Solved

Using DNSCMD to delete NS records (HELP)

Posted on 2013-01-02
16
4,177 Views
Last Modified: 2013-01-04
After recently demoting a domain controller, I noticed that the NS record for this server was still listed in our forward and reverse lookup zones.

Upon closer inspection, I’m noticing other old NS records for DC’s that were demoted years ago as well.

From what I am reading, it looks like the tool dnscmd can be used to delete the records across the DC’s on our WAN.

Below is my site info:

Forward lookup zone = home.com
Reverse lookup zone = 192.168.1.x
DC name = dc1

Below is the command syntax for using dnscmd / recorddelete:

dnscmd /recorddelete ZoneName NodeName RRType RRData

Using the info above, I am unsure if I am interpreting everything correctly – and I am unsure of what info is used in place of RRData.

I could use some direction in getting my syntax down before running the command – any help would be greatly appreciated.
0
Comment
Question by:acmi
  • 8
  • 2
  • 2
  • +2
16 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 38738327
RRData is the IP address

RRType is the record type - NS in your case.

Thanks

Mike
0
 
LVL 18

Expert Comment

by:sarang_tinguria
ID: 38738329
refer below link it has all the steps to be taken care after unsuccessful DC demotion
If your DC's were demoted gracefuly then skip the metadata part

Metadata cleanup:
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
0
 

Author Comment

by:acmi
ID: 38738389
Okay, looks like I need to be more clear.

The info below is an example of my site info:

Forward lookup zone = home.com
DC name = dc1

The command syntax to delete records from DNS is below:

dnscmd /recorddelete ZoneName NodeName RRType RRData

Using the info above, I need help in applying my info to the syntax of the command correctly.  I need to know what info should be listed in the () below:

dnscmd /recorddelete ZoneName (home.com) NodeName (dc1) RRType (NS) RRData (?)

=

dnscmd / recorddelete home.com dc1 NS ?
0
 
LVL 18

Expert Comment

by:sarang_tinguria
ID: 38738413
dnscmd /recorddelete home.com DC1 NS olddnsserver.home.com
0
 
LVL 26

Assisted Solution

by:Leon Fester
Leon Fester earned 500 total points
ID: 38739220
Do you have standard alone DNS zones or are the AD-integrated.
if AD-integrated then I think you're making your life unneccessarily difficult.

You can use the DNS gui and delete the record from your local DNS server and it will replicate to the other DNS servers.
GUI can also be used to delete from remote servers either logon directly or connect via the local GUI, just right-click the DNS root and select connect to "Connect to DNS server" and select the remote server.

You don't provide enough information for us to contruct the complete DNSCMD command for you.
Here is a good reference with examples.
e.g. dnscmd /recorddelete bigfirm.com @ NS main.bigfirm.com /f
http://msmvps.com/blogs/ad/archive/2008/03/28/dnscmd-reference.aspx
0
 

Author Comment

by:acmi
ID: 38740333
Hello Sarang_Tinguria,

Thank you for your reply.  

DC1 in my example is actually the old DNS server that I want to delete.  I was under the impression that the NodeName was the server name who’s records we want to delete (please let me know if I am wrong).

With this in mind, is the line below correct?

dnscmd /recorddelete home.com DC1 NS DC1.home.com
0
 

Author Comment

by:acmi
ID: 38740578
Hello DVT_Localboy

Our zones are AD integrated.

However, I would prefer getting the command correct rather than searching through DNS for old records – as they can be found in several areas.  It seems like the command route would be more thorough.

Example – I’m finding old records in the area below as well as almost every subdirectory within the root.

Home.com\_msdcs\domains\blabla\_tcp

In regards to not providing enough info to construct the complete command, what info is missing?

We have the ZoneName (home.com)
We have the NodeName (dc1 – I’m understanding the NodeName to mean the name of the DC we are trying to remove – let me know if this is incorrect)
We have the RRType (NS)
Where I am unsure is the RRData info.

Is the RRData the same as the fully qualified name of the record I want to delete – dc1.home.com?

If so, the line below should work – let me know if this is incorrect.


dnscmd /recorddelete home.com DC1 NS DC1.home.com
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:acmi
ID: 38740673
I believe I have the command correct (in some respect) in my two replies above, as I am now prompted with a “Are you sure you want to delete record” message.

But when I choose “yes” I receive the following error: Command failed: DNS_ERROR_NAME_DOES_NOT_EXIST

So something is still off...
0
 

Author Comment

by:acmi
ID: 38740716
Never mind, I figured it out.  I'll follow up when I've finished up.
0
 

Accepted Solution

by:
acmi earned 0 total points
ID: 38741609
Okay, here’s the deal if anyone stumbles onto this looking for a solution:

First, the command string below from Microsoft is something that I was never able to get to work.

-      dnscmd /recorddelete ZoneName NodeName RRType RRData

Second, the command string from Brian (http://msmvps.com/blogs/ad/archive/2008/03/28/dnscmd-reference.aspx) does work when you know what info to plug in where.

-      dnscmd /recorddelete ZoneName @ RRType RecordInfo

ZoneName = the domain from where the record is to be deleted
RRType = the type of record (A, NS, etc.)
RecordInfo = the record to be deleted (FQN)

Apply this to my example:

-      dnscmd /recorddelete home.com @ NS dc1.home.com

Done.

So, in response to a posting above, the information needed to construct the complete DNSCMD was indeed supplied in the original post as well as in the subsequent thread.  You only need to know the record you want to delete, the record type and the domain from where you want to delete.
0
 

Author Comment

by:acmi
ID: 38744262
I've requested that this question be closed as follows:

Accepted answer: 0 points for acmi's comment #a38741609

for the following reason:

the other postings did not provide the solution I had asked for - some where wrong altogether.
0
 
LVL 25

Expert Comment

by:DrDave242
ID: 38741669
I'd have to say that dvt_localboy got it right in #38739220.

His example:
dnscmd /recorddelete bigfirm.com @ NS main.bigfirm.com /f
The command that worked for you:
dnscmd /recorddelete home.com @ NS dc1.home.com
That's pretty dead-on, if you ask me.  The only difference is the /f switch, which simply specifies that you don't want to be prompted for confirmation.
0
 

Author Comment

by:acmi
ID: 38741757
He also said that I had not provided enough info to construct the command – which was not correct (bad info) – everything was there.  I wasted a lot of time trying to figure out what could be missing (aggravating) – and there was no reply when I asked what was missing.  I’m sure I would have gotten a reply at some point, but it would have been wrong as all the info that was needed was posted.

And throwing an example without applying it to my issue was not very helpful as well (I included my info for a reason).

If anyone were looking for the same solution, my solution would be the most helpful from the tread.
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 38742960
LMFAO - You reference the links I provided, but I didn't help to resolve this problem.

I wasted a lot of time trying to figure out what could be missing (aggravating)

– Considering your attitute, I'm glad I didn't waste my time either.

and there was no reply when I asked what was missing.

- I don't sit on EE all day baby feeding people information. I have a life and job in real life too.

Hope you have lots of fun with those points you saved yourself, looks like you need them more than me.
0
 
LVL 25

Expert Comment

by:DrDave242
ID: 38744263
I think I'll put this in a moderator's hands, which will hopefully get it resolved to everyone's satisfaction.

Mod: There's a dispute about whether a posted answer was correct.  See previous posts for details.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now