Solved

DNS - Help Finding \ Deleting Old DC Records?

Posted on 2013-01-03
18
829 Views
Last Modified: 2013-01-04
I need help in locating an old DNS record for a DC that was decommissioned last week.

xx.xx.xx.100

I have looked through DNS (forward and reverse zones, all sub directories) and can not find a record of this server's name or IP address.

Yet I know there is an old record present as I receive the warning below when running netdiag:


DNS test . . . . . . . . . . . . . : Passed
       [WARNING] The DNS entries for this DC cannot be verified right now on DNS
 server xx.xx.xx.100, ERROR_TIMEOUT.
    PASS - All the DNS entries for DC are registered on DNS server xx.xx.xx.101
' and other DCs also have some of the names registered.


I did have a few issues demoting the DC, DNSCMD was used to delete the records.

Obviously, a record from this server must still be present somewhere due to the warning above.

I could use some direction in regards to tracking down whatever records that remain for this demoted server – any help would be appreciated.
0
Comment
Question by:acmi
  • 7
  • 4
  • 3
  • +3
18 Comments
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 38742087
Right click on the zone name and open properties... name servers tab. if it is still there, remove it.
0
 

Author Comment

by:acmi
ID: 38742118
Man, I wish it were that simple.  That entry had already been removed - all listed name servers are legit DC's.

Would be nice if I could simply right click on the root of the forward and reverse lookup zones and search for the DC name or IP.

Is there a tool that can point to DNS and perform similar searches?  

How do you find an old record that is still participating on the domain?
0
 
LVL 24

Accepted Solution

by:
smckeown777 earned 500 total points
ID: 38742138
On the new server what IP's are set in the NIC for Primary and Secondary DNS? Did you remove the old ip from that?
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 38742165
0
 
LVL 18

Expert Comment

by:sarang_tinguria
ID: 38742180
can you run dcdiag /test:dns and post the errors
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 38742980
Run IPCONFIG /all and you'll probably see that DNS server is still listed in the NIC config.
Netdiag is a local computer test, so all info it uses it reads from the local machine.

Remove the DNS server entry from your NIC and you should be fine.
0
 
LVL 26

Expert Comment

by:Pber
ID: 38743761
If may be cached if you can see the record.  On your testing from do an ipconfig /flushdns to dump the dns cache .  Also go to your dns management MMC and clear the cached lookups for each DNS server.  Then try again.
0
 

Author Comment

by:acmi
ID: 38745015
Embarrassing…

I’ve spent so much time removing old DNS records in practically every area of DNS, only to have left the old address as a secondary DNS server on the nic config.

So I was not an old record, but rather the configuration on the server’s nic.

Good call Sulimanw, sorry for taking up everyones time.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:acmi
ID: 38745019
Sorry - good call smckeown777.
0
 
LVL 24

Expert Comment

by:smckeown777
ID: 38745027
Sometimes its the simplest thing that trips us up ;)

Good to know you got sorted, cheers...
0
 
LVL 24

Expert Comment

by:smckeown777
ID: 38745031
Although you assigned the points to another expert...no worries I'll get another one ;)
0
 

Author Comment

by:acmi
ID: 38745037
This, apparently, is not my day.  I accepted the wrong solution - the correct solution came from smckeown777.  My appologies.
0
 

Author Comment

by:acmi
ID: 38745046
Man, I was hoping to correct this before you noticed.  I'm sure there is a way to correct this - I'll see what can be done.
0
 
LVL 24

Expert Comment

by:smckeown777
ID: 38745055
No hassle...think you need to 'Request attention' and a mod will re-open the question for you...
0
 

Author Comment

by:acmi
ID: 38745083
Done.  Have a good weekend everyone.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 38745320
Glad you get the solution :)
0
 

Author Comment

by:acmi
ID: 38745395
My apologies for the confusion Sulimanw.  Have a good weekend.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now