfers - nothing is checked
            f. Security Tab - nothing was added or removed - all default


            In my forward lookup zone, i do see all desktops and servers in all subnets listed.

            Comment


            • #7
              Re: Windows 2003 DNS / Subnets / PTR Records

              I'm sorry I didn't mean the properties of your DNS reverse lookup zone, I meant the properties of your DHCP scope but I forgot that you're using the Pix for DHCP. Are there any options/commands on the Pix that might allow, disallow PTR record registration for the affected subnets? Are each of the scopes on the Pix configured identically?

              Comment


              • #8
                Re: Windows 2003 DNS / Subnets / PTR Records

                DHCP is configured on the pix , not the win2k3 server. i'll have to double check and see that each scope is set up correctly. i'll also check to see if there are any commands or options that would allow or disallow ptr records to get created.
                You would think that if PTR records were able to get created on the 1.x subnet, why wuoldn't it get created on the 2.x or 3.x subnet. In any event, to rule out 1 option, let me check the pix and i'll get back to you

                thanks for the quick response

                Jamie

                Comment


                • #9
                  Re: Windows 2003 DNS / Subnets / PTR Records

                  Ok - I've gone through the ASA 5510 firewall and did not find anything in its configuration that would not allow PTR records to update. Each DHCP scope does point to my windows DNS server.

                  The most bizzare thing I cannot understand is that the PTR records will get updated only on the 192.168.1.x subnet but not the 2.x or 3.x networks.

                  Comment


                  • #10
                    Re: Windows 2003 DNS / Subnets / PTR Records

                    Well at this point I would put a network sniffer (Microsoft Network Monitor 3) on one of the clients on the 2.x or 3.x subnets and also put a network sniffer on the DNS server. Start a capture on both at the same time and run ipconfig/registerdns on the client. Then look at the captures and see if the PTR registration is getting to the server. If it is then the server is the problem. If it isn't then you still have some network problem.

                    Comment


                    • #11
                      Re: Windows 2003 DNS / Subnets / PTR Records

                      Ok - I've gone through the ASA 5510 firewall and did not find anything in its configuration that would not allow PTR records to update. Each DHCP scope does point to my windows DNS server.

                      The most bizzare thing I cannot understand is that the PTR records will get updated only on the 192.168.1.x subnet but not the 2.x or 3.x networks.

                      Comment


                      • #12
                        Re: Windows 2003 DNS / Subnets / PTR Records

                        maybe be a stupid question
                        what subnet masks are you using?

                        255.255.255.0 may not work
                        /16 might

                        also, double check your reverse dns to make sure the other subnets have an empty entry as the pix wont create a new zone

                        (anyway why not use the active directory dhcp as they copulate quite freely)

                        Comment


                        • #13
                          Re: Windows 2003 DNS / Subnets / PTR Records

                          I think the next step here is to run DHCP on our DC 2k3 server and see what happens.

                          Comment


                          • #14
                            Re: Windows 2003 DNS / Subnets / PTR Records

                            Originally posted by SML View Post
                            maybe be a stupid question
                            what subnet masks are you using?

                            255.255.255.0 may not work
                            /16 might

                            also, double check your reverse dns to make sure the other subnets have an empty entry as the pix wont create a new zone

                            (anyway why not use the active directory dhcp as they copulate quite freely)
                            AD DHCP ?
                            Where did you get that from ?
                            Am I missing something ?

                            Comment

                            Working...
                            X