HELP DNS entry not deleting even if i manually do it

In my DNS server I got one entry in the reserve lookup zone has the wrong IP of a local workstation. And one entry that's points to the correct IP address.

And no matter how many times I try to delete the bad entry it's not going away. The entry keeps bouncing back over and over again. I checked the forward lookup zone and the bad entry is not there. I tried renaming the data field to another name (for the bad entry) and all does is create another entry using the same IP address. And when i try to delete both entries, the new on goes but the old one still bounces back.





iamuserAsked:
Who is Participating?
 
MSE-dwellsCommented:
Nod, per one of my earlier posts, you'll now need to reload the zone by right clicking it.  If the 'locked' error occurs, you can either wait or restart the DNS service.
0
 
Stephen MandersonSoftware EngineerCommented:
Hi theres another thing you have to do.

1 Remove  from the DNS Manager
2 Go to the \system32\DNS and look for the entry you deleted. (Should be a text file) Delete the entry via notpad.
3 Restart the DNS Service. or restart the server (Prefered)

If you just remove the entry via DNS Manager after a reboot the system will just restore it from System32/DNS

Regards
Steve
0
 
iamuserAuthor Commented:
I'm in that folder and all i see are the following

Backup - folder
Sample - folder
Cache.dns - file

Opening Cache.dns shows me "Initial cache data for root domain servers."

The backup folder has a DNS.LOG and mydomainname.dns file, both does not contain the bad entry

The sample folder has nothing useful

0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
MSE-dwellsCommented:
I've experienced this myself.  There's an issue with the deletion mechanism through the DNS Manager ... are you familiar with the process of deleting it using say LDP or ADSIEDIT.MSC?
0
 
iamuserAuthor Commented:
never used LDP or ADSIEDIT

How would i go about doing this?
0
 
MSE-dwellsCommented:
Please first confirm that the zone is indeed Active Directory integrated (an earlier assumption on my part)?  If so, provide the zone configuration please.
0
 
iamuserAuthor Commented:
DNS server is also the the DC, where do i get the zone configuration from?

0
 
MSE-dwellsCommented:
The DNS Manager --> expand Forward lookup zones --> select (left click) the zone --> right click the zone --> select properties --> what is the type?  If AD-integrated, click the 'Change' button below and provide the text from the selected radio button

In addition, I'll need the FQDN of the offending PTR entry (feel free to change the top-level suffixes as you see fit, I merely need some context in order to provide a specific response).
0
 
iamuserAuthor Commented:
Selected radio button is primary zone, text is =  store a copy of the zone that can be updated directly

the FQDN of the offending PTR entry is = acc301.acct.hoffice.com

Oh i have mutiplie subnets so that above is in the 100 subnet if that makes any difference
0
 
MSE-dwellsCommented:
Close :0) ... but I needed the 'Change' button below that one (if highlighted) because the term 'Primary' by itself is ambiguous in this context.

Regarding the FQDN: poorly quantified on my part - I need to know the full DNS name of the entry (which is a PTR record) that you can't delete (it should end in .in-addr.arpa)
0
 
iamuserAuthor Commented:
right click the zone --> select properties --> what is the type?  If AD-integrated, click the 'Change' button below and provide the text from the selected radio button

below the "type" is "replication" and clicking on the change button gives me

to all domain controllers in the active directory domain acc301.hoffice.com
 
FQDN = 211.100.168.192.in-addr.arpa
hostname = acc301.acct.hoffice.com
0
 
MSE-dwellsCommented:
Run Active Directory Users and Computers
Select View --> Advanced Features
Expand the domain
Expand System
Expand Microsoft DNS
Expand (probably) 100.168.192.in-addr.arpa
  - if not that exact name, it may be listed as 168.192.in-addr.arpa
    - if so, expand 100
  - repeat and re-apply the same principle if only 192.in-addr.arpa is listed
Select the dnsNode entry labelled '211' in the right pane
right click it and select 'Delete'
Try reloading the zone in the DNS Manager (right click --> reload)
  - if you receive an error indicating that the zone is locked, you can either:
    1. be patient and try again in a few minutes
    2. restart the DNS server and verify the record is gone


0
 
iamuserAuthor Commented:
Expand Microsoft DNS
Expand (probably) 100.168.192.in-addr.arpa
  - if not that exact name, it may be listed as 168.192.in-addr.arpa
    - if so, expand 100

when i'm in Microsoft DNS all i can see are the hostnames of each machine. It does not list any in-addr.arpa address

Only time i can see them is when i'm in DNS manager
0
 
MSE-dwellsCommented:
Per the information you supplied when you said "to all domain controllers in the active directory domain acc301.hoffice.com", they have to be in that container since it's the only location within a domain partition under which AD-integrated DNS zones are maintained.  I have since successfully conducted the steps verbatim myself on a Windows 2003 SP1 Domain Controller and am happy with their accuracy.

Perhaps this is a larger implementation than I'd inferred?  How many seats are we talking about within this domain?

0
 
iamuserAuthor Commented:
over 400 seats
0
 
MSE-dwellsCommented:
This is just a hip-shot but try increasing the view filter's object-display limit in AD U&C by selecting View --> Filter options and increment the value (defaults to 2000) by 1000 until you believe you've reached a number deem high enough to catch every DNS entry within the zone.
0
 
iamuserAuthor Commented:
I went up as high as 10,000 and nothing.

Here's the thing, once i expand Expand Microsoft DNS, I see my FQDN name. I expand iinto that and i see 2 columns. One with Name and other type. Type is dnsnode. And name is jsut computer names. There is nothing else in here.



0
 
MSE-dwellsCommented:
How many DCs?
0
 
MSE-dwellsCommented:
... and how many domains in the Forest?
0
 
iamuserAuthor Commented:
2 DC and 1 domain. The one i am on is the main domain or is the backup
0
 
iamuserAuthor Commented:
other is a backup i mean
0
 
MSE-dwellsCommented:
Ensure you're logged on as a Domain Admin, run a Command shell and enter this command  (it should be on one line) -

ldifde -f con: -d DC=211,DC=100.168.192.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=acc301,dc=hoffice,dc=com

Copy the results out of the window and paste them back here ...
0
 
iamuserAuthor Commented:
actually it's FQDN is acc301.hoffice.a1.org


so is it ldifde -f con: -d DC=211,DC=100.168.192.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=acc301,dc=hoffice,dc=a1,dc=com
0
 
MSE-dwellsCommented:
... almost -

ldifde -f con: -d DC=211,DC=100.168.192.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=acc301,dc=hoffice,dc=a1,dc=org
0
 
iamuserAuthor Commented:

C:\>ldifde -f con: -d DC=211,DC=100.168.192.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=acc301,dc=hoffice,dc=a1,dc=org

Connecting to "ad1.hoffice.a1.org"
Logging in as current user using SSPI
Exporting directory to file con:
Searching for entries...

Writing out entries
No Entries found

The command has completed successfully

C:\>
0
 
MSE-dwellsCommented:
Ok, 2nd and 3rd of 3 possible variations below, try each in turn and paste back -

ldifde -f con: -d DC=211.100,DC=168.192.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=acc301,dc=hoffice,dc=a1,dc=com


ldifde -f con: -d DC=211.100.168,DC=192.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=acc301,dc=hoffice,dc=a1,dc=com

0
 
iamuserAuthor Commented:
1st entry

difde -f con: -d DC=211.100,DC=168.192.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=acc301,dc=hoffice,dc=a1,dc=org

Connecting to "ad1.hoffice.a1.org"
Logging in as current user using SSPI
Exporting directory to file con:
Searching for entries...

Writing out entries
No Entries found

The command has completed successfully

C:\>

2nd
ldifde -f con: -d DC=211.100.168,DC=192.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=acc301,dc=hoffice,dc=a1,dc=org

Connecting to "ad1.hoffice.a1.org"
Logging in as current user using SSPI
Exporting directory to file con:
Searching for entries...

Writing out entries
No Entries found

The command has completed successfully

C:\>
0
 
MSE-dwellsCommented:
That means that one bit or another of information that I'm basing these queries upon is incorrect.  Let's determine if we've got the domain right -


ldifde -f con: -d CN=System,DC=acc301,dc=hoffice,dc=a1,dc=com -p base

... you should get this if all is as you've said -

C:\>ldifde -f con: -d CN=System,dc=mset,dc=local -p base
Connecting to "flipper.mset.local"
Logging in as current user using SSPI
Exporting directory to file con:
Searching for entries...

Writing out entries.dn: CN=System,dc=mset,dc=local
changetype: add
objectClass: top
objectClass: container
cn: System
description: Builtin system settings
distinguishedName: CN=System,DC=mset,DC=local
instanceType: 4
whenCreated: 20020605151157.0Z
whenChanged: 20070717195001.0Z
uSNCreated: 7503
uSNChanged: 7503
showInAdvancedViewOnly: TRUE
name: System
objectGUID:: 0hKMh6WEZUKjGAwX67KsUA==
systemFlags: -1946157056
objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=mset,DC=local
isCriticalSystemObject: TRUE


1 entries exported

The command has completed successfully
--

PS - Did you delete anything else from the DNS Manager?

0
 
iamuserAuthor Commented:
I ran the command

ldifde -f con: -d CN=System,DC=acc301,dc=hoffice,dc=a1,dc=com -p base

Connecting to "ad1.hoffice.a1.org"
Logging in as current user using SSPI
Exporting directory to file con:
Searching for entries...

Writing out entries
No Entries found

The command has completed successfully

C:\>

All i did was delete the entry from the forward lookup zone. But i can't get rid of the record from the reserve zone

0
 
MSE-dwellsCommented:
Then the domain name you provided is not correct, what's the DC name?  In addition, run this from the command shell -

net config workstation

... and paste back.
0
 
MSE-dwellsCommented:
Are you positive the DNS zone configuration you gave me was for the Reverse Lookup zone not the Forward Lookup zone?
0
 
iamuserAuthor Commented:
oh i gave you the forward and not the reserver before. The zone configure for the reserve is

to all dns servers in the active directory domain hoffice.a1.org


C:\>net config workstation
Computer name                        \\aac10X
Full Computer name                   aac10x.hoffice.a1.org
User name                            netadmin

Workstation active on
        NetbiosSmb (000000000000)
        NetBT_Tcpip_{7568B7C8-73B8-4B90-A801-231BCE4E6905} (000F2075B351)

Software version                     Windows 2002

Workstation domain                   a1
Workstation Domain DNS Name          hoffice.a1.org
Logon domain                         a1

COM Open Timeout (sec)               0
COM Send Count (byte)                16
COM Send Timeout (msec)              250
The command completed successfully.


X:\>
0
 
MSE-dwellsCommented:
Oh dear ... I'm sighing right now ;0) hehe ...

OK, so we need to start again and use a different approach to expedite this.

1. When logged on as a Domain Admin, run a Command Prompt
  - do this on a DC if possible since the tools I'm using are more likely to be there

2. Type this on one line -

dsrm DC=211,DC=100.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=DC=acc301,dc=hoffice,dc=a1,dc=com

3. Go to the DNS Manager

4. Select and then right click the reverse lookup zone we're having problems with

5. Select 'Reload'
  - if you receive an error indicating that the zone is locked, you can either:
      a. be patient and try again in a few minutes
      b. restart the DNS server and verify the record is gone
0
 
MSE-dwellsCommented:
Ooops, hold on ... just noticed an error on my both my part and yours.  My syntax is incorrect, the command WOULD be as follows if the domain were named as we thought -

<SYNTAX VALID BUT DN STILL INCORRECT>
dsrm DC=211,DC=100.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=acc301,dc=hoffice,dc=a1,dc=org
</SYNTAX>

... here's the correct one that you should run.  Note that the name of the domain does not include the name of the DC itself.  Based on the text you pasted from 'net config workstation', your domain is named 'hoffice.a1.org' not 'acc301.hoffice.a1.org'

dsrm DC=211,DC=100.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,dc=hoffice,dc=a1,dc=org

0
 
iamuserAuthor Commented:
the dsrm does not work returns an error
0
 
iamuserAuthor Commented:
dsrm DC=211,DC=100.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,dc=hoffice,dc=a1,dc=org:directory not found

dsrm /? for help
0
 
MSE-dwellsCommented:
Where did you run that command?
What OS and service pack are installed?

Finally, retry the variations on the IP address syntax I supplied earlier remembering to use the suffix that we  now believe correct.
0
 
iamuserAuthor Commented:
windows 2003 sp1

okay i'll try them again
0
 
MSE-dwellsCommented:
Have you given up? :)
0
 
iamuserAuthor Commented:
The command worked and it asked if i wanted to delete. I said yes and it returned a dsrm succeeded.

But when i look into DNSmgmt, the entries are still there.
0
 
iamuserAuthor Commented:
Man you are awesome, thanks for all the help, you deserve more than 500 points. Shame i can't go any higher
0
 
MSE-dwellsCommented:
Hehe -- thanks for the kind words.  Glad it finally worked out ;0)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.