[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 353
  • Last Modified:

Weird DNS entries for missing Reverse Lookup zones...REPMUB5

I use the Solarwinds IP Mangement tool just to keep an eye on my IP addresses and my DNS server is on a Windows 2003 platform with SP1 installed.  

We noticed an unusual naming standard for a machine that was browsing the web the other day so we dispatched our help desk personnel to get that machine and rename it.   Well today I went into the Solarwinds tool and noticed that three of my networks had every machine with that weird naming standard I saw several days ago.  Let's say that I have a computer that has an IP address of 205.25.36.48 and it's name should be computerA.  Well the new name takes on the IP address and renames the computer to repmub5.2052536-48.usmc.mil.  In every instance the name has the IP address as part of the name and the old computer name is no longer.

I did some research and found that on my DNS server those three zones did not have a reverse lookup for them.  I confirmed that the original computer name was still in the forward lookup zone and resolved properly to the correct IP address when doing an nslookup on the machine name.  Every time you did an nslookup on the IP it came back with the example I mentioned above but with the IP address you looked for.

I have no idea how in the world this configuration even got in there and beside the obvious "virus" what could be the problem?  It only happened to the zones that were deleted; no other zone has this.

Tom
0
tej071
Asked:
tej071
  • 3
  • 2
1 Solution
 
Netman66Commented:
This issue seems to be related to replication conflicts.

When 2 or more replication partners have information that they each deem authoritative, they flag inbound replication objects that are the same with a unique name to ensure nothing is lost.  The problem is, this isn't what you need to see.

If DNS was added to another server and you have AD Integrated zones in the forest/domain then there is nothing more to do other than install DNS - DO NOT create the zones manually (this is what appears to have happened IMHO).

To fix this, remove DNS from one of the servers - wait - then reinstall DNS again.  Make sure the server you do this to doesn't have any manual zones that have been created on purpose.

Let us know.
0
 
tej071Author Commented:
How do I narrow down which server to remove?  We have nearly 20 in our entire forest.
0
 
Netman66Commented:
You can use a tool like REPLMON to figure out what server is not behaving.

You should also see something in the server logs about replication conflicts - perhaps even in the DNS Event log on the DCs.


0
 
tej071Author Commented:
Thanks,  you were correct with the replication issue.  We could not find the problem server so we had to create the zones over again.  Once we created them it fixed the majority of the computers but we still have a couple left.  I'm sure in a couple of days we should be back to normal.  Thanks for the help.
Tom
0
 
Netman66Commented:
Excellent!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now