Solved

DNS cleanup - removing old forward and reverse lookup entries

Posted on 2015-01-14
10
410 Views
Last Modified: 2015-03-12
hi all

im looking at cleaning up our dns records (2003 DNS server) at work as they are full of old entries... for whatever reason scavenging has not been turned on...
before i go down the process of enabling scavenging id like to do a manual clean up.

obviously ill be removing the forward lookup entries but im curious as to the reverse lookup entries.. should i remove these as well? what is the implications of leaving the reverse lookup entries?

just wondering what everybodies experience with this is and how i should approach a manual clean up..


cheers!
0
Comment
Question by:mishcondereya
  • 5
  • 3
  • 2
10 Comments
 
LVL 24

Expert Comment

by:VB ITS
ID: 40548865
Is there a particular reason you do not want to use scavenging for this? One thing of note is that the timestamps for entries in DNS aren't updated unless scavenging is actually turned on, so you may inadvertently delete entries if you're going to go off the timestamp.

I also recommend you have a read of this article to give you a better understanding DNS scavenging: http://technet.microsoft.com/en-us/library/cc759204(v=ws.10).aspx
0
 

Author Comment

by:mishcondereya
ID: 40548893
sorry i meant to update this post and say its actually a 2008 dns server.. my bad on that one.

to answer your question..
im new at my current workplace and from what ive been told, few years back they enabled scavenging and it caused a lot of problems with dns entries being deleted etc. ... this begs the question why didnt they leave it on once it was turned on and they resolved all the dns issues...?
but for whatever reason it was turned off again.. no idea what the reasoning behind this was.

so reason id like to do this manually is to get familiar with the dns entries, whats live whats not, what can be deleted etc...
its also to ease their mind that we are in control of our entries in regards to whats being removed.. once everything has been cleaned up i intend on turning scavenging on so we dont have to go through this tedious process.
I should also add that i havent done much work before with cleaning up DNS entries so its a bit of a learning curve for me as well..


thank you for the link, i will give it a read and post back when i have more questions about what im doing...
0
 

Author Comment

by:mishcondereya
ID: 40548936
i am going to check out this link as its for 2008 dns servers

http://technet.microsoft.com/en-gb/library/cc771677.aspx
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40548943
That's OK, there's not too much of a difference between 2003 and 2008 concept-wise.

If you really want to do it the proper way then I suggest you log into each IP address (be it a server, workstation, networking device, etc.) then confirm the computer name or device name matches the corresponding entry in DNS. It will be a time consuming process but it's the only way to be 100% sure you don't delete an entry for an active device.
0
 

Author Comment

by:mishcondereya
ID: 40548988
yeah.. ive actually got a powershell script that does that for me.
it pings the servers and finds the dns entries and notifies me if it matches the server or not.
if it does not match it shows me what server name its referencing... quite handy and has saved me a lot of time..
its not fool proof as it doesnt always return a entry.. just says it doesnt match, so those ones we have to investigate.

theres no major rush with this which is why i want to do it right so parts of it will be manual.

ive found a powershell script here http://www.experts-exchange.com/Programming/Languages/Scripting/Powershell/Q_28472243.html

that will read a csv file and delete the records that i specify.... i just need to test this before running it on our live environment.


in regards to my query about forward and reverse lookup entries.. anything i need to be mindful off when removing them?
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 24

Expert Comment

by:VB ITS
ID: 40549003
in regards to my query about forward and reverse lookup entries.. anything i need to be mindful off when removing them?
Apart from what's already covered above, not really.

Actually, I think the PTR records even get deleted automatically when you delete the corresponding A host record. Try this on your end with a known stale DNS record to confirm.
0
 

Author Comment

by:mishcondereya
ID: 40549017
ok will do

thanks for your help... youve definitely helped me out and sent me on the right path..

will post back later if i have any more questions.
0
 
LVL 39

Expert Comment

by:footech
ID: 40550918
One thing you might consider to help with manual cleanup is to enable scavenging on the zone (but don't enable the server to perform scavenging so it doesn't actually delete any records).  With it enabled on the zone you can see which records are getting their timestamp updated and so those records don't need to be modified.

Some of my favorite links for scavenging.
http://blogs.technet.com/b/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx
http://blogs.technet.com/b/networking/archive/2009/02/09/optimizing-your-network-to-keep-your-dns-squeaky-clean.aspx
http://blogs.msmvps.com/acefekay/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group/
0
 

Author Comment

by:mishcondereya
ID: 40550946
Footech

can you explain a bit more on how that feature works ?

so my understanding from what you said... that if its enabled on the zone but not on the server it will show which entries can be deleted?
0
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
ID: 40550986
It's like in VB ITS's first comment.
the timestamps for entries in DNS aren't updated unless scavenging is actually turned on

With scavenging turned on for a zone, if the timestamp isn't being updated (and it's not a static record), then it's an indication that either the record isn't needed, or security for the record is set such that it can't be dynamically updated by the machine or DHCP.  In the latter case, deleting the record would allow it to be recreated dynamically.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Root Hints - Windows DNS 8 34
Windows 2008 R2 _MSDSC Delegation 8 51
File Server Migration from 2003 to 2008R2 3 62
2003 File Server upgrade 11 54
Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now