Missing DNS data


I have an issue within our DNS where data has been removed from the forward lookup zone; unfortunately I don’t know what has been removed as so I am unable to put it back. Is there anyway of looking at what was configured before this data was deleted. Can I get this from a backup of the files in the system32\DNS folder I don’t really want to have to restore the DC from backup, but if this is the only way then so be it. Hoping someone can save my sorry ass.

Thanks guys

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

So you're running Windows DNS?

I would consider restoring your backup to an isolated virtual machine and performing an export of DNS for the static entries.  Much of the DNS config for Active Directory is "dynamic" and managed by the domain controllers.  You should only need to worry about the "static" records that were manually created.  I guess you don't have documentation on what these were?

You could also setup a network capture on the DNS server and look at the incoming records.  Clients will continue to request records even if they don't exist.  You can then do some detective work and figure out what those records should point to and recreate them.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Glen KnightCommented:
What do you think has been removed?
Most clients will update their own records if they are missing.  The only items that will not update themselves are static entries you may have added manually?

There's a file in c:\winnt\system32\dns. If you are lucky then there will a file name something like domainblabla.dns

If there's nothing there, then you are running DNS as AD Integrated. In this mode, then only way to recover your DNS is to perform a System State restore (provided you did the System State backup lately)

Good Luck!
sim-yAuthor Commented:
Thanks guys, yeah it is Windows DNS. I am new to this organisation so I don’t know how things were configured and there has been no documentation done within the last 10 years (real helpful). I will do a restore to another box and look at the config. And then document it.....

"mail.domain.com.au" is not working; I can telnet to it internally but not externally. Thankfully we have a backup that still works. Who ever set this up has done it in a really convoluted way and it just makes no sense.

Thanks again guys.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.