DNS Clean Up

[mikej97204]

I have DNS running on a 2000 server with latest SP and have a question about cleaning up some duplicat entries in the Reverse Lookup table. Over time, there have been a number of IP addresses that DHCP has reused. Unfortunately, it didn't always clean up after itself and I have some IP addresses in there multiple times pointing to different machine names. Most of them I know what is the live machine but there are some that I don't know which is real and which is an old machine name.

The Forward Lookup table will also have an entry for both. Is there a way to determine which is the valid entry without hunting down the workstation and checking it's assigned IP address? Or, if I delete both entries (while the workstation is powerd off at night), will the workstation recreate a DNS entry the next time it's powered up?

Also, I have some entries that have the full machine name (i.e. workstation1.domain.com) and a 2nd entry that is just the machine name (i.e. workstation1.) and nothing else. I assume the 2nd entry was when the workstation was first brought up on the nextwork during configuration and before it was added to the domain. Can this 2nd entry be deleted?

What is the best way to keep the DNS clean so it doesn't accumalate bogus entries like this? Is there something I should be doing other than looking through it from time to time? Mostly the DNS just works, so I don't worry so much about it, but I don't want to set myself up for some future problem that I could have prevented.

Thanks

Mike

 

[jpmuse]

You want to enable DNS scavenging.

http://technet2.microsoft.com/Windo...7ed1-4473-a20a-15560e2ecf891033.mspx?mfr=true

 

[NetIntruder]

Scavenging is definitely a good first measure. Take a look at your event logs also and see if there are any DNS Failure events that are noteworthy (specifically clients not being able to update, etc).

Also, is your DHCP server 2000 or 2003?

~Intruder~
CEH, CISSP, MCSA/MCSE 2000/2003

"The Less You Do, The Less Can Go Wrong"

 

[mikej97204]

I enabled scavenging (after reading the warnings and concerns about possible loss of new records)using the 7 day defaults and then let it run. The event log showed that it ran but that there were 0 stale records cleaned out. I know some of the records have to be stale since the workstations no longer exist and haven't for sometime and DHCP has re-issued the IP address. I activated it on only one of my DNS servers like the information said to do.

Right now, my DNS, DHCP, WINS servers are all Win 2000 servers with service pack 4. I plan on adding Win 2003 DNS servers and eventually replace both Win 2000 servers. That's why I started looking closer at this in prepreation for the addition of 2003 servers. I've already preped the domain for it.

I have not seen any errors in the event logs of problems with DNS other than the ones that say the DNS encountered a invalid domain name in a packet that came in from outside.

If scavenging doesn't clean it out, I might have to chase down machine names and IP addresses and manually clean it out or just leave it alone since it's been running ok.

Thanks

Mike

 

[NetIntruder]

the Support Pack has a utility called DNSCmd.exe that can force aging on all records (dnscmd.exe /AgeAllRecords). This will cause your more "stale" records to update or be removed.

See the following for reference:

http://support.microsoft.com/?kbid=296116

~Intruder~
CEH, CISSP, MCSA/MCSE 2000/2003

"The Less You Do, The Less Can Go Wrong"

 

[mikej97204]

Thanks Intruder. The information from the linked document points out that if a workstation is removed from the network right after it's been installed. We do tests all the time on computers and then take them off the system until needed. I bet that is where some, if not all, of the reverse lookup IP's are coming from.

I'll do the forced aging and see if that will clean up some of them.

Thanks

Mike

 

[NetIntruder]

sounds good. let us all know the result!

~Intruder~
CEH, CISSP, MCSA/MCSE 2000/2003

"The Less You Do, The Less Can Go Wrong"