Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1249
  • Last Modified:

Active directory integrated zone deletion, DNS

We have our main AD integrated zone which disappeared last week. We recreated it and re-entered the records manually.

We tried a restore but it failed.

I found this link which may be plausible, can anyone explain why this would cause a zone to disappear?

http://tfs.letsblog.it/post/2010/05/05/How-to-recreate-an-accedently-deleted-AD-integrated-DNS-zone.aspx
0
llcooljsl1983
Asked:
llcooljsl1983
  • 7
  • 3
1 Solution
 
arnoldCommented:
The referenced link in the question is inaccessible.

Back to your question, is the DNS server where the zone disappeared running on a DC or a member server?
Do you have only one DNS server?

The issue with an AD integrated zone being inaccessible on a member server DNS deals with the permission/settings on the zone such that it is limited to DC based DNS services.
0
 
llcooljsl1983Author Commented:
Sorry the text is:
Also it was on a DC at the domain.co.uk level. All servers at the company.domain.co.uk level were unaffected.
 
Some time ago I had a serious problem at a costumer.
 
The customer had two AD domains in the same Forrest. One of them was running Windows Server 2008 R2 and the other Windows Server 2003 R2.
 
In the 2003 domain i went into the DNS console and changed the DNS zone replication from "To all DNS servers running on domain controllers in this domain" to "To all DNS servers running on domain controllers in this Forrest".
After a while I saw that the DNS zone for the domain on the 2003 server was missing....
I looked in the event log and found the following event:
 
Event ID 4005:
The DNS server received indication that zone domain.com was deleted from the Active Directory. Since this zone was an Active Directory integrated zone, it has been deleted from the DNS server.
 
I was in a state of panic for a few minutes until I found a way to recreate the missing DNS Zone:
 
The procedure was the following:
Created an empty AD integrated zone with the same name as the deleted zone.
Make a copy of the files netlogon.dnb and netlogon.dns in c:\windows\system32\config .
Copy the file netlogon.dnb over netlogon.dns .
Restart the netlogon service.
Now the DNS zone was recreated and the only thing left was to recreate the static A records. So nice!
 
Should it fail to recreate the zone you can read here how to restore an AD integrated DNS zone from a backup.
 
Thanks
Thomas
Tags: Active Directory | DNS
Permalink | Comments (0)
0
 
dan_blagutCommented:
Hello

The ad integrated dns zone are replicated with AD information on all controllers that have DNS server role. When you modify that zone on one ad controller all modification are replicated to all controllers, deletion also.
So if you loging level is ok, you should find in the logs who deleted this zone.
If the error come from AD you can try this procedure
http://technet.microsoft.com/fr-fr/library/ff807395(v=ws.10).aspx
Dan
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
llcooljsl1983Author Commented:
The event logs just say it was deleted
0
 
llcooljsl1983Author Commented:
Any ideas?
0
 
arnoldCommented:
Once you add the _msdcs.yourdomain.com and yourdomain.com integrated zones, the data should be replicated back in.

It sounds as though your auditing policy did not include the level of detail you need.
Does your setup include user login records?
You could try using the login/logout records (on a DC event log security)

See which admin user loged in/out when this happened. But make sure to also look at a login/logout event that deals with resuming their existing session.
i.e. user A logged in a week ago and their session is currently disconnected.
User A resumes their session.  User B logs in. zone data is deleted. an hour or so later user B logggs out.  User A goes into a sleep/disconnect state or their system is setup such that the user is logged in, and only the screen saver is running (no password needed to gain access).

...

In this situation, you could check with the other admins without accusing any that the AD DNS zone has been deleted and you need their help in fixing it.

Do you usually have multiple DNS domains such that someone mistakenly deleted the wrong one?

In this case, check workorder, etc. to see who was assigned this task and who performed this task. Then see whether the requested domain is incorrectly pointing to your AD domain or is still in DNS ........
0
 
llcooljsl1983Author Commented:
Why would changing the DNS replication scope from forest to domain cause the zone to disappear from the root DNS servers?

Thanks
0
 
llcooljsl1983Author Commented:
Any ideas?
0
 
arnoldCommented:
It is not clear where it disapeared from.  Check the zone properties dealing with on which servers it is available.  If it is only available on Domain controllers, and your "Root DNS" is just a member, it will not have the security rights needed to access this AD integrated zone.

An AD integrated zone is stored in the AD.  All AD based DNS servers access the one copy in the AD, there are no duplicate copies on each DNS.  When a delete is issued, the data is deleted in the AD.
Once it is deleted, it is inaccessible by all.
0
 
llcooljsl1983Author Commented:
We had a specialist come in who found that there were collisions within the ForestDNSZones ADSI section.
0
 
llcooljsl1983Author Commented:
Unfortunately we had to call in a specialist to determine the cause.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 7
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now