DNS EventID: 4010

The event ID states:
The DNS server cannot update resource record for x.x.x.x in-adda.arpa in zone x.in-adda.arpa
The active directory information of this resource record is corrupt or contains an invalid DNS name. The event data contains this error: 0000: 0000007b

So far what I have done was deleted the reverse zone, waited for replication, and recreated and even restarted the service with the zone deleted and continued to get this error. It's many many records in the zone that is doing this.

I cannot find the IP x.x.x.x that the error references or find the host records in DNS. They are not there however, the IP does ping but I cannot RDP to it.

What could cause this and how can I make the error go away. It's been like this for weeks.

Thanks
snyderkvAsked:
Who is Participating?
 
Chris DentConnect With a Mentor PowerShell DeveloperCommented:

I wonder if it includes invalid characters in the name or something, it would explain why DNS is (potentially) rejecting registrations for those names.

The Event Log packet probably contains the data, but that'll be a little harder to pull apart.

Chris
0
 
Chev_PCNCommented:
Has anything in your environment changed recently? e.g. addition or removal of DNS servers?
Have you checked to ensure the settings on all ther servers ITO dynamic updates, zone transfers, etc, are consistent?
If you have recently removed a DNS server, have you done a metadata cleanup or used ADSI edit to remove the legacy objects?
Are your DNS servers all on the same OS, or do you have a mix of 2003 / 2008? What is your functional domain level?
Are you allowing non-secure updates from other domains?

Try doing a full DNS cache flush if you delete the invalid records.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
snyderkvAuthor Commented:
NarendraG:

I did mention that the records don't exist in DNS so I can't use that article to delete the records.

Chev, replication is fine, no metadata necessary. All reverse zones are setup the same, to replicate throughout the domain, AD Integrated and secure only update.

Since all the hosts in the event IDs don't exist in DNS but are pingable, do you think maybe these devices are trying to update their records but don't have permissions to? Not sure what to try knowing that deleting the zone doesn't fix the problem.
0
 
snyderkvAuthor Commented:
I tried finding the records in Adsiedit but lmiits the amount of records you can see, so I used LDP but the host names don't show the IP (since I don't have host names) so I can't determine if they are stuck in the system or not.

Any ideas?
0
 
Chev_PCNCommented:
How big is your organisation?  How many static DNS records do you have?
If this is causing major headaches, it might be worth considering deleting and re-creating the fwd lookup zone. (After taking a PIT backup of course!)

Again, the question of "what changed" is still very relevent. Did you do any patching just before this started? Do you have an OS or patch level mis-match?
You could try getting all the servers up to the latest SP / patch level.
0
 
snyderkvAuthor Commented:
1)Nothing changed that I know of
2)WSUS/SMS patches everything all the time but they don't all reboot at the same time.
3)No OS mismatch | patch level mismatch is possible but I only see this cause issues with exchange front-end back-end OWA stuff.
4) Getting every DC to the same level and rebooted would take days. How could a bad patch or mismatch cause particular records within one particular reverse zone show 4010 errors? I doubt that would be a good first place to check.

I tried checking LDP but once you dig into the DomainDNSZones, I only see host records, not IPs, so I can't track Active Directory to see if their are bad records causing the errors. Am I doing something wrong?

Any ideas?
0
 
snyderkvAuthor Commented:
Some new information I got was that these systems that the event logs mention, are VoIP phones. I see no scopes for VoIP within DHCP. Is it possible the issue could have something to do with how they are trying to register in DNS?
0
 
Chris DentPowerShell DeveloperCommented:

Bit late, sorry, had lots of studying to do.

> Some new information I got was that these systems that the event logs mention, are VoIP phones. I see no scopes
> for VoIP within DHCP. Is it possible the issue could have something to do with how they are trying to register in DNS?

How do those names appear in DHCP? If DHCP is pushing entries into DNS and those names contain invalid data it may get upset.

Chances are it's rejecting registration of the record.

Chris
0
 
snyderkvAuthor Commented:
Yup currently, DHCP registers those IPs and uses the VoIP host names which is the mac or registration number or something (don't know but it's automatic I think)

Anyways that how it works on a good system.

I'd like to keep this thread open until I get someone on the scopes in the remote site. Only problem is, they all quit.
0
 
snyderkvAuthor Commented:
I'm going to accept answers now and update it later when I figure it out.
0
 
snyderkvAuthor Commented:
asdf
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.