Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

DNS A record

Posted on 2013-01-23
11
Medium Priority
?
442 Views
Last Modified: 2013-01-25
I have a windows 2008 active directory in place in which all of the DC's are also DNS managers.   I am having a problem with a DNS A record that I keeps re-appearing even after manually deleting the record from every server.  Is there a way to verify which DNS server or what host keeps injecting this record back into DNS?
The A record is for an exchange server that has had it's IP address changed.

thanks
0
Comment
Question by:FREDARCE
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +2
11 Comments
 
LVL 30

Expert Comment

by:IanTh
ID: 38811924
do you have a domain name that has an mx record for the exchange server I think that can actually do that
0
 
LVL 10

Expert Comment

by:ddiazp
ID: 38812424
Is the exchange server getting its network config from DHCP?

Is there a DHCP reservation for this? (if so, there's an option to enable/disable automatic dns registration).
0
 

Author Comment

by:FREDARCE
ID: 38812481
there is no mx record for the domain name internally as we host external DNS.

Also,  there is no DHCP reservation as the server is configured with a static IP
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 16

Expert Comment

by:Bruno PACI
ID: 38812561
Hi,

Here again I suspect some teaming misconfiguration on your Exchange server. Does it have NIC teaming ?
If yes, it's possible that the teaming driver did not cleaned the registry correctly when your changed the IP settings and let some old IP address attached to a physical NIC even if it not visible in the NIC IP settings GUI.

can you try to delete the team, uninstall both NICs in device manager (the best way to make the registry clean of old config), rediscover hardware in device manager to make the NICs reappear, recreate the Team, reconfigure the IP settings ?

Have a good day .
0
 
LVL 4

Expert Comment

by:mgpremkumar
ID: 38812892
You can check the owner of the DNS record and determine who is registering the record. To view this right click on the record and click on Properties > Security > Advanced.

You can also check if the enteries for the IP address are still present in the registry: Launch the Registry Editor > HKLM > System > CurrentControlSet > Services> TCPIP > Parameters > Interfaces. Once you are here, check all the subkeys to determine if the old IP addresses exists here. If it does, then you probably have a ghost NIC thats retaining the old configuration. The suggestion that PaciB mentioned above should help you clean this up. If it still does not then follow Method 1 in the article: http://support.microsoft.com/kb/269155

Another option is to enable the DNS Debug Logging. Right click on the DNS server > Properties > Debug Logging > Check the option Log packets for debugging > Configure the path to the Debug logs.

Hope this helps.
0
 

Author Comment

by:FREDARCE
ID: 38813006
It says the owner of the record is 'SYSTEM'
So wouldn't that rule out that the record is coming from the exchange server?
0
 
LVL 4

Expert Comment

by:mgpremkumar
ID: 38814985
Is the DNS configured to accept Secure Only or both Non-secure and Secure dynamic updates?
Is the DHCP configured to register A records on behalf of the client?
Is the DHCP configured to register all records on behalf of the client?
In the DHCP Server do you see a lease for the old IP of the Exchange Server?
If yes whom is it assigned to? The Hostname and/or MAC address can be used to check this.

We usually see the owner as SYSTEM if the DHCP is configured to update all the records.
0
 

Author Comment

by:FREDARCE
ID: 38815100
DNS can accept both secure and non-secure
There is no scope in DHCP for the network/IP that keeps re-appearing in DNS
0
 
LVL 16

Expert Comment

by:Bruno PACI
ID: 38815213
Hi,

What do you mean saying the owner is SYSTEM ?
As far as I understand Microsoft DNS the owner of the DNS records will always be SYSTEM because the AD object is created by the DNS service on the DNS server.

What is important to see is in the ACL of the DNS records in the DNS console (you need to display advanced mode I think) is if there an ACL given to the Exchange server account that have "write" permission.

This how it works on the AD environment just under my eyes at this time: Exchange server created their own DNS records. Theses records are owned by SYSTEM but each have an ACL for the matching Exchange server that permit Write access to the server on the DNS record.


Have a good day.
0
 

Author Comment

by:FREDARCE
ID: 38816257
I have a few DNS records that show the server hostname$ as being the owner of the record as opposed to SYSTEM.  I don't see any specific ACL where specific permission has been given to exchange.  I have advanced features turned on.  Are we talking about DNS manager or some other console?
0
 
LVL 16

Accepted Solution

by:
Bruno PACI earned 2000 total points
ID: 38817897
Hi,

Yes I do too have some DNS records that are owned by the concerned server. But I suppose they are old records and I suppose something has probably changed in the way DNS Server service create DNS records in the past.

All I can tell you is that all my recent DNS records are owned by SYSTEM and have an acl that permit the concerned server to Write on the record.

As an example, I have an Exchange 2010 Mailbox server, let's call it SRVMBX, in my AD 2003 domain. If I take a look at the DNS record that as been dynamically created by the Exchange server I can see that the owner of the record is SYSTEM and that the server account "SRVMBX$" has WRITE permission on it.
As far as I undertstand DNS service this is the proof that this DNS record as been created by the Exchange server itself through the dynamic DNS registration process, because of the presence of the ACL for "SRVMBX$" with WRITE permission.

Look at your DNS record and search for an ACL with only WRITE permission allowed. Then look at the account name that has this permission. Probably that this account name will give your some clue about which server has created the record.

Have a good day.
0

Featured Post

Enroll in September's Course of the Month

This month’s featured course covers 16 hours of training in installation, management, and deployment of VMware vSphere virtualization environments. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
Resolve DNS query failed errors for Exchange
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question