Dhcp updating dns records dating royal doulton bunnykins marks

If you have followed the steps in my previous post you might have your zone database files in /etc/bind/zones.

We will start by copying the files so we have a backup remaining if anything goes wrong: 1.1 Copy the zone database files: We now need to add the key to the bind configuration and tell it what zones that we want it to allow updates on.

If DHCP is updating universally you should drive for consistency, get the servers out of that proxy update group. The Aging settings dictate how quickly a record can be scavenged, but those should never be set to less than a day or you'll find records for your servers and domain controllers vanish.

Set the same credentials for all DHCP servers (and all scopes). It's rarely so easy, but if possible set a consistent lease time across all your scopes and align the Aging times with that lease time.

I was getting complaints of duplicate A records for a while so starting digging in.

The default profile suggests that these files should be put in /var/lib/bind.Not really sure what to make of it; wondering if I need to set the security on the actual zone to allow the DNSUpdate Proxy group full control or maybe even schedule a script to run against my VPN scope to get rid of the duplicate record that has an older time-stamp or compare against the DHCP lease and delete the other. This is quite a common problem where there's more than one possible update source, especially if you use scope with very short lease times.The DNSUpdate Proxy group is a bit nasty really, you should avoid using it if you can.I’ve included the whole contents of my file here and marked the changes that I’ve made in bold.3.1 Edit /etc/bind/local: # # Make sure to change the ddns update style to interim: ddns-update-style interim; ignore client-updates; # Overwrite client configured FQHNs ddns-domainname ""; ddns-rev-domainname ""; # option definitions common to all supported networks... subnet .0 netmask 255.255.255.0 The dns database files are now being rewritten by the bind service.

Leave a Reply