On Wed, Aug 25, 2010 at 9:36 AM, Bob Hartung <bhart...@wiscoind.com> wrote: > It's strikes me odd that DNS would allow multiple entries for the same IP > address. Is that normal behavior?
In DNS, forward and reverse queries are completely independent of each other. (A forward query uses a name to find things like an IP address; a reverse query uses an IP address to find a name.) PTR records (pointer, used for reverse queries) use the IP address as the key, so when one DNS Update message comes in saying "PTR record for 192.0.2.42 should be foo.example.com", that overwrites any previous PTR record at that IP address. In contrast, A records (address; Microsoft calls this "Host") use the name as the key. So when a DNS Update message comes in saying "foo.example.com should have A record 192.0.2.42", that doesn't involve any other names that might reference that same IP address. Even if "bar.example.com" also had an A record referencing 192.0.2.42, that's not prohibited by the DNS spec. > Since these pointer records are automatically created by an interaction > between the DHCP and DNS servers, shouldn't there also be a process > that would delete DNS pointers based on expired DHCP leases, > particularly since the IP address had been handed out to a different PC? That would be possible, in theory, but there's no standard protocol for it. Microsoft would have to invent something that integrates their DNS server with their DHCP server. *Possibly* might be a good idea, but it doesn't currently exist. Microsoft's solution for this problem is to run scavenging on the DNS server. This configures the DNS server to periodically looks for dynamically-updated records which haven't been refreshed in a while, and delete them. Read the manual and search the web first; from what I understand misconfigured scavenging can end up eating *all* your records if you're not careful. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~