DNS trace

Posted on 2011-10-07
Last Modified: 2012-08-13
I have a problem today on the DNS
In fact today in my DNS I have 30 @ name are deleted (host).
I think he is someone to delete
please you have tools or script to see how they are deleted
 and what user (of the active directory) to delete  
Question by:DRRAM
    LVL 21

    Expert Comment

    Do you have aging and scavenging turned on for that zone?

    Author Comment

    please I do not know where I can check your request
    LVL 21

    Expert Comment

    Check out

    I'm not sure if that exact process is the same in more recent versions of Windows Server.  If it is different just Google for "windows dns aging scavenging" plus your version -- there are tons of links out there.

    Author Comment

    I have windows 2008 - DNS and active directory
    scavenging ??

    and please

    I can not control every @ name was deleted at what time
    LVL 24

    Expert Comment

    IF Audit Directory Service Access is enabled on the Server where DNS is running then in security log you will see the following events  for deleting a DNS record.If it is not enabled then the event will be not logged.

    Event Type: Success Audit
    Event Source: Security
    Event Category: Directory Service Access
    Event ID: 566
    Date:  8/23/2006
    Time:  7:28:30 PM
    User:  [perp]
    Computer: [dns server]
    Object Operation:
      Object Server: DS
      Operation Type: Object Access
      Object Type: dnsNode
      Object Name: DC=Test,,CN=MicrosoftDNS,CN=System,DC=zone,DC=com
      Handle ID: -
      Primary User Name: [computer name]$
      Primary Domain: [Domain]
      Primary Logon ID: (0x0,0x3E7)
      Client User Name: administrator
      Client Domain: [domain]
      Client Logon ID: (0x0,0x729EE07)
      Accesses: Write Property
     Write Property
      Default property set

      Additional Info:
      Additional Info2:
      Access Mask: 0x20

    LVL 57

    Expert Comment

    by:Mike Kline
    This blog may also help you shows how to setup auditing
    Tracking DNS Record Deletion


    LVL 10

    Expert Comment

    Pls see the link you will get the events but you need to be audit enabled.

    Abhijit Waikar.
    LVL 24

    Accepted Solution

    As a reminder, setting directory access auditing will create a storm of events in your security log.  In most production environments, you can expect thousands of "noise" events for every malicious DNS deletion, so this probably needs to be used sparingly.

    Author Closing Comment


    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    Join & Write a Comment

    Companies that have implemented Microsoft’s Active Directory need to ensure that the Active Directory is configured and operating properly. If there are issues found and not resolved, it eventually leads the components to fail or stop working and fi…
    Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now