Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

DNS EventID: 4010

Posted on 2010-09-09
15
Medium Priority
?
1,653 Views
Last Modified: 2012-06-27
The event ID states:
The DNS server cannot update resource record for x.x.x.x in-adda.arpa in zone x.in-adda.arpa
The active directory information of this resource record is corrupt or contains an invalid DNS name. The event data contains this error: 0000: 0000007b

So far what I have done was deleted the reverse zone, waited for replication, and recreated and even restarted the service with the zone deleted and continued to get this error. It's many many records in the zone that is doing this.

I cannot find the IP x.x.x.x that the error references or find the host records in DNS. They are not there however, the IP does ping but I cannot RDP to it.

What could cause this and how can I make the error go away. It's been like this for weeks.

Thanks
0
Comment
Question by:snyderkv
  • 7
  • 2
  • 2
  • +1
12 Comments
 
LVL 13

Assisted Solution

by:NarendraG
NarendraG earned 80 total points
ID: 33634160
0
 
LVL 9

Expert Comment

by:Chev_PCN
ID: 33634282
Has anything in your environment changed recently? e.g. addition or removal of DNS servers?
Have you checked to ensure the settings on all ther servers ITO dynamic updates, zone transfers, etc, are consistent?
If you have recently removed a DNS server, have you done a metadata cleanup or used ADSI edit to remove the legacy objects?
Are your DNS servers all on the same OS, or do you have a mix of 2003 / 2008? What is your functional domain level?
Are you allowing non-secure updates from other domains?

Try doing a full DNS cache flush if you delete the invalid records.
0
 

Author Comment

by:snyderkv
ID: 33635388
NarendraG:

I did mention that the records don't exist in DNS so I can't use that article to delete the records.

Chev, replication is fine, no metadata necessary. All reverse zones are setup the same, to replicate throughout the domain, AD Integrated and secure only update.

Since all the hosts in the event IDs don't exist in DNS but are pingable, do you think maybe these devices are trying to update their records but don't have permissions to? Not sure what to try knowing that deleting the zone doesn't fix the problem.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 

Author Comment

by:snyderkv
ID: 33644273
I tried finding the records in Adsiedit but lmiits the amount of records you can see, so I used LDP but the host names don't show the IP (since I don't have host names) so I can't determine if they are stuck in the system or not.

Any ideas?
0
 
LVL 9

Expert Comment

by:Chev_PCN
ID: 33644306
How big is your organisation?  How many static DNS records do you have?
If this is causing major headaches, it might be worth considering deleting and re-creating the fwd lookup zone. (After taking a PIT backup of course!)

Again, the question of "what changed" is still very relevent. Did you do any patching just before this started? Do you have an OS or patch level mis-match?
You could try getting all the servers up to the latest SP / patch level.
0
 

Author Comment

by:snyderkv
ID: 33644653
1)Nothing changed that I know of
2)WSUS/SMS patches everything all the time but they don't all reboot at the same time.
3)No OS mismatch | patch level mismatch is possible but I only see this cause issues with exchange front-end back-end OWA stuff.
4) Getting every DC to the same level and rebooted would take days. How could a bad patch or mismatch cause particular records within one particular reverse zone show 4010 errors? I doubt that would be a good first place to check.

I tried checking LDP but once you dig into the DomainDNSZones, I only see host records, not IPs, so I can't track Active Directory to see if their are bad records causing the errors. Am I doing something wrong?

Any ideas?
0
 

Author Comment

by:snyderkv
ID: 33682577
Some new information I got was that these systems that the event logs mention, are VoIP phones. I see no scopes for VoIP within DHCP. Is it possible the issue could have something to do with how they are trying to register in DNS?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 33724806

Bit late, sorry, had lots of studying to do.

> Some new information I got was that these systems that the event logs mention, are VoIP phones. I see no scopes
> for VoIP within DHCP. Is it possible the issue could have something to do with how they are trying to register in DNS?

How do those names appear in DHCP? If DHCP is pushing entries into DNS and those names contain invalid data it may get upset.

Chances are it's rejecting registration of the record.

Chris
0
 

Author Comment

by:snyderkv
ID: 33725920
Yup currently, DHCP registers those IPs and uses the VoIP host names which is the mac or registration number or something (don't know but it's automatic I think)

Anyways that how it works on a good system.

I'd like to keep this thread open until I get someone on the scopes in the remote site. Only problem is, they all quit.
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 120 total points
ID: 33725953

I wonder if it includes invalid characters in the name or something, it would explain why DNS is (potentially) rejecting registrations for those names.

The Event Log packet probably contains the data, but that'll be a little harder to pull apart.

Chris
0
 

Author Comment

by:snyderkv
ID: 33839023
I'm going to accept answers now and update it later when I figure it out.
0
 

Author Closing Comment

by:snyderkv
ID: 33839055
asdf
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question