Static / Fixed DNS A record

Hi All,

Is there a way to create a fixed DNS A record? We're using an A record for our corporate portal. But it seems like there are devices that overwrites the A record.

Who is Participating?
"      07-05-2006
In 2003 when you create a new host record there is a check box to "Allow any
authenticated user to update DNS records with the same owner name." Don't
check that and only manual updates work. Even the host can't change it, so
beware if you change the ip address the record won't be changed for you.
There is a group (I believe it is the DNSUpdateProxy group) that if you
belong to you can change the records.

Which is from here:

More info:
It could be that the IP address is available as part of a DHCP scope. If the DHCP server does not have conflict detection turned on, it will just assign the address. The host taking this address will then update DNS with its details. This may also be causing you problems with hosts with conflicting IP addresses.

The simplest solution to this is to find the DHCP server allocating the address and add the address as an exclusion and/or turn on conflict detection.

tanskieAuthor Commented:
Thanks Draxonic. Yes the client's ip trying to overwrite the dns a record is on a dhcp scope. However, I think the solution that you mentioned is only temporary. If it gets another IP, it will automatically replace the A record.
What I'm looking for is how to lock the A record's IP.
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Just add a DHCP reservation for that IP address and your server's network card MAC address. That way even if your server is not using DHCP, DHCP won't hand that IP address to any other machines
If the host that is taking the IP address gets a different IP, it will create a DNS entry with the different IP, allowing the corporate portal to keep its own record for that IP address.

You can either add it as an exclusion or add a reservation as MegaNuk3 suggests above. Either one should work. You can then add your A record for your corporate portal and you should be good.

If you have aging and scavenging turned on, you will also want to ensure the record does not expire.
tanskieAuthor Commented:
@MegaNuk3: the ip address intended for the portal server is not on any dhcp scope because it's a server and we don't have dhcp scopes for our servers.  Also, the rogue device is on a different subnet. I can't reserve an IP of that device because it keeps transferring to another location which is on a different subnet. right now, we asked our network guys to block the mac address of the device. but what if it will transfer to another location, we can't just block or reserve him a different ip everytime it transfers. another challenge is that we cannot remotely manage the device because all of its ports are filtered and it's not found on the domain computers, so it's probably  not joined to the domain.

@Draxonic: somehow, the rogue device with the same name as with our portal did not create a different record on the DNS. It keeps replacing the ip of the portal's A record. I also searched on the domain for the hostname but it did not return any result. Is it possible that a device not joined to the domain can be registered on the DNS?
Can you do an ipconfig /all on your server and ensure it is not showing as having another IP address associated with it which keeps overwriting your DNS?

Have you tried
Net view \\<ip address>

Nbtstat -A <Ip address>

To see if they show any useful
Information as to what the other machine is
tanskieAuthor Commented:
@MegaNu3: those commands won't work because the device is unreachable. however, when i ran nmap -P0 the result shows that the device is up. I then tried nmap -P0 -O to check the OS, but it wasnt able to detect the OS because there were too many fingerprints detected.

We got the machine's MAC from the DHCP server. We then asked our network guys to block it from the network and we traced the device. We found the device and renamed it.

My problem is how do we prevent this from happening again? Is there a way to lock a DNS record?
tanskieAuthor Commented:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.