DNS A record

I have a windows 2008 active directory in place in which all of the DC's are also DNS managers.   I am having a problem with a DNS A record that I keeps re-appearing even after manually deleting the record from every server.  Is there a way to verify which DNS server or what host keeps injecting this record back into DNS?
The A record is for an exchange server that has had it's IP address changed.

thanks
FREDARCEAsked:
Who is Participating?
 
Bruno PACIConnect With a Mentor IT ConsultantCommented:
Hi,

Yes I do too have some DNS records that are owned by the concerned server. But I suppose they are old records and I suppose something has probably changed in the way DNS Server service create DNS records in the past.

All I can tell you is that all my recent DNS records are owned by SYSTEM and have an acl that permit the concerned server to Write on the record.

As an example, I have an Exchange 2010 Mailbox server, let's call it SRVMBX, in my AD 2003 domain. If I take a look at the DNS record that as been dynamically created by the Exchange server I can see that the owner of the record is SYSTEM and that the server account "SRVMBX$" has WRITE permission on it.
As far as I undertstand DNS service this is the proof that this DNS record as been created by the Exchange server itself through the dynamic DNS registration process, because of the presence of the ACL for "SRVMBX$" with WRITE permission.

Look at your DNS record and search for an ACL with only WRITE permission allowed. Then look at the account name that has this permission. Probably that this account name will give your some clue about which server has created the record.

Have a good day.
0
 
IanThCommented:
do you have a domain name that has an mx record for the exchange server I think that can actually do that
0
 
ddiazpCommented:
Is the exchange server getting its network config from DHCP?

Is there a DHCP reservation for this? (if so, there's an option to enable/disable automatic dns registration).
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
FREDARCEAuthor Commented:
there is no mx record for the domain name internally as we host external DNS.

Also,  there is no DHCP reservation as the server is configured with a static IP
0
 
Bruno PACIIT ConsultantCommented:
Hi,

Here again I suspect some teaming misconfiguration on your Exchange server. Does it have NIC teaming ?
If yes, it's possible that the teaming driver did not cleaned the registry correctly when your changed the IP settings and let some old IP address attached to a physical NIC even if it not visible in the NIC IP settings GUI.

can you try to delete the team, uninstall both NICs in device manager (the best way to make the registry clean of old config), rediscover hardware in device manager to make the NICs reappear, recreate the Team, reconfigure the IP settings ?

Have a good day .
0
 
mgpremkumarCommented:
You can check the owner of the DNS record and determine who is registering the record. To view this right click on the record and click on Properties > Security > Advanced.

You can also check if the enteries for the IP address are still present in the registry: Launch the Registry Editor > HKLM > System > CurrentControlSet > Services> TCPIP > Parameters > Interfaces. Once you are here, check all the subkeys to determine if the old IP addresses exists here. If it does, then you probably have a ghost NIC thats retaining the old configuration. The suggestion that PaciB mentioned above should help you clean this up. If it still does not then follow Method 1 in the article: http://support.microsoft.com/kb/269155

Another option is to enable the DNS Debug Logging. Right click on the DNS server > Properties > Debug Logging > Check the option Log packets for debugging > Configure the path to the Debug logs.

Hope this helps.
0
 
FREDARCEAuthor Commented:
It says the owner of the record is 'SYSTEM'
So wouldn't that rule out that the record is coming from the exchange server?
0
 
mgpremkumarCommented:
Is the DNS configured to accept Secure Only or both Non-secure and Secure dynamic updates?
Is the DHCP configured to register A records on behalf of the client?
Is the DHCP configured to register all records on behalf of the client?
In the DHCP Server do you see a lease for the old IP of the Exchange Server?
If yes whom is it assigned to? The Hostname and/or MAC address can be used to check this.

We usually see the owner as SYSTEM if the DHCP is configured to update all the records.
0
 
FREDARCEAuthor Commented:
DNS can accept both secure and non-secure
There is no scope in DHCP for the network/IP that keeps re-appearing in DNS
0
 
Bruno PACIIT ConsultantCommented:
Hi,

What do you mean saying the owner is SYSTEM ?
As far as I understand Microsoft DNS the owner of the DNS records will always be SYSTEM because the AD object is created by the DNS service on the DNS server.

What is important to see is in the ACL of the DNS records in the DNS console (you need to display advanced mode I think) is if there an ACL given to the Exchange server account that have "write" permission.

This how it works on the AD environment just under my eyes at this time: Exchange server created their own DNS records. Theses records are owned by SYSTEM but each have an ACL for the matching Exchange server that permit Write access to the server on the DNS record.


Have a good day.
0
 
FREDARCEAuthor Commented:
I have a few DNS records that show the server hostname$ as being the owner of the record as opposed to SYSTEM.  I don't see any specific ACL where specific permission has been given to exchange.  I have advanced features turned on.  Are we talking about DNS manager or some other console?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.