• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 357
  • Last Modified:

DNS records dropping from DNS

I have random machines on my network that are not registering to DNS. The record is in DNS one day and the next day the record is gone. I have to go to the machine and registerdns for it to show up. What could be the problem?
0
Thomas N
Asked:
Thomas N
  • 10
  • 8
2 Solutions
 
Thomas NAuthor Commented:
Could it be a replication issue? We have 6 DNS servers
0
 
Santosh GuptaCommented:
Hi,

Please check the DNS scavenging is configured properly.  it should be greater than or equals to DHCP lease period.
0
 
Thomas NAuthor Commented:
Right now it is greater than. Some of the machines are servers and are not using DHCP.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
Santosh GuptaCommented:
Hi,

lets track DNS record deletion, so that we can find the root cause of deletion. pls see the url below.

http://blogs.technet.com/b/networking/archive/2011/08/17/tracking-dns-record-deletion.aspx
0
 
Thomas NAuthor Commented:
Thanks Santosh for your help. I tried following the directions to audit but received error when trying to connect with ADSI edit. I attached a screenshot. Any ideas?
error.png
0
 
Thomas NAuthor Commented:
actually I mistyped my domain but now I get this error
error.png
0
 
Santosh GuptaCommented:
Hi,

are you trying below section ?

 If the zone is stored in default Domain partition, then use DC=contoso,DC=com as the Distinguished Name. (This partition is generally loaded in Adsiedit by default).
0
 
Thomas NAuthor Commented:
your right it worked.

Also if it helps I get this error on some of the machines:

The system failed to register pointer (PTR) resource records (RRs) for network adapter
with settings:
Adapter Name : {D84500E1-7601-42E3-B3B6-1E9FF739D79A}
Host Name : computer
Adapter-specific Domain Suffix : domain.net
DNS server list :
x.x.58.10, x.x.58.11
Sent update to server : x.x.58.10
IP Address : x.x.80.151
The reason that the system could not register these RRs was because of a security related problem. The cause of this could be (a) your computer does not have permissions to register and update the specific DNS domain name set for this adapter, or (b) there might have been a problem negotiating valid credentials with the DNS server during the processing of the update request.
You can manually retry DNS registration of the network adapter and its settings by typing "ipconfig /registerdns" at the command prompt. If problems still persist, contact your DNS server or network systems administrator.
For more information, see Help and Support Center at
0
 
Santosh GuptaCommented:
seems Computer does not have permission to update either forward or reverse lookup zones.


Open DNS console, locate record, view security permission, add computer account and give Full Control.

On computer with error run IPCONFIG /REGISTERDNS
0
 
Thomas NAuthor Commented:
Also when I follow instructions to audit. It tells me to go to CN=Sytems then CN=MicrosoftDNS. Under MicrosoftDNS I only have 12 subnets in there when I have over 30-40 subnets and I have no zone that has my domain. I only have DC=RootDNSServers.

Is this right?
0
 
Thomas NAuthor Commented:
The security permissions already have the machine as having full permissions.
0
 
Santosh GuptaCommented:
see the point 9 in article..

You may find some already existing entries with the name ‘Everyone’ under the Auditing tab. This may be confusing but please add a new entry as mentioned above.

pls proceed further.
0
 
Thomas NAuthor Commented:
I understand. Thanks. Its just I dont have all my subnets listed and my zone name is not in the list. I attached a screenshot
error.png
0
 
Santosh GuptaCommented:
pls check if you DNS reverse lookup has zone for all subnet.
0
 
Thomas NAuthor Commented:
Yes there is a reverse lookup for all zones.
0
 
Santosh GuptaCommented:
not sure...

try to run DCDIAG /test:DNS and see if you are getting any error.
0
 
Thomas NAuthor Commented:
Z:\>dcdiag/test:dns

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = server
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: SSC\server
      Starting test: Connectivity
         ......................... server passed test Connectivity

Doing primary tests

   Testing server: SSC\server
      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... SSC failed test DNS

   Running partition tests on : DomainDnsZones

   Running partition tests on : ForestDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : domain

   Running enterprise tests on : domain.net
      Starting test: DNS
         Test results for domain controllers:

            DC: server.domain.net
            Domain: domain.net


               TEST: Basic (Basc)
                  Warning: Adapter 78:2B:CB:37:13:36 has dynamic IP address
                  (can be a misconfiguration)
                  Warning: The AAAA record for this DC was not found
                  Warning: no DNS RPC connectivity (error or non Microsoft DNS s
erver is running)

               server                    PASS WARN n/a  n/a  n/a  n/a  n/a
         ......................... domain.net passed test DNS

Z:\>
0
 
Santosh GuptaCommented:
ok,

please go to property of each reverse lookup zone and  check below. it should be second option, if not then select and refresh the ADSITedit.

dns1
0

Featured Post

Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.

  • 10
  • 8
Tackle projects and never again get stuck behind a technical roadblock.
Join Now