Solved

DNS Records Deleted?

Posted on 2016-07-21
12
78 Views
Last Modified: 2016-07-28
I would like to know under what circumstances (either by design or otherwise... all inclusive) would any server (including domain controllers) remove their own DNS records.  

Is this not only possible but is it something that occurs regularly/normally??  and if so, why?

Thank you!
0
Comment
Question by:Danny Verrazano
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
  • +2
12 Comments
 
LVL 26

Accepted Solution

by:
DrDave242 earned 250 total points
ID: 41723266
Scavenging is the main reason that comes to mind. This is the process by which a DNS server looks at all of the records in a zone and deletes the ones that haven't been refreshed or updated within a certain length of time. The process is a bit more complicated that that, of course; this article gives a very good overview of it.
1
 

Author Comment

by:Danny Verrazano
ID: 41723293
Let me ask a different way.

Does a server (and/or Domain Controller) have the ability to remove its own DNS records (A or SRV)?

If yes, when and why would that happen?

Anyone?
0
 
LVL 6

Expert Comment

by:efrimpol
ID: 41723406
I've never come across a situation whereas a DC would remove it's own DNS info and I've been managing a network since days of NT4.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:Danny Verrazano
ID: 41723646
When dynamic updates is turned on, even with servers set with static IP addresses, do they refresh their DNS records on a schedule of some sort?  

If so, what would that refresh look like to the DNS servers?  How is it done?  Is it that they do a delete and then re-register??
0
 
LVL 26

Expert Comment

by:DrDave242
ID: 41723649
I agree with efrimpol. Yes, the server has the ability to do this, because the permissions on the server's own DNS records allow it to make changes to them, but I can't think of a situation in which a server would delete them (aside from some kind of strange malware action).
0
 
LVL 26

Expert Comment

by:DrDave242
ID: 41723651
I believe the refresh happens every 60 minutes for a DC and every 24 hours for everything else. Nothing gets deleted during a refresh; the timestamp on the record is simply updated.
0
 
LVL 5

Assisted Solution

by:Mdlinnett
Mdlinnett earned 125 total points
ID: 41723775
Scavenging only affects DCs / NameServers if the DNS entry is managed dynamically rather than statically, this is not 'out of the box' behaviour.

Go into your DNS console and check the 'Timestamp' column for your DC's, does it have a date and time or does it say 'static'?

If they aren't static, follow this guide to update the records you need to > http://social.technet.microsoft.com/wiki/contents/articles/21726.how-to-convert-a-dynamic-resource-record-to-a-static-one-without-re-creating-it-in-dns.aspx

Make sure that the affected DNS zone(s) are set to only receive Secure dynamic updates (Right-click the zone > Properties > 'General' tab).
1
 

Author Comment

by:Danny Verrazano
ID: 41724553
So you all are mentioning that Dynamic DNS clients regularly update records (every 24 hours?).  

What is the expected normal behavior of servers/domain controllers with static IP addresses in regards to the event logs?  In other words, what events would be logged when a server/domain controller successfully updates or refreshes its DNS records?  

and

What events would be logged on Servers/Domain Controllers if they could not successfully update their DNS records?
0
 
LVL 5

Expert Comment

by:Mdlinnett
ID: 41725156
I can't be very specific on that, I'm afraid.  What I can tell you is that the DNS console has it's own event log, you could filter that for errors / warnings?
0
 
LVL 26

Expert Comment

by:DrDave242
ID: 41725320
I'm fairly certain nothing goes into the event logs when a machine (DC or not) successfully refreshes its DNS records. I'm not sure whether anything gets logged when a refresh fails, but I don't think so. At least, I can't recall ever seeing an event of that sort.

Incidentally, it doesn't even appear that debug logging logs refresh packets.
1
 
LVL 17

Assisted Solution

by:Learnctx
Learnctx earned 125 total points
ID: 41728743
Does a server (and/or Domain Controller) have the ability to remove its own DNS records (A or SRV)?

Open in new window

Yes of course. A DC can do whatever it wants which is why you should limit what runs on a DC (for example sharing a rule like DHCP on a DC can have some really interesting outcomes if someone wants to mess with you).

If yes, when and why would that happen?

Open in new window

I have seen it happen when a DC has no primary DNS suffix set. Sometimes it just happens; if you run monitoring like SCOM with an AD management pack it is not unusual to see these sorts of errors from time to time. Restarting netlogon usually resolves the issue and causes the DC to re-register their records correctly.
1
 

Author Closing Comment

by:Danny Verrazano
ID: 41733224
Thank you all for your input.  Greatly appreciated.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question