Hi
I'm a ConfigMgr admin and I'm seeing ConfigMgr repeatedly failing to contact clients in our environment, which on investigation is down to stale DNS records.
The environment has a single Server 2008 R2 DHCP server, a primary DNS server running Server 2003 SP2 and a secondary DNS server running Server 2008 R2. The DHCP server is set to 'Always dynamically update DNS A and PTR records’. DNS dynamic updates are enabled and set to secure only. The DHCP server is a member of the DnsUpdateProxy group and is also set to run using the credentials of a domain user account that is also a member of the DnsUpdateProxy group.
Having raised the stale DNS issue with my colleague who manages DNS, it appears that the DHCP server was updated from Server 2003 to Server 2008 in the not too distant past, and when this was done, he forgot to set the DHCP server to run under the context of the domain user that is a member of the DnsUpdateProxy group. He's now configured the server to run using this account and has also reduced the scavenging No-refresh and refresh intervals to 3 and 4 days respectively.
Am I correct in thinking that any existing stale entries will remain now even after the settings have been corrected? I’ve just deleted the DNS record for a test laptop then deleted its DHCP lease and renewed it. The newly created DNS entry shows the DHCP service account in the ACL with write permissions to the object, which I believe is the desired state. However, if I look at any other records including those with a timestamp from today, the DHCP service account is not in the ACL, instead of this the client computer’s AD account is in the ACL with write permissions.
Having a look around at other settings I can also see that every DNS record on the primary server (2003) has the check box ‘Update associated pointer (PTR) record’ unchecked whereas this box is checked for every record when I look on the secondary server (2008). Dynamic updates on the relevant reverse lookup zone are set to Nonsecure and secure as opposed to the secure only setting for the forward zone. Should these two settings match?
Many thanks