Remove Static Reverse DNS Entries

We're running SBS 2008, migrated from SBS 2003, from Windows 2000.  DHCP leases look fine, DNS Forward addresses look fine with no duplicates.  

However Reverse DNS is a mess and getting messier.  There are a bunch of static entries from old PCs from way back.  I have scavenging turned on.  However, whenever I check the box to "delete when stale", go out of DNS Manager and back in, the box is unchecked.  Now I have multiple static duplicate IPs, and there is getting to be more and more each week.

What do I need to do to clean this up?

JNM
normajm400Asked:
Who is Participating?
 
Netman66Connect With a Mentor Commented:
As Chris is eluding to, you can safely delete the contents of that zone and the correct records should be added back automatically.

If you have non-dynamic dns client and server OSes, then those will need to be recreated manually.

0
 
Chris DentPowerShell DeveloperCommented:

It is possible to remove all of the static entries from the reverse lookup zone if that's something you'd like to do?

Chris
0
 
Chris DentPowerShell DeveloperCommented:

I was going for the scripting approach, but Netman66 is right, you can flatten the zone entirely and let it rebuild. If that's not possible / desirable then removing only the static records with a script isn't hard at all :)

Chris
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
giltjrCommented:
Not sure, but our server group has always told me that scavenging does not work for the reverse zone.  They finally turned of dynamically creating the PTR records because the zone was getting so messed up. One IP address with many, many host names, and the same host name related to many, many IP addresses.

The forward zones worked fine it was just the reverse zones they said had problems.

I agree with Netman66 and Chris, just wipe it out and it will rebuild.
0
 
normajm400Author Commented:
giltjr that is exactly my problem.  It is recommended in SBS documentation though to enable dynamic reverse entries so I'm not sure what to do there.

We do have static entries for servers, printers, and other networking devices, not so many though that manually creating them would be a problem.  

If I were to go the clean start, do I just delete the zone?  Do I need to stop and restart services, reboot server?  If so, in what order?

0
 
Netman66Commented:
No need to delete the entire zone, just the entries.  You should be able to select them all then delete them.

0
 
Chris DentPowerShell DeveloperCommented:

Good point, they added Statis / Timestamp as a column to the DNS console in 2008, sort by that and throw them out :)

Chris
0
 
giltjrCommented:
I have no clue why savaging does not work on the PTR records.  At least I am assuming it does not with number of problems/questions I have seen about it.


Doing what Netman66 and Chris-Dent have suggested may be your best and easiest bet.  Of course you will need to do this periodically, maybe 1 a month depending on your lease time.
0
 
normajm400Author Commented:
I have deleted the entries manually numerous times; they do not stay deleted.

I open the properties, select the check box delete when stale, click apply, click ok, close the properties, select the entery, select delete, say okay to the prompt. close DNS Manager, reopen and the entry is back with the delete with stale check box unselected.
0
 
Netman66Commented:
Don't change any of the scavenging options.  Simply delete the records themselves from the zone.

Replication should remove them from other DNS servers if it's working.

0
 
normajm400Author Commented:
We have only one DNS server.  Deleting the entries is Not working.  
0
 
Netman66Commented:
Are you logged in using an account with permissions to do this?

Delete and recreate the zone if you have to.  The new zone is a Primary, AD Integrated and should accept Secure dynamic updates.

0
 
normajm400Author Commented:
Yes, logged in with full permissions.
Will try the delete and recreate this weekend and post how it goes.
0
 
normajm400Author Commented:
Sorry, I wasn't able to get to this as planned.  It will have to wait early May.  Will post as soon as I'm able.
0
 
normajm400Author Commented:
I have not tried Netman's solution yet due to backlog and other emergencies.  I should be able to give this a try before the end of the month.  It may lead someone down the wrong path to say that is the solution when in fact it may not be or worse yet, cause a server outage.  Please allow another 21 days.
0
All Courses

From novice to tech pro — start learning today.