iamuser
asked on
HELP DNS entry not deleting even if i manually do it
In my DNS server I got one entry in the reserve lookup zone has the wrong IP of a local workstation. And one entry that's points to the correct IP address.
And no matter how many times I try to delete the bad entry it's not going away. The entry keeps bouncing back over and over again. I checked the forward lookup zone and the bad entry is not there. I tried renaming the data field to another name (for the bad entry) and all does is create another entry using the same IP address. And when i try to delete both entries, the new on goes but the old one still bounces back.
And no matter how many times I try to delete the bad entry it's not going away. The entry keeps bouncing back over and over again. I checked the forward lookup zone and the bad entry is not there. I tried renaming the data field to another name (for the bad entry) and all does is create another entry using the same IP address. And when i try to delete both entries, the new on goes but the old one still bounces back.
ASKER
I'm in that folder and all i see are the following
Backup - folder
Sample - folder
Cache.dns - file
Opening Cache.dns shows me "Initial cache data for root domain servers."
The backup folder has a DNS.LOG and mydomainname.dns file, both does not contain the bad entry
The sample folder has nothing useful
Backup - folder
Sample - folder
Cache.dns - file
Opening Cache.dns shows me "Initial cache data for root domain servers."
The backup folder has a DNS.LOG and mydomainname.dns file, both does not contain the bad entry
The sample folder has nothing useful
I've experienced this myself. There's an issue with the deletion mechanism through the DNS Manager ... are you familiar with the process of deleting it using say LDP or ADSIEDIT.MSC?
ASKER
never used LDP or ADSIEDIT
How would i go about doing this?
How would i go about doing this?
Please first confirm that the zone is indeed Active Directory integrated (an earlier assumption on my part)? If so, provide the zone configuration please.
ASKER
DNS server is also the the DC, where do i get the zone configuration from?
The DNS Manager --> expand Forward lookup zones --> select (left click) the zone --> right click the zone --> select properties --> what is the type? If AD-integrated, click the 'Change' button below and provide the text from the selected radio button
In addition, I'll need the FQDN of the offending PTR entry (feel free to change the top-level suffixes as you see fit, I merely need some context in order to provide a specific response).
In addition, I'll need the FQDN of the offending PTR entry (feel free to change the top-level suffixes as you see fit, I merely need some context in order to provide a specific response).
ASKER
Selected radio button is primary zone, text is = store a copy of the zone that can be updated directly
the FQDN of the offending PTR entry is = acc301.acct.hoffice.com
Oh i have mutiplie subnets so that above is in the 100 subnet if that makes any difference
the FQDN of the offending PTR entry is = acc301.acct.hoffice.com
Oh i have mutiplie subnets so that above is in the 100 subnet if that makes any difference
Close :0) ... but I needed the 'Change' button below that one (if highlighted) because the term 'Primary' by itself is ambiguous in this context.
Regarding the FQDN: poorly quantified on my part - I need to know the full DNS name of the entry (which is a PTR record) that you can't delete (it should end in .in-addr.arpa)
Regarding the FQDN: poorly quantified on my part - I need to know the full DNS name of the entry (which is a PTR record) that you can't delete (it should end in .in-addr.arpa)
ASKER
right click the zone --> select properties --> what is the type? If AD-integrated, click the 'Change' button below and provide the text from the selected radio button
below the "type" is "replication" and clicking on the change button gives me
to all domain controllers in the active directory domain acc301.hoffice.com
FQDN = 211.100.168.192.in-addr.ar
hostname = acc301.acct.hoffice.com
below the "type" is "replication" and clicking on the change button gives me
to all domain controllers in the active directory domain acc301.hoffice.com
FQDN = 211.100.168.192.in-addr.ar
hostname = acc301.acct.hoffice.com
Run Active Directory Users and Computers
Select View --> Advanced Features
Expand the domain
Expand System
Expand Microsoft DNS
Expand (probably) 100.168.192.in-addr.arpa
- if not that exact name, it may be listed as 168.192.in-addr.arpa
- if so, expand 100
- repeat and re-apply the same principle if only 192.in-addr.arpa is listed
Select the dnsNode entry labelled '211' in the right pane
right click it and select 'Delete'
Try reloading the zone in the DNS Manager (right click --> reload)
- if you receive an error indicating that the zone is locked, you can either:
1. be patient and try again in a few minutes
2. restart the DNS server and verify the record is gone
Select View --> Advanced Features
Expand the domain
Expand System
Expand Microsoft DNS
Expand (probably) 100.168.192.in-addr.arpa
- if not that exact name, it may be listed as 168.192.in-addr.arpa
- if so, expand 100
- repeat and re-apply the same principle if only 192.in-addr.arpa is listed
Select the dnsNode entry labelled '211' in the right pane
right click it and select 'Delete'
Try reloading the zone in the DNS Manager (right click --> reload)
- if you receive an error indicating that the zone is locked, you can either:
1. be patient and try again in a few minutes
2. restart the DNS server and verify the record is gone
ASKER
Expand Microsoft DNS
Expand (probably) 100.168.192.in-addr.arpa
- if not that exact name, it may be listed as 168.192.in-addr.arpa
- if so, expand 100
when i'm in Microsoft DNS all i can see are the hostnames of each machine. It does not list any in-addr.arpa address
Only time i can see them is when i'm in DNS manager
Expand (probably) 100.168.192.in-addr.arpa
- if not that exact name, it may be listed as 168.192.in-addr.arpa
- if so, expand 100
when i'm in Microsoft DNS all i can see are the hostnames of each machine. It does not list any in-addr.arpa address
Only time i can see them is when i'm in DNS manager
Per the information you supplied when you said "to all domain controllers in the active directory domain acc301.hoffice.com", they have to be in that container since it's the only location within a domain partition under which AD-integrated DNS zones are maintained. I have since successfully conducted the steps verbatim myself on a Windows 2003 SP1 Domain Controller and am happy with their accuracy.
Perhaps this is a larger implementation than I'd inferred? How many seats are we talking about within this domain?
Perhaps this is a larger implementation than I'd inferred? How many seats are we talking about within this domain?
ASKER
over 400 seats
This is just a hip-shot but try increasing the view filter's object-display limit in AD U&C by selecting View --> Filter options and increment the value (defaults to 2000) by 1000 until you believe you've reached a number deem high enough to catch every DNS entry within the zone.
ASKER
I went up as high as 10,000 and nothing.
Here's the thing, once i expand Expand Microsoft DNS, I see my FQDN name. I expand iinto that and i see 2 columns. One with Name and other type. Type is dnsnode. And name is jsut computer names. There is nothing else in here.
Here's the thing, once i expand Expand Microsoft DNS, I see my FQDN name. I expand iinto that and i see 2 columns. One with Name and other type. Type is dnsnode. And name is jsut computer names. There is nothing else in here.
How many DCs?
... and how many domains in the Forest?
ASKER
2 DC and 1 domain. The one i am on is the main domain or is the backup
ASKER
other is a backup i mean
Ensure you're logged on as a Domain Admin, run a Command shell and enter this command (it should be on one line) -
ldifde -f con: -d DC=211,DC=100.168.192.in-a
Copy the results out of the window and paste them back here ...
ldifde -f con: -d DC=211,DC=100.168.192.in-a
Copy the results out of the window and paste them back here ...
ASKER
actually it's FQDN is acc301.hoffice.a1.org
so is it ldifde -f con: -d DC=211,DC=100.168.192.in-a
so is it ldifde -f con: -d DC=211,DC=100.168.192.in-a
... almost -
ldifde -f con: -d DC=211,DC=100.168.192.in-a
ldifde -f con: -d DC=211,DC=100.168.192.in-a
ASKER
C:\>ldifde -f con: -d DC=211,DC=100.168.192.in-a
Connecting to "ad1.hoffice.a1.org"
Logging in as current user using SSPI
Exporting directory to file con:
Searching for entries...
Writing out entries
No Entries found
The command has completed successfully
C:\>
Ok, 2nd and 3rd of 3 possible variations below, try each in turn and paste back -
ldifde -f con: -d DC=211.100,DC=168.192.in-a
ldifde -f con: -d DC=211.100.168,DC=192.in-a
ldifde -f con: -d DC=211.100,DC=168.192.in-a
ldifde -f con: -d DC=211.100.168,DC=192.in-a
ASKER
1st entry
difde -f con: -d DC=211.100,DC=168.192.in-a
Connecting to "ad1.hoffice.a1.org"
Logging in as current user using SSPI
Exporting directory to file con:
Searching for entries...
Writing out entries
No Entries found
The command has completed successfully
C:\>
2nd
ldifde -f con: -d DC=211.100.168,DC=192.in-a
Connecting to "ad1.hoffice.a1.org"
Logging in as current user using SSPI
Exporting directory to file con:
Searching for entries...
Writing out entries
No Entries found
The command has completed successfully
C:\>
difde -f con: -d DC=211.100,DC=168.192.in-a
Connecting to "ad1.hoffice.a1.org"
Logging in as current user using SSPI
Exporting directory to file con:
Searching for entries...
Writing out entries
No Entries found
The command has completed successfully
C:\>
2nd
ldifde -f con: -d DC=211.100.168,DC=192.in-a
Connecting to "ad1.hoffice.a1.org"
Logging in as current user using SSPI
Exporting directory to file con:
Searching for entries...
Writing out entries
No Entries found
The command has completed successfully
C:\>
That means that one bit or another of information that I'm basing these queries upon is incorrect. Let's determine if we've got the domain right -
ldifde -f con: -d CN=System,DC=acc301,dc=hof
... you should get this if all is as you've said -
C:\>ldifde -f con: -d CN=System,dc=mset,dc=local
Connecting to "flipper.mset.local"
Logging in as current user using SSPI
Exporting directory to file con:
Searching for entries...
Writing out entries.dn: CN=System,dc=mset,dc=local
changetype: add
objectClass: top
objectClass: container
cn: System
description: Builtin system settings
distinguishedName: CN=System,DC=mset,DC=local
instanceType: 4
whenCreated: 20020605151157.0Z
whenChanged: 20070717195001.0Z
uSNCreated: 7503
uSNChanged: 7503
showInAdvancedViewOnly: TRUE
name: System
objectGUID:: 0hKMh6WEZUKjGAwX67KsUA==
systemFlags: -1946157056
objectCategory: CN=Container,CN=Schema,CN=
isCriticalSystemObject: TRUE
1 entries exported
The command has completed successfully
--
PS - Did you delete anything else from the DNS Manager?
ldifde -f con: -d CN=System,DC=acc301,dc=hof
... you should get this if all is as you've said -
C:\>ldifde -f con: -d CN=System,dc=mset,dc=local
Connecting to "flipper.mset.local"
Logging in as current user using SSPI
Exporting directory to file con:
Searching for entries...
Writing out entries.dn: CN=System,dc=mset,dc=local
changetype: add
objectClass: top
objectClass: container
cn: System
description: Builtin system settings
distinguishedName: CN=System,DC=mset,DC=local
instanceType: 4
whenCreated: 20020605151157.0Z
whenChanged: 20070717195001.0Z
uSNCreated: 7503
uSNChanged: 7503
showInAdvancedViewOnly: TRUE
name: System
objectGUID:: 0hKMh6WEZUKjGAwX67KsUA==
systemFlags: -1946157056
objectCategory: CN=Container,CN=Schema,CN=
isCriticalSystemObject: TRUE
1 entries exported
The command has completed successfully
--
PS - Did you delete anything else from the DNS Manager?
ASKER
I ran the command
ldifde -f con: -d CN=System,DC=acc301,dc=hof
Connecting to "ad1.hoffice.a1.org"
Logging in as current user using SSPI
Exporting directory to file con:
Searching for entries...
Writing out entries
No Entries found
The command has completed successfully
C:\>
All i did was delete the entry from the forward lookup zone. But i can't get rid of the record from the reserve zone
ldifde -f con: -d CN=System,DC=acc301,dc=hof
Connecting to "ad1.hoffice.a1.org"
Logging in as current user using SSPI
Exporting directory to file con:
Searching for entries...
Writing out entries
No Entries found
The command has completed successfully
C:\>
All i did was delete the entry from the forward lookup zone. But i can't get rid of the record from the reserve zone
Then the domain name you provided is not correct, what's the DC name? In addition, run this from the command shell -
net config workstation
... and paste back.
net config workstation
... and paste back.
Are you positive the DNS zone configuration you gave me was for the Reverse Lookup zone not the Forward Lookup zone?
ASKER
oh i gave you the forward and not the reserver before. The zone configure for the reserve is
to all dns servers in the active directory domain hoffice.a1.org
C:\>net config workstation
Computer name \\aac10X
Full Computer name aac10x.hoffice.a1.org
User name netadmin
Workstation active on
NetbiosSmb (000000000000)
NetBT_Tcpip_{7568B7C8-73B8
Software version Windows 2002
Workstation domain a1
Workstation Domain DNS Name hoffice.a1.org
Logon domain a1
COM Open Timeout (sec) 0
COM Send Count (byte) 16
COM Send Timeout (msec) 250
The command completed successfully.
X:\>
to all dns servers in the active directory domain hoffice.a1.org
C:\>net config workstation
Computer name \\aac10X
Full Computer name aac10x.hoffice.a1.org
User name netadmin
Workstation active on
NetbiosSmb (000000000000)
NetBT_Tcpip_{7568B7C8-73B8
Software version Windows 2002
Workstation domain a1
Workstation Domain DNS Name hoffice.a1.org
Logon domain a1
COM Open Timeout (sec) 0
COM Send Count (byte) 16
COM Send Timeout (msec) 250
The command completed successfully.
X:\>
Oh dear ... I'm sighing right now ;0) hehe ...
OK, so we need to start again and use a different approach to expedite this.
1. When logged on as a Domain Admin, run a Command Prompt
- do this on a DC if possible since the tools I'm using are more likely to be there
2. Type this on one line -
dsrm DC=211,DC=100.168.192.in-a
3. Go to the DNS Manager
4. Select and then right click the reverse lookup zone we're having problems with
5. Select 'Reload'
- if you receive an error indicating that the zone is locked, you can either:
a. be patient and try again in a few minutes
b. restart the DNS server and verify the record is gone
OK, so we need to start again and use a different approach to expedite this.
1. When logged on as a Domain Admin, run a Command Prompt
- do this on a DC if possible since the tools I'm using are more likely to be there
2. Type this on one line -
dsrm DC=211,DC=100.168.192.in-a
3. Go to the DNS Manager
4. Select and then right click the reverse lookup zone we're having problems with
5. Select 'Reload'
- if you receive an error indicating that the zone is locked, you can either:
a. be patient and try again in a few minutes
b. restart the DNS server and verify the record is gone
Ooops, hold on ... just noticed an error on my both my part and yours. My syntax is incorrect, the command WOULD be as follows if the domain were named as we thought -
<SYNTAX VALID BUT DN STILL INCORRECT>
dsrm DC=211,DC=100.168.192.in-a
</SYNTAX>
... here's the correct one that you should run. Note that the name of the domain does not include the name of the DC itself. Based on the text you pasted from 'net config workstation', your domain is named 'hoffice.a1.org' not 'acc301.hoffice.a1.org'
dsrm DC=211,DC=100.168.192.in-a
<SYNTAX VALID BUT DN STILL INCORRECT>
dsrm DC=211,DC=100.168.192.in-a
</SYNTAX>
... here's the correct one that you should run. Note that the name of the domain does not include the name of the DC itself. Based on the text you pasted from 'net config workstation', your domain is named 'hoffice.a1.org' not 'acc301.hoffice.a1.org'
dsrm DC=211,DC=100.168.192.in-a
ASKER
the dsrm does not work returns an error
ASKER
dsrm DC=211,DC=100.168.192.in-a
dsrm /? for help
dsrm /? for help
Where did you run that command?
What OS and service pack are installed?
Finally, retry the variations on the IP address syntax I supplied earlier remembering to use the suffix that we now believe correct.
What OS and service pack are installed?
Finally, retry the variations on the IP address syntax I supplied earlier remembering to use the suffix that we now believe correct.
ASKER
windows 2003 sp1
okay i'll try them again
okay i'll try them again
Have you given up? :)
ASKER
The command worked and it asked if i wanted to delete. I said yes and it returned a dsrm succeeded.
But when i look into DNSmgmt, the entries are still there.
But when i look into DNSmgmt, the entries are still there.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Man you are awesome, thanks for all the help, you deserve more than 500 points. Shame i can't go any higher
Hehe -- thanks for the kind words. Glad it finally worked out ;0)
1 Remove from the DNS Manager
2 Go to the \system32\DNS and look for the entry you deleted. (Should be a text file) Delete the entry via notpad.
3 Restart the DNS Service. or restart the server (Prefered)
If you just remove the entry via DNS Manager after a reboot the system will just restore it from System32/DNS
Regards
Steve