Lifetime of host records, VPN and NAT

  • Thread starter Thread starter Ovid Bailey
  • Start date Start date
O

Ovid Bailey

I am managing an active directory domain which uses a
Cisco VPN concentrator to create tunnels to various
geographic locations.

In one of the remote locations, their firewall performs
multiple translations, which gets a bit confusing:

Client physical address: 192.168.1.x
DNS server's physical address: aaa.aaa.aaa.aab
What the client thinks the server's address is: 172.16.1.x

The concentrator NAT's the addresses appropriately, and
the initial problem was that the address returned by the
DNS server (192.168.2.x) did not match the DNS server
address set in the clients DNS network properties, and
authentication failed.

So I created a host / A record on my server that uses the
172.16.1.x address, and everything works fine.

That is, until the host record for that virtual address
gets automatically deleted after a few weeks from
apparent lack of action. As a result, all of the AD
authentication fails, and the client can no longer log
into the domain.

I've increased most of the time parameters that made any
sense to me. Is there a better way to deal with this, or
is there a way to make a specific host record permanent?
What am I missing?

Thanks for the help,

Ovid Bailey
 
In
Ovid Bailey said:
I am managing an active directory domain which uses a
Cisco VPN concentrator to create tunnels to various
geographic locations.

In one of the remote locations, their firewall performs
multiple translations, which gets a bit confusing:

Client physical address: 192.168.1.x
DNS server's physical address: aaa.aaa.aaa.aab
What the client thinks the server's address is: 172.16.1.x

The concentrator NAT's the addresses appropriately, and
the initial problem was that the address returned by the
DNS server (192.168.2.x) did not match the DNS server
address set in the clients DNS network properties, and
authentication failed.

So I created a host / A record on my server that uses the
172.16.1.x address, and everything works fine.

That is, until the host record for that virtual address
gets automatically deleted after a few weeks from
apparent lack of action. As a result, all of the AD
authentication fails, and the client can no longer log
into the domain.

I've increased most of the time parameters that made any
sense to me. Is there a better way to deal with this, or
is there a way to make a specific host record permanent?
What am I missing?

Thanks for the help,

Ovid Bailey
Click to expand...

Usually if you make a host record manually it will not get scavenged out of
DNS. So not entirely sure why it's being deleted unless it's being
overwritten by DHCP or it;s one of the LDAP addresses the netlogon
registers.

What record is it specifically you are trying to keep?
Are there mixed public and private addresses in the zone? (Not good if there
is).


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Back
Top