Solved

Is there an easy way to determine manually entered DNS addresses

Posted on 2012-03-21
6
658 Views
Last Modified: 2012-06-27
Over the years we have had different IT persons create manual DNS entries for servers, applications, etc. A lot of these entries are for old server names that no longer exist in active directory or our environment as a whole.

Short of opening up the DNS console and going line by line is there an easy way to determine the manually created DNS entries so that I can find and remove the ones that are no longer needed.
0
Comment
Question by:Joseph Daly
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37746970
I'll have to test your question, won't blow smoke...not sure, but if you haven't cleaned up DNS in a long time have you thought about enabling scavenging on your DNS server and zones?

http://blogs.technet.com/b/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx

That is a good first step for cleanup.

Thanks

Mike
0
 
LVL 94

Expert Comment

by:John Hurst
ID: 37746975
No way I know of, since the entries were created over time. You need to review the entries and remove the ones that are not needed. I always make a list first in case I need to go backward. ... Thinkpads_User
0
 
LVL 6

Expert Comment

by:netjgrnaut
ID: 37747182
Thinkpads_user is correct.  Scavenging will (should?) only impact dynamic records, though if static records are created w/a TTL value - it can have unexpected results.  The scavenging process certainly doesn't have any "do what I mean, not what I say" logic in it - e.g. it doesn't know the difference between an old-but-frequently-used entry and the type of cruft you're trying to clean up.

Perhaps more to the point: what is driving this DNS cleanup?  Are forward or reverse responses coming out with conflicting/invalid data?  It's not like there's any great benefit to deleting things you *think* you don't need from DNS per se.

On the other hand, if you've really got a good grasp on what a *clean* zone should look like, I'd recommend provisioning a new *temp* DNS server as the primary with the *clean* zone file.  Then configure your current primary DNS server as a secondary, pointing to the new primary.  This will push the clean zone to the *real* primary.  Finally, reconfigure the *real* primary as... primary - and deprovision the temp DNS server.  All your current secondaries will pull the new *clean* zone data from the *real* primary, once it is again authoritative for the zone.

Hope that helps...
0
How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

 
LVL 17

Assisted Solution

by:Tony Massa
Tony Massa earned 250 total points
ID: 37748546
Ease is a relative term, so here's some info.  AD-Integrated DNS zones stores each record in AD, so you can certainly query them with any LDAP-compliant tool, like ADFind.

Here is the ADfind command to find the owner of all DNS records or just one.  If a DNS record is owned by a user (or unresolvable), then it is most likely a static DNS record.

adfind -default -owneronly -resolveSIDs -f objectClass=dnsNode
adfind -default -owneronly -resolveSIDs -f "(&(objectClass=dnsNode)(name=DNS-RECORD-NAME))"

Open in new window


Here, someone is using powershell cmdlets to find DNS security information that may be helpful:
http://social.technet.microsoft.com/Forums/hu/winserverpowershell/thread/04c74ee1-6b5d-484a-a32e-1d974ffe933d

Note: You will want to export the adfind output (for multiple records) to a CSV file.
0
 
LVL 26

Accepted Solution

by:
Leon Fester earned 250 total points
ID: 37756029
Manually created DNS entries would be static records, as such they won't have timestamp.
Enabling scavening won't cleanup records that don't have a timestamp.

You can export the DNS server zone file from the DNS console.

Open DNS console
Navigate to your forward lookup zones,
Right click the DNS Zone name and click Export.
Save the file as .csv

Open file in excel and sort the .csv file by date and you'll have a list of all static entries.

You can then use Excel's =concatenate function to complete the appropriate DNSCMD command.

dnscmd ServerName /recorddelete ZoneName NodeName RRType RRData
e.g. dnscmd myDC1 /recordelete myDNS.ZoneName myServerName A 10.0.0.1

More info on DNSCMD command
http://technet.microsoft.com/en-us/library/cc756116(v=ws.10).aspx

It's very useful when you've got to manually prune your DNS Database.

P.S. Always backup your DNS zone before deleting records.
0
 
LVL 35

Author Closing Comment

by:Joseph Daly
ID: 37761296
Thanks
0

Featured Post

Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question