We partied hard last week discussing DNS (Domain Name System). Lex and Brigg taught you all the things you need to know about DNS and probably some things didn't. In fact, most of this blog content was pulled from the outline Brigg used to navigate through last week's webcast. And since we're all about helping you be the best sysadmin you can be, for further reference make sure you check out the plethora of other videos we have about DNS on our YouTube channel which you can access by clicking here. With that said, let's do this recap thang!
DHCP settings (Lease time | Scope > Properties > DNS tab > Always dynamically update DNS records | Discard A and PTR records when lease is deleted)
Scavenging (Record, Zone, Server)
Example: Use file scanner to check hosts file on client machines - Hosts Report/Scanner/Collection.
DNS delegation error when promoting a DC. Why?
Inventory doesn’t see pre-staged computer objects in AD. Why?
Conditional Forwarders and Stub Zones, what are they and what is different about them?
Subnet prioritization and Round Robin: How do these magical things work?
DNS Suffix Search List: DHCP or GPO? And why suffixes are important.
We had a lot of questions submitted last week so buckle up for a nice, long, Q&A session...we promise you'll find it helpful... if not you have our permission to take a nap.
Q: I have just come into a location that has not managed the DNS. It now has very old records in the forward lookup zones and has never had the reverse lookup zones configured. The servers and printers have been assigned static A addresses but not in DNS. How do we begin to clean up the zones and how do we begin configuring the reverse lookup zones? 6:43
Q: What is this error? DNS_PROBE_FINISHED_NXDOMAIN How do I fix this error? 10:54
Q: We have Dynamic Updates set to "secure only" in our DNS servers, which are our DCs. We also have a population of notebooks that are workgroup members that do not appear to be able to update their DNS records, which is causing havoc with PDQ discoverability. What's the best way to get domain-joined and non-domain-joined systems to play nicely together? 22:32
Q: I have workstations that continually have incorrect DNS records due to IP addresses swapping due to changing between wired and wireless connections or switching between Vlans defined in Cisco Network Admission Control (NAC). I can temporarily fix the issue by running IPCONFIG /REGISTERDNS commands on workstations... but there's got to be a better way, no? 28:01
Q: Is there a decent way to create a failover A record to have a redundant SMTP relay server? 32:24
Q: Is there a way to clear any stale DNS records out of DNS? 38:40
Q: Our DNS is working great with all local devices. However, we have been having internet DNS issues for several months now. We've had issues using Root Hints only and using forwarders. Any advice about where to start? 39:16
Q: Is the DnsUpdateProxy group needed for dynamic DNS registration or not? Best practices found online are mixed and often conflicting, even directly from Microsoft. It seems to me that this group may pose a security risk on top of providing no benefit. What's your take? 40:22
Q: Do PTR zones have to match DHCP subnets or can I just do a /8 and call it good instead of adding each subnet I have in DHCP? 41:17
Q: How can I create a special DNS name that would link to my active directory account to avoid typing my full domain address? 41:49