Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

jacked up dns 'same as parent' host record

Posted on 2011-09-29
6
Medium Priority
?
816 Views
Last Modified: 2012-05-12
Why / How could there be a Host (A) record in a DNS zone with a name (same as parent folder) that has a data value of 10.10.5.0?

Environment is a single AD domain, DNS is integrated, multiple sites, multiple subnets for each site.
This happens to be a remote site that has 5 subnets.  One of which is 10.10.5.0.

Before just deleting it, we'd love to understand how it came to be and how MS DNS would allow a 'Host' record to be x.x.x.0.  Maybe that's common, never done it before.
0
Comment
Question by:AdaMich
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 42

Accepted Solution

by:
Adam Brown earned 1336 total points
ID: 36818515
MS DNS will let any IP address be a host record. If your subnet mask is 255.255.255.0 you are probably safe to delete it (assuming there is another Same as Parent IP that points to a Domain Controller). DNS doesn't limit the IP addresses that can be associated to hosts. Only the Subnet Mask does that, and DNS doesn't pay attention to Subnet Masks. For instance, a Server *can* be assigned an IP of 10.10.5.0 if it is on a subnet mask of 255.255.0.0 (or some other). The only reason you can't use 10.10.5.0 on a 255.255.255.0 subnet is because that host address is set aside as the Network ID.
0
 
LVL 42

Assisted Solution

by:Adam Brown
Adam Brown earned 1336 total points
ID: 36818521
Note that the entry may have been added erroneously by an admin at some point if the subnet mask is 255.255.255.0 on that subnet. Otherwise you should make sure you don't actually have a server on that IP address.
0
 

Author Comment

by:AdaMich
ID: 36818605
Yeah, each subnet has a /24 mask and no server on that particular network.  Just clients.
The 10.10.5.0  is the network ID, hence my suprise to see it listed as though we could use it in a query.
All the others are correct.

Thanks for the reminder on the host with ip ending in '0'...been using simple segmentation methods too long :)

I don't think it was an erroneous addition, and that is the part that concerns me.
I mean..it could have been, but if not, I'd like to know where it came from.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 42

Expert Comment

by:Adam Brown
ID: 36818612
hard to say where it came from without having audit information from when it was created. That's always one of the tricky parts of IT management :D
0
 
LVL 24

Assisted Solution

by:Sandeshdubey
Sandeshdubey earned 664 total points
ID: 36889997
It seems the dns records were change manually.If you have not applied then some other administrator
has done the same.For future process enable Audit Directory Service Access on the DC if it is not enabled.If any addition or deletion is done you can track the same. It will also audit the changes to Active Directory.

For e.g if Audit Directory Service Access is enabled on the machines where DNS is running then in security log you will see the following events  for deleting a DNS record.If it is not enabled then the event will be not logged.

Event Type: Success Audit
Event Source: Security
Event Category: Directory Service Access
Event ID: 566
Date:  8/23/2006
Time:  7:28:30 PM
User:  [perp]
Computer: [dns server]
Description:
Object Operation:
  Object Server: DS
  Operation Type: Object Access
  Object Type: dnsNode
  Object Name: DC=Test,DC=zone.com,CN=MicrosoftDNS,CN=System,DC=zone,DC=com
  Handle ID: -
  Primary User Name: [computer name]$
  Primary Domain: [Domain]
  Primary Logon ID: (0x0,0x3E7)
  Client User Name: administrator
  Client Domain: [domain]
  Client Logon ID: (0x0,0x729EE07)
  Accesses: Write Property
   
  Properties:
 Write Property
  Default property set
   dnsRecord
   dNSTombstoned
   dnsNode

  Additional Info:
  Additional Info2:
  Access Mask: 0x20

0
 

Author Closing Comment

by:AdaMich
ID: 36891376
Thanks for the responses.
I guess I was just fishing to validate, or invalidate, an automatic entry.
Off to delete the bogus bugger.
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam® is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question