Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

A and CNAME records are being deleted.

Posted on 2009-05-14
9
Medium Priority
?
553 Views
Last Modified: 2012-05-07
Hello,

We have 2 Server 2008 DNS servers that are pointing to each other for DNS. There are random records that are getting deleted or really assuming here that they are getting savaged. This leads me to believe that netlogon isn't refreshing the DNS records.

The A records are static and dynamic.

Zone is set for nonsecure and secure.

Scavenging is set to 7 days

Refresh interval is set to 1 hour.

These DNS/WINS servers are DC's.

Hope I didn't leave anything out.

Thanks!!!
0
Comment
Question by:WesterraCU
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
9 Comments
 
LVL 9

Expert Comment

by:gregcmcse
ID: 24388724
If your workstations are configured to register themselves in DNS, then they will unregister themselves when the workstation does a normal shutdown.
Is DHCP configured to register clients in DNS?
0
 

Author Comment

by:WesterraCU
ID: 24388778
No DHCP server does not register the clients DNS the clients register themselves.

What's strange is that the CNAME went missing, that's a static entry as well as other A records that we're static. I've also made sure that they do not have the box checked "Delete this record when it becomes stale" on the static records.
0
 
LVL 9

Expert Comment

by:gregcmcse
ID: 24389023
The CName is strange, you're right.  Unless some client is registering itself with that name.
How is DNS set up, AD Integrated?  Pointing a DNS server to another DNS server isn't the best idea, but it shouldn't cause the problems you're seeing.
Does your DNS do WINS lookups?  If so, is it possible some user has a username that is the same as the CNAME records?
Also, how are you determining that the records are missing?  Are you using NSLookup or the GUI?  Try NSLOOKUP if they're missing in the GUI -- it may just be a display issue.
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:WesterraCU
ID: 24389111
Yes DNS is AD intergrated.

I used to always point DNS servers to themselves but we recently had a consultant come in for a AD migration project and  he had explained that doing so isolates themselves like an island. Could you explain which is better and why. I've Googled this but get such mixed reviews.

DNS and WINS are both running and running on the same servers. How would I know if DNS is doing WINS lookups.

No username with the same name as the server.

This was determined an issue due to our 3rd party apps that rely on our DNS server for resolution and once the record was gone it caused many issues. Didn't check nslookup but we had multiple calls on issues and noticed record was gone from both DNS servers.
0
 

Author Comment

by:WesterraCU
ID: 24389160
I also ran a dcdiag /test:dns and came back with a few issues.

Thought this might help in the troubleshooting.

Thanks!!!



   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : TEST

   Running enterprise tests on : test.local
      Starting test: DNS
         Test results for domain controllers:

            DC: TESTDC01.test.local
            Domain: test.local


               TEST: Basic (Basc)
                  Warning: The AAAA record for this DC was not found

               TEST: Dynamic update (Dyn)
                  Warning: Failed to delete the test record _dcdiag_test_record
in zone test.local

               TEST: Records registration (RReg)
                  Network Adapter [00000013] BASP Virtual Adapter:
                     Warning:
                     Missing AAAA record at DNS server 192.168.X.XXX:
                     TESTDC01.test.local

                     Warning:
                     Missing AAAA record at DNS server 192.168.X.XXX:
                     gc._msdcs.test.local

                     Warning:
                     Missing AAAA record at DNS server 192.168.X.XXX:
                     TESTDC01.test.local

                     Warning:
                     Missing AAAA record at DNS server 192.168.X.XXX:
                     gc._msdcs.test.local

                     Warning:
                     Missing AAAA record at DNS server ::1:
                     TESTDC01.test.local

                     Warning:
                     Missing AAAA record at DNS server ::1:
                     gc._msdcs.test.local

               Warning: Record Registrations not found in some network adapters

               TESTDC01                      PASS WARN PASS PASS WARN WARN n/a
         ......................... test.local passed test DNS
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24389790

> Refresh interval is set to 1 hour.

Really?

Way way too short. Most records only refresh once every 24 hours.

Records added by DHCP only refresh at the start of the lease and at the renewal interval (half way through the lease).

Chris
0
 

Author Comment

by:WesterraCU
ID: 24390014
Chris - Do you think this could by why DHCP clients were not getting updated in DNS? This was a previous issue we had and the resolution was to set the clients to update their own DNS.

Also do you believe that extending the refresh interval would solve our issue here?
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 24390408

Without knowing more about it I'd say it would.

The minimum you should consider for the Refresh Interval is 24 hours. Longer is better as it allows room for mistakes.

If DHCP were updating for clients they would Refresh at intervals equal to half of the lease. For example, if the lease is 8 days, they refresh once every 4 days.

Chris
0
 

Author Closing Comment

by:WesterraCU
ID: 31581633
Chris - Thanks so much!! It's all so clear to me now. :) Our consultant changed this setting for a temp fix and never changed it back.

Thanks for everyone's responses.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question