Question

Server 2008 DNS record keeps disappearing

Asked by: csandlin

I have an Exchange 2007 Client Access Server with an A record that keeps disappearing about every 10 minutes. The record is static and the server does not register its own DNS records. The option to "Delete this record when it becomes stale" is not checked. I can manually scavenge records and the record will stay, as it should since it is static anyways. It then disappears for whatever reason about every 10 minutes.

Some background info: We have multiple AD sites with multiple DC's and Exchange servers. All DC's are also DNS servers, and some of the DC's are also DHCP servers, although the server subnet does not have DHCP. This particular server is running Server 2008 x64. It has two different IP addresses and we do not want one of them to register in DNS which is why we are using the static DNS entry. This has been fine for months and then just started happening yesterday, after I found and deleted an invalid A record for that server (was for the other IP address that we don't want a record for).
This is driving me nuts. I had to put in hosts file entries for this on all the Exchange servers so mail can still flow properly. Any ideas?

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2009-01-28 at 15:04:43ID24092851
Tags

Server 2008 DNS record keeps disappearing

Topics

Domain Name Service (DNS)

,

Windows Server 2008

Participating Experts
2
Points
500
Comments
12

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. DNS Scavenging
    We have one AD domain with 2 sites, site A and Site B. Each site has its own IP range, and its own DHCP pool and its own AD DC's which replicate as normal. Standard stuff. Site A has a DHCP lease of 4 days. Site B has a DHCP lease of 8 hours, (long story IP address are li...
  2. DNS Scavenging Questions
    We have a Windows Server 2003 / SP2 domain with AD-Integrated DNS zones. We are accumulating a number of stale resource records from clients, and are having name resolution issues as a result. I would like to enable DNS scavenging, but need to make sure I understand exactly...
  3. Scavenge Stale DNS Records?
    When I ping a client, it returns the incorrect ip address. I know this is caused by stale dns records but I want to prevent this in the future. It is an Active Director integrated zone on my windows server 2003 network and I want to enable "Scavenge stale resource record...
  4. DNS Zone - Scavenging
    Should DNS zones (Active-Directory Integrated) be set to automatically scavenge stale records? If so, what duration? what is best practice?
  5. DNS Scavenging
    I am working on scanenging stale records on our network. The MS servers 2003 on our network have static IP addresses. The resource records for these servers are dynamically being updated in the dns zone. "Delete this record when it's stale" is checked. I was under t...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: Chris-DentPosted on 2009-01-28 at 15:07:59ID: 23492617


Can you enable Auditing in the security settings for the zone? Capturing Successful Delete actions would be good, it'll give us something in the Event Log to take a look at.

Otherwise, check AD replication and check for conflicting zones. If there are conflicting zones you'll get an error logged in the DNS Event Log.

Chris

 

by: MesthaPosted on 2009-01-28 at 15:41:56ID: 23492875

Why does the server have two IP addresses?
That is not something I would tend to recommend, particularly if the server is dual homed. Exchange doesn't react well to being dual homed.

-M

 

by: csandlinPosted on 2009-01-29 at 08:20:55ID: 23499020

Mestha, the server has one IP address for an OWA redirect site. It's in the same subnet and we've run Exchange like this for years with no problem.

Here is something that seems interesting..I turned up auditing like Chris suggested. When I create a normal DNS record, an event gets logged similar to below:


Event Type:             Success Audit
Event Source:          Security
Event Category:       Directory Service Access
Event ID:  566
Date:                       1/29/2009
Time:                       9:58:51 AM
User:                       NT AUTHORITY\SYSTEM
Computer:               DC1
Description:
Object Operation:
                Object Server:         DS
                Operation Type:      Object Access
                Object Type:            dnsNode
                Object Name:         DC=EXCH1,DC=domain.com,CN=MicrosoftDNS,CN=System,DC=domain,DC=com
                Handle ID:               -
                Primary User Name:               DC1$
                Primary Domain:     DOMAIN
                Primary Logon ID:   (0x0,0x3E7)
                Client User Name:  DC1$
                Client Domain:        DOMAIN
                Client Logon ID:       (0x0,0x6A5EEBCD)
                Accesses:                WRITE_DAC
                                                WRITE_OWNER
                                               
                Properties:
                WRITE_DAC
WRITE_OWNER
                dnsNode
 
                Additional Info:      
                Additional Info2:    
                Access Mask:          0xC0000

 

Also an event gets logged for the PTR record. However for this one record, an additional event immediately gets logged similar to this:


Event Type:             Success Audit
Event Source:          Security
Event Category:       Directory Service Access
Event ID:  566
Date:                       1/29/2009
Time:                       9:58:51 AM
User:                       DOMAIN\Administrator
Computer:               DC1
Description:
Object Operation:
                Object Server:         DS
                Operation Type:      Object Access
                Object Type:            dnsNode
                Object Name:         DC=EXCH1,DC=domain.com,CN=MicrosoftDNS,CN=System,DC=domain,DC=com
                Handle ID:               -
                Primary User Name:               DC1$
                Primary Domain:     DOMAIN
                Primary Logon ID:   (0x0,0x3E7)
                Client User Name:  Administrator
                Client Domain:        DOMAIN
                Client Logon ID:       (0x0,0x6A8C95EF)
                Accesses:                Write Property
                                               
                Properties:
                Write Property
                                Default property set
                                                dnsRecord
                                                dNSTombstoned
                dnsNode
 
                Additional Info:      
                Additional Info2:    
                Access Mask:          0x20

 

It's as if something is causing the record to be marked for deletion right after I create it. Oddly enough, this only happens for records created in one particular subnet, but it does not matter which DNS zone I create the records for.

Does this make sense to anyone?

 

by: MesthaPosted on 2009-01-29 at 08:49:39ID: 23499483

OWA redirect site?
This wasn't an attempt to do SSL certificates on the cheap by using two different web sites? This was a technique I was pushing as well, but no longer do so, due to the problems with it and that the correct way using a single IP address and SSL is much more reliable.

The fact that you have done something for years without problems does not mean that
a. It was the correct thing to do in the first place
b. It will continue to work.

I refer to the "its been working for years" as the drunk drivers excuse.

I still think this is a problem with AD not accepting your static DNS entry rather than allowing Windows and AD to manage it.

-M

 

by: Chris-DentPosted on 2009-01-29 at 08:57:12ID: 23499590


> but it does not matter which DNS zone I create the records for.

You mean you can create this in any Forward Lookup Zone and suffer from the same problem?

I don't see why AD would object to a DNS entry. The worst that can happen is  the client will receive an access denied error when it attempts to update the record (based on the ACL for the record).

Can you take a look at the record using ADSIEdit.msc? You'll find it under the "Domain" folder based on the path above. You can see it in AD Users and Computers as well, but it won't show you anything interesting.

Chris

 

by: csandlinPosted on 2009-01-29 at 15:59:09ID: 23504102


I can create it in any forward lookup zone using any IP address in that particular subnet and will have the problem. If I choose a different subnet, it works.
I looked at the record in ADSI, nothing seems strange about it except the created time stamp remains as 10/1/2008, as if the record just gets reanimated whenever I add it back into DNS. In ADSi it looks like the record never actually goes away when it is deleted in DNS, just the values for its IP addresses disappear.

Went ahead and just deleted the static record, then enabled DNS registration on the nic, and ran ipconfig /registerdns. The record then showed up in DNS, but later disappeared again.

The OWA redirect site was setup as an easy way to send people to the full url with HTTPS and /exchange because they couldn't ever remember the full path.  Originally the main OWA site used a script to perform the redirect but the script seemed to not always work. I can move that site to a different server for testing purposes or if you have a better way to do the redirect, I'm open to that.

But I would still like to figure out this DNS issue, thanks for the help.

 

by: Chris-DentPosted on 2009-01-30 at 01:04:05ID: 23506280


You can actually see it in ADSIEdit after it has been deleted and is no longer visible in the GUI?

I would be very tempted to delete the version of the record you see in ADSIEdit. Just to confirm, it should show up as an object of dnsNode class.

Chris

 

by: csandlinPosted on 2009-02-05 at 08:24:11ID: 23560909

Sorry for the delay in getting back about this. I was thinking the same thing about the record in ADSI. Rather than experiment on a live server I deleted the dnsNode class for a workstation first. After doing that the workstation was getting random errors--MMC consoles would work for some servers and not others, it could access some network drives and not others, would give RPC errors using remote tools. After I unjoined and rejoined it to the domain everything was fine again. Not sure if this was a fluke but I don't want to risk that on a production server. I'll probably just live with the problem for now and maybe address it later if it becomes a bigger issue.

 

by: Chris-DentPosted on 2009-02-05 at 08:26:03ID: 23560934


That's odd, DNS is pretty easy easy on AD / domain members for the most part. You could delete your entire forward lookup zone and recover in a very short time with very few issues.

Still, I can appreciate the reluctance to do anything like that on a production domain :)

Chris

 

by: csandlinPosted on 2009-02-05 at 09:02:12ID: 23561379

Yea, I really don't know what happened. I've actually deleted the entire forward lookup zone before and re-created it without any problems, but did it through the DNS console instead of ADSI. May do some more testing later if I have time.

 

by: Chris-DentPosted on 2009-02-05 at 09:14:34ID: 23561539


It should behave in exactly the same way if deleted through ADSIEdit. It's a little less controlled and would be better done with the DNS service stopped (because it'll be stored in memory on the server). But in general terms it can be considered safe.

Chris

 

by: csandlinPosted on 2009-04-06 at 07:23:26ID: 31540254

Still have not had time to fully test this but need to close the question. After deleting the DNSNode object for my computer I had to rejoin to the domain..not sure why. Could have been related to some other issue I was working on at the same time.

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...