Solved

DNS A record

Posted on 2013-01-23
11
432 Views
Last Modified: 2013-01-25
I have a windows 2008 active directory in place in which all of the DC's are also DNS managers.   I am having a problem with a DNS A record that I keeps re-appearing even after manually deleting the record from every server.  Is there a way to verify which DNS server or what host keeps injecting this record back into DNS?
The A record is for an exchange server that has had it's IP address changed.

thanks
0
Comment
Question by:FREDARCE
  • 4
  • 3
  • 2
  • +2
11 Comments
 
LVL 30

Expert Comment

by:IanTh
ID: 38811924
do you have a domain name that has an mx record for the exchange server I think that can actually do that
0
 
LVL 10

Expert Comment

by:ddiazp
ID: 38812424
Is the exchange server getting its network config from DHCP?

Is there a DHCP reservation for this? (if so, there's an option to enable/disable automatic dns registration).
0
 

Author Comment

by:FREDARCE
ID: 38812481
there is no mx record for the domain name internally as we host external DNS.

Also,  there is no DHCP reservation as the server is configured with a static IP
0
 
LVL 16

Expert Comment

by:PaciB
ID: 38812561
Hi,

Here again I suspect some teaming misconfiguration on your Exchange server. Does it have NIC teaming ?
If yes, it's possible that the teaming driver did not cleaned the registry correctly when your changed the IP settings and let some old IP address attached to a physical NIC even if it not visible in the NIC IP settings GUI.

can you try to delete the team, uninstall both NICs in device manager (the best way to make the registry clean of old config), rediscover hardware in device manager to make the NICs reappear, recreate the Team, reconfigure the IP settings ?

Have a good day .
0
 
LVL 4

Expert Comment

by:mgpremkumar
ID: 38812892
You can check the owner of the DNS record and determine who is registering the record. To view this right click on the record and click on Properties > Security > Advanced.

You can also check if the enteries for the IP address are still present in the registry: Launch the Registry Editor > HKLM > System > CurrentControlSet > Services> TCPIP > Parameters > Interfaces. Once you are here, check all the subkeys to determine if the old IP addresses exists here. If it does, then you probably have a ghost NIC thats retaining the old configuration. The suggestion that PaciB mentioned above should help you clean this up. If it still does not then follow Method 1 in the article: http://support.microsoft.com/kb/269155

Another option is to enable the DNS Debug Logging. Right click on the DNS server > Properties > Debug Logging > Check the option Log packets for debugging > Configure the path to the Debug logs.

Hope this helps.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:FREDARCE
ID: 38813006
It says the owner of the record is 'SYSTEM'
So wouldn't that rule out that the record is coming from the exchange server?
0
 
LVL 4

Expert Comment

by:mgpremkumar
ID: 38814985
Is the DNS configured to accept Secure Only or both Non-secure and Secure dynamic updates?
Is the DHCP configured to register A records on behalf of the client?
Is the DHCP configured to register all records on behalf of the client?
In the DHCP Server do you see a lease for the old IP of the Exchange Server?
If yes whom is it assigned to? The Hostname and/or MAC address can be used to check this.

We usually see the owner as SYSTEM if the DHCP is configured to update all the records.
0
 

Author Comment

by:FREDARCE
ID: 38815100
DNS can accept both secure and non-secure
There is no scope in DHCP for the network/IP that keeps re-appearing in DNS
0
 
LVL 16

Expert Comment

by:PaciB
ID: 38815213
Hi,

What do you mean saying the owner is SYSTEM ?
As far as I understand Microsoft DNS the owner of the DNS records will always be SYSTEM because the AD object is created by the DNS service on the DNS server.

What is important to see is in the ACL of the DNS records in the DNS console (you need to display advanced mode I think) is if there an ACL given to the Exchange server account that have "write" permission.

This how it works on the AD environment just under my eyes at this time: Exchange server created their own DNS records. Theses records are owned by SYSTEM but each have an ACL for the matching Exchange server that permit Write access to the server on the DNS record.


Have a good day.
0
 

Author Comment

by:FREDARCE
ID: 38816257
I have a few DNS records that show the server hostname$ as being the owner of the record as opposed to SYSTEM.  I don't see any specific ACL where specific permission has been given to exchange.  I have advanced features turned on.  Are we talking about DNS manager or some other console?
0
 
LVL 16

Accepted Solution

by:
PaciB earned 500 total points
ID: 38817897
Hi,

Yes I do too have some DNS records that are owned by the concerned server. But I suppose they are old records and I suppose something has probably changed in the way DNS Server service create DNS records in the past.

All I can tell you is that all my recent DNS records are owned by SYSTEM and have an acl that permit the concerned server to Write on the record.

As an example, I have an Exchange 2010 Mailbox server, let's call it SRVMBX, in my AD 2003 domain. If I take a look at the DNS record that as been dynamically created by the Exchange server I can see that the owner of the record is SYSTEM and that the server account "SRVMBX$" has WRITE permission on it.
As far as I undertstand DNS service this is the proof that this DNS record as been created by the Exchange server itself through the dynamic DNS registration process, because of the presence of the ACL for "SRVMBX$" with WRITE permission.

Look at your DNS record and search for an ACL with only WRITE permission allowed. Then look at the account name that has this permission. Probably that this account name will give your some clue about which server has created the record.

Have a good day.
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SPF Record 9 46
AD FS DNS 4 46
Guest VLAN not syncing email 13 30
How to prevent loss of email when changing domain name servers? 3 10
One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
Concerto provides fully managed cloud services and the expertise to provide an easy and reliable route to the cloud. Our best-in-class solutions help you address the toughest IT challenges, find new efficiencies and deliver the best application expe…
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now