We have an Active Directory-integrated domain to which we had previously added a TXT record to contain our SPF string. No problems at all.
We then changed our public IP addresses and needed a new SPF string. I created a new TXT record with then new SPF string and then deleted the old TXT record. All seemed fine.
We then started detecting random problems with remote servers rejecting our mail because our server's (new) IP address didn't match the SPF string the remote server was using. That is when we detected the presence of two TXT records in the domain.
Long story short - I cannot delete the old TXT record. I click on the record in the DNS management console, right-click and select delete. I confirm that I do want to delete. The main window at the right udpates to reflect the deletion (now only 1 [new] SPF TXT record present). I close the DNS management tool thinking I'm done.
Next time I open the tool I have 2 records again and the zone serial number has NOT changed.
I've tried updating the content of the first TXT record with the new SPF string. Again it appears to work (screen updates, displaying two records with the same contents) but same story - the next time I open the DNS management tool (or perform a NSLOOKUP) I get one old and one new TXT record.
I've tried pausing DNS on both DCs before deleting the records and then restarting after the deletion. Same story.
If I manually add (for example) an A record to this domain I can later delete it with no problem. This appears to be something to do with TXT records.
If this were a non-AD zone I would consider editing the .dns file directly. Unfortunately there is no .dns file with an AD-integrated zone.
Any suggestions on how to (really) get rid of this old TXT record once and for all?