• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 521
  • Last Modified:

I accidently scavenged DNS Records

I did a bad thing.  I hit the scavenge stale records in DNS and virtually everything is gone, except for what I manually entered - which isn't much.   DHCP is set to always register.  Will DNS rebuild with what I currently have on the network?  How long will it take.  I can't connect to any of my DHCP clients using my remote connection software or Remote Desktop.  I am feeling like a total idiot right now.
0
PellaEE
Asked:
PellaEE
  • 4
  • 4
1 Solution
 
Chris DentPowerShell DeveloperCommented:

Yes, it will rebuild.

What did you set the No-Refresh and Refresh Intervals to? They must have been exceptionally short to wipe out everything.

For client PCs when DHCP is updating, the record will register or refresh when:

1. The Lease is first assigned by the DHCP server.
2. The lease is half way through (4 days for the default 8 day lease).
3. When the client runs "ipconfig /release" and "ipconfig /renew"

For servers (including Domain Controllers):

No more than 24 hours, can be forced by running "ipconfig /registerdns".

On DCs restart the NetLogon Service to force Service Records to register.

Chris
0
 
PellaEEAuthor Commented:
I didn't set up scavenging.  I hit the scavenge stale records now option.  Big mistake.  However, I did release renew the address on my own PC.  I even rejoined the domain and rebooted - it still doesn't appear in the DNS listing.  I will let it rebuild through the weekend and see what it looks like on Monday.
0
 
Chris DentPowerShell DeveloperCommented:

Okay, but someone must have for that to actually do anything. If it wasn't enabled at all the command wouldn't make any changes.

Can you check the Aging intervals anyway? Prevent something like this happening again? They're set under the Properties for your Forward Lookup Zone (e.g. domain.com), under the Aging button.

It would also be worth verifying that the zone permits Dynamic Updates, and that your clients all refer to that DNS server in TCP/IP configuration.

Chris
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
PellaEEAuthor Commented:
I closed things out too soon.  When I checked DNS, nothing had rebuilt.  I had to set updates to Secure and UnSecure before anything would show up.  The zone is set to accept dynamic updates.  I told my computer to registerdns and then it appeared after changing to include unsecure updates.  

The scavenging interval was set at 7 days.  I turned it off.  
0
 
Chris DentPowerShell DeveloperCommented:

I would worry that you need to reduce the security on updates to permit non-secure. That suggests you have an authentication problem within the domain.

Chris
0
 
PellaEEAuthor Commented:
Could you elaborate on that?  What kind of authentication problem?  Where and for what would I look?
0
 
Chris DentPowerShell DeveloperCommented:

Secure updates are allowed because of Kerberos authentication. If the system  fails to properly authenticate then the update will fail.

That gives us a few things to check.

1. System time. All systems on the network should have time within 5 minutes of the Domain Controller (allowing for adjustment because of Time Zones).

2. Event Logs for any authentication errors (probably logs to System log)

3. DCDiag should flag if the system is suffering

Chris
0
 
PellaEEAuthor Commented:
I ran DCDiag.  All tests passed.  No errors in the system log.  However, in the Security log there seems to be issues.  What kind I can't tell.  God, what I mess I inherited.  Anyway Failure audits on  Event ID's 672 and 680 a lot of them.  However, 672 has no user ID, and the client address is the loopback 127.0.0.1 - which I assume is the server itself.  The Service name is krbtgt/domainname - which is kerberos correct?  Account name is administrator. ????  680 has the logon account of administrator with the server as the source workstation and error code 0xc0000064 - which is no such account - which would be correct.  I have no account named administrator.  The domain admin account has been renamed.  I seemed to have opened a whole nother can of worms here.  Sorry for the continuance.
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now