Solved

DNS A record

Posted on 2013-01-23
11
430 Views
Last Modified: 2013-01-25
I have a windows 2008 active directory in place in which all of the DC's are also DNS managers.   I am having a problem with a DNS A record that I keeps re-appearing even after manually deleting the record from every server.  Is there a way to verify which DNS server or what host keeps injecting this record back into DNS?
The A record is for an exchange server that has had it's IP address changed.

thanks
0
Comment
Question by:FREDARCE
  • 4
  • 3
  • 2
  • +2
11 Comments
 
LVL 30

Expert Comment

by:IanTh
ID: 38811924
do you have a domain name that has an mx record for the exchange server I think that can actually do that
0
 
LVL 10

Expert Comment

by:ddiazp
ID: 38812424
Is the exchange server getting its network config from DHCP?

Is there a DHCP reservation for this? (if so, there's an option to enable/disable automatic dns registration).
0
 

Author Comment

by:FREDARCE
ID: 38812481
there is no mx record for the domain name internally as we host external DNS.

Also,  there is no DHCP reservation as the server is configured with a static IP
0
 
LVL 16

Expert Comment

by:PaciB
ID: 38812561
Hi,

Here again I suspect some teaming misconfiguration on your Exchange server. Does it have NIC teaming ?
If yes, it's possible that the teaming driver did not cleaned the registry correctly when your changed the IP settings and let some old IP address attached to a physical NIC even if it not visible in the NIC IP settings GUI.

can you try to delete the team, uninstall both NICs in device manager (the best way to make the registry clean of old config), rediscover hardware in device manager to make the NICs reappear, recreate the Team, reconfigure the IP settings ?

Have a good day .
0
 
LVL 4

Expert Comment

by:mgpremkumar
ID: 38812892
You can check the owner of the DNS record and determine who is registering the record. To view this right click on the record and click on Properties > Security > Advanced.

You can also check if the enteries for the IP address are still present in the registry: Launch the Registry Editor > HKLM > System > CurrentControlSet > Services> TCPIP > Parameters > Interfaces. Once you are here, check all the subkeys to determine if the old IP addresses exists here. If it does, then you probably have a ghost NIC thats retaining the old configuration. The suggestion that PaciB mentioned above should help you clean this up. If it still does not then follow Method 1 in the article: http://support.microsoft.com/kb/269155

Another option is to enable the DNS Debug Logging. Right click on the DNS server > Properties > Debug Logging > Check the option Log packets for debugging > Configure the path to the Debug logs.

Hope this helps.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:FREDARCE
ID: 38813006
It says the owner of the record is 'SYSTEM'
So wouldn't that rule out that the record is coming from the exchange server?
0
 
LVL 4

Expert Comment

by:mgpremkumar
ID: 38814985
Is the DNS configured to accept Secure Only or both Non-secure and Secure dynamic updates?
Is the DHCP configured to register A records on behalf of the client?
Is the DHCP configured to register all records on behalf of the client?
In the DHCP Server do you see a lease for the old IP of the Exchange Server?
If yes whom is it assigned to? The Hostname and/or MAC address can be used to check this.

We usually see the owner as SYSTEM if the DHCP is configured to update all the records.
0
 

Author Comment

by:FREDARCE
ID: 38815100
DNS can accept both secure and non-secure
There is no scope in DHCP for the network/IP that keeps re-appearing in DNS
0
 
LVL 16

Expert Comment

by:PaciB
ID: 38815213
Hi,

What do you mean saying the owner is SYSTEM ?
As far as I understand Microsoft DNS the owner of the DNS records will always be SYSTEM because the AD object is created by the DNS service on the DNS server.

What is important to see is in the ACL of the DNS records in the DNS console (you need to display advanced mode I think) is if there an ACL given to the Exchange server account that have "write" permission.

This how it works on the AD environment just under my eyes at this time: Exchange server created their own DNS records. Theses records are owned by SYSTEM but each have an ACL for the matching Exchange server that permit Write access to the server on the DNS record.


Have a good day.
0
 

Author Comment

by:FREDARCE
ID: 38816257
I have a few DNS records that show the server hostname$ as being the owner of the record as opposed to SYSTEM.  I don't see any specific ACL where specific permission has been given to exchange.  I have advanced features turned on.  Are we talking about DNS manager or some other console?
0
 
LVL 16

Accepted Solution

by:
PaciB earned 500 total points
ID: 38817897
Hi,

Yes I do too have some DNS records that are owned by the concerned server. But I suppose they are old records and I suppose something has probably changed in the way DNS Server service create DNS records in the past.

All I can tell you is that all my recent DNS records are owned by SYSTEM and have an acl that permit the concerned server to Write on the record.

As an example, I have an Exchange 2010 Mailbox server, let's call it SRVMBX, in my AD 2003 domain. If I take a look at the DNS record that as been dynamically created by the Exchange server I can see that the owner of the record is SYSTEM and that the server account "SRVMBX$" has WRITE permission on it.
As far as I undertstand DNS service this is the proof that this DNS record as been created by the Exchange server itself through the dynamic DNS registration process, because of the presence of the ACL for "SRVMBX$" with WRITE permission.

Look at your DNS record and search for an ACL with only WRITE permission allowed. Then look at the account name that has this permission. Probably that this account name will give your some clue about which server has created the record.

Have a good day.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

This article explains how a domain name may be inadvertently appended to all DNS queries. This exhibits as described below. (CODE)And / Or: (CODE) Cause This issue can occur in either of these two scenarios. EITHER 1. A Primary DNS S…
Resolve DNS query failed errors for Exchange
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now