Wrong Name Server in DNS

Is there any way that i can remove a name server entry from the active directory ?
everytime i remove it on the DNS site it gets added in again (i guess because this site is an integrated active directory  domain)  when i switch it andf make it a primary dns instead of active directory controlled. Server 2008 complains about that this site has to be active directory to function probperly.
I have 2 public NS records in there and the server (active directory) adds another private IP in  which then gets revealed when i do a NS lookup...

So maybe there is a way to have this NS record removed from the AD so it then no longer writes its private IP  in there.   Thanks for your guys help in advance.  
Andreas-NYCAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

kumarnirmalCommented:
Hi

I hope you can do this select the zone first go to zone transfer tab and select to the option "only to the following servers" and type the ip address of the servers you want.

0
Chris DentPowerShell DeveloperCommented:

Reconfiguring Zone Transfers won't help at all.

Public DNS Zones should not be AD Integrated, nor should they allow Dynamic Updates. You lose control of the NS and SOA records as you've found.

Is the zone for the AD domain as well?

Chris
0
Andreas-NYCAuthor Commented:
I think so.  Bigapple. Is the domain and the server is svr. So the ns record that shows up is svr.bigapple.com
and it points to the internal ip of this server.  And on a nslookup it shows that nameserver as well. And it's internal ip.  Somehow all I need is to find a way remove this record from the ad.  
0
Redefine Your Security with AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Check out our on-demand webinar to learn more about how AI can help your organization!

Chris DentPowerShell DeveloperCommented:

If it's used for AD you really should move that onto a different DNS server. Mixing public and private zones is painful. The requirements AD places on the zone tend to conflict with the requirements for a public zone.

If it's not used for AD (doesn't have _msdcs and the like) then it can be fixed but I would still strongly recommend moving it to another DNS server.

To fix it...

1. Disable Dynamic Updates (if enabled)
2. Change the Zone Type, remove the tick from Store in Active Directory
3. Head to the zone file in %SystemRoot%\System32\DNS and fix the NS and SOA records then increment the Serial Number in the SOA
4. Reload the zone in the DNS Console

Chris
0
Andreas-NYCAuthor Commented:
I had the same problem on my 2003 server. All I did was turn off ad in the DNs of that domain.  The server had no problem doing that.  But now 2008 server cries when I do that.  All I need is one record removed.  I can't switch to another server neither a DNS server.  The one I use is on the one I use is on the same svr.  
0
Chris DentPowerShell DeveloperCommented:

If the zone is for your AD domain I can't blame it for becoming upset. That shouldn't stop it working though or does it? You could just ignore it's complaint.

Chris
0
Andreas-NYCAuthor Commented:
If rather find a way to change it where this record is coming from. If the active directory adds this automatically.  Can I not use a tool to change it there and remove it. The server only answered to outside requests. No internal ns needed. When I remove it it gets added again after a few minutes.  Turning ad of on there just because of one entry seems an overkill.  Nothing to change it at the root itself ?
0
Chris DentPowerShell DeveloperCommented:

Fair enough, give this a shot then:

DNSCMD YourServer /Config /DisableNSRecordsAutocreation 1

That should stop it.

Chris
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Andreas-NYCAuthor Commented:
I assume that's in powershell ?
0
Chris DentPowerShell DeveloperCommented:

Nope, DNSCMD is one of the support tools, just a regular DOS command as long as you have that installed. It sets an entry in the registry for you.

Chris
0
Andreas-NYCAuthor Commented:
It will leave the othe ns entries intact ?
0
Chris DentPowerShell DeveloperCommented:

Yep, it just turns off automatic creation. You may have to restart the DNS server service after changing it, I forget if it reads the setting immediately nor not.

Chris
0
Andreas-NYCAuthor Commented:
Thanks chris.  Will try in a few minutes
0
Andreas-NYCAuthor Commented:
Yep this worked...  thanks a bunch ... just noticed that the same AD also add a host (A) record Domain.com also with a internal IP ... not sure if that messes things up as well. IF wanted how could i remove that from autocreation as well ?
0
Andreas-NYCAuthor Commented:
The guy seems to know what he is doing. Thanks a bunch Chris
0
Chris DentPowerShell DeveloperCommented:

That one is (or should be) created by dynamic update. Does the zone allow that at the moment?

Chris
0
Andreas-NYCAuthor Commented:
yes... should it be turned off ?  i guess i'll try ...
0
Chris DentPowerShell DeveloperCommented:

It should for any public zone in my opinion.

It's going to be difficult to stop that one registering otherwise, it's one of the records created by NetLogon for AD. The set hide in %SystemRoot%\System32\config\netlogon.dns.

Chris
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.