Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

DNS A record

Posted on 2013-01-23
11
Medium Priority
?
445 Views
Last Modified: 2013-01-25
I have a windows 2008 active directory in place in which all of the DC's are also DNS managers.   I am having a problem with a DNS A record that I keeps re-appearing even after manually deleting the record from every server.  Is there a way to verify which DNS server or what host keeps injecting this record back into DNS?
The A record is for an exchange server that has had it's IP address changed.

thanks
0
Comment
Question by:FREDARCE
  • 4
  • 3
  • 2
  • +2
11 Comments
 
LVL 30

Expert Comment

by:IanTh
ID: 38811924
do you have a domain name that has an mx record for the exchange server I think that can actually do that
0
 
LVL 10

Expert Comment

by:ddiazp
ID: 38812424
Is the exchange server getting its network config from DHCP?

Is there a DHCP reservation for this? (if so, there's an option to enable/disable automatic dns registration).
0
 

Author Comment

by:FREDARCE
ID: 38812481
there is no mx record for the domain name internally as we host external DNS.

Also,  there is no DHCP reservation as the server is configured with a static IP
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 16

Expert Comment

by:Bruno PACI
ID: 38812561
Hi,

Here again I suspect some teaming misconfiguration on your Exchange server. Does it have NIC teaming ?
If yes, it's possible that the teaming driver did not cleaned the registry correctly when your changed the IP settings and let some old IP address attached to a physical NIC even if it not visible in the NIC IP settings GUI.

can you try to delete the team, uninstall both NICs in device manager (the best way to make the registry clean of old config), rediscover hardware in device manager to make the NICs reappear, recreate the Team, reconfigure the IP settings ?

Have a good day .
0
 
LVL 4

Expert Comment

by:mgpremkumar
ID: 38812892
You can check the owner of the DNS record and determine who is registering the record. To view this right click on the record and click on Properties > Security > Advanced.

You can also check if the enteries for the IP address are still present in the registry: Launch the Registry Editor > HKLM > System > CurrentControlSet > Services> TCPIP > Parameters > Interfaces. Once you are here, check all the subkeys to determine if the old IP addresses exists here. If it does, then you probably have a ghost NIC thats retaining the old configuration. The suggestion that PaciB mentioned above should help you clean this up. If it still does not then follow Method 1 in the article: http://support.microsoft.com/kb/269155

Another option is to enable the DNS Debug Logging. Right click on the DNS server > Properties > Debug Logging > Check the option Log packets for debugging > Configure the path to the Debug logs.

Hope this helps.
0
 

Author Comment

by:FREDARCE
ID: 38813006
It says the owner of the record is 'SYSTEM'
So wouldn't that rule out that the record is coming from the exchange server?
0
 
LVL 4

Expert Comment

by:mgpremkumar
ID: 38814985
Is the DNS configured to accept Secure Only or both Non-secure and Secure dynamic updates?
Is the DHCP configured to register A records on behalf of the client?
Is the DHCP configured to register all records on behalf of the client?
In the DHCP Server do you see a lease for the old IP of the Exchange Server?
If yes whom is it assigned to? The Hostname and/or MAC address can be used to check this.

We usually see the owner as SYSTEM if the DHCP is configured to update all the records.
0
 

Author Comment

by:FREDARCE
ID: 38815100
DNS can accept both secure and non-secure
There is no scope in DHCP for the network/IP that keeps re-appearing in DNS
0
 
LVL 16

Expert Comment

by:Bruno PACI
ID: 38815213
Hi,

What do you mean saying the owner is SYSTEM ?
As far as I understand Microsoft DNS the owner of the DNS records will always be SYSTEM because the AD object is created by the DNS service on the DNS server.

What is important to see is in the ACL of the DNS records in the DNS console (you need to display advanced mode I think) is if there an ACL given to the Exchange server account that have "write" permission.

This how it works on the AD environment just under my eyes at this time: Exchange server created their own DNS records. Theses records are owned by SYSTEM but each have an ACL for the matching Exchange server that permit Write access to the server on the DNS record.


Have a good day.
0
 

Author Comment

by:FREDARCE
ID: 38816257
I have a few DNS records that show the server hostname$ as being the owner of the record as opposed to SYSTEM.  I don't see any specific ACL where specific permission has been given to exchange.  I have advanced features turned on.  Are we talking about DNS manager or some other console?
0
 
LVL 16

Accepted Solution

by:
Bruno PACI earned 2000 total points
ID: 38817897
Hi,

Yes I do too have some DNS records that are owned by the concerned server. But I suppose they are old records and I suppose something has probably changed in the way DNS Server service create DNS records in the past.

All I can tell you is that all my recent DNS records are owned by SYSTEM and have an acl that permit the concerned server to Write on the record.

As an example, I have an Exchange 2010 Mailbox server, let's call it SRVMBX, in my AD 2003 domain. If I take a look at the DNS record that as been dynamically created by the Exchange server I can see that the owner of the record is SYSTEM and that the server account "SRVMBX$" has WRITE permission on it.
As far as I undertstand DNS service this is the proof that this DNS record as been created by the Exchange server itself through the dynamic DNS registration process, because of the presence of the ACL for "SRVMBX$" with WRITE permission.

Look at your DNS record and search for an ACL with only WRITE permission allowed. Then look at the account name that has this permission. Probably that this account name will give your some clue about which server has created the record.

Have a good day.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I will assume you are running a non-server version of some sort of Windows throughout this article. There are many flavors of Windows since Windows Server 2000 - 2008, XP Home & Pro, Vista Home & Pro, and Windows 7 Starter, Home, Pro, Ultimate, etc.…
There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question