DNS Records Deleted?

I would like to know under what circumstances (either by design or otherwise... all inclusive) would any server (including domain controllers) remove their own DNS records.  

Is this not only possible but is it something that occurs regularly/normally??  and if so, why?

Thank you!
LVL 1
Danny VerrazanoAsked:
Who is Participating?
 
DrDave242Connect With a Mentor Commented:
Scavenging is the main reason that comes to mind. This is the process by which a DNS server looks at all of the records in a zone and deletes the ones that haven't been refreshed or updated within a certain length of time. The process is a bit more complicated that that, of course; this article gives a very good overview of it.
1
 
Danny VerrazanoAuthor Commented:
Let me ask a different way.

Does a server (and/or Domain Controller) have the ability to remove its own DNS records (A or SRV)?

If yes, when and why would that happen?

Anyone?
0
 
efrimpolCommented:
I've never come across a situation whereas a DC would remove it's own DNS info and I've been managing a network since days of NT4.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
Danny VerrazanoAuthor Commented:
When dynamic updates is turned on, even with servers set with static IP addresses, do they refresh their DNS records on a schedule of some sort?  

If so, what would that refresh look like to the DNS servers?  How is it done?  Is it that they do a delete and then re-register??
0
 
DrDave242Commented:
I agree with efrimpol. Yes, the server has the ability to do this, because the permissions on the server's own DNS records allow it to make changes to them, but I can't think of a situation in which a server would delete them (aside from some kind of strange malware action).
0
 
DrDave242Commented:
I believe the refresh happens every 60 minutes for a DC and every 24 hours for everything else. Nothing gets deleted during a refresh; the timestamp on the record is simply updated.
0
 
MdlinnettConnect With a Mentor Commented:
Scavenging only affects DCs / NameServers if the DNS entry is managed dynamically rather than statically, this is not 'out of the box' behaviour.

Go into your DNS console and check the 'Timestamp' column for your DC's, does it have a date and time or does it say 'static'?

If they aren't static, follow this guide to update the records you need to > http://social.technet.microsoft.com/wiki/contents/articles/21726.how-to-convert-a-dynamic-resource-record-to-a-static-one-without-re-creating-it-in-dns.aspx

Make sure that the affected DNS zone(s) are set to only receive Secure dynamic updates (Right-click the zone > Properties > 'General' tab).
1
 
Danny VerrazanoAuthor Commented:
So you all are mentioning that Dynamic DNS clients regularly update records (every 24 hours?).  

What is the expected normal behavior of servers/domain controllers with static IP addresses in regards to the event logs?  In other words, what events would be logged when a server/domain controller successfully updates or refreshes its DNS records?  

and

What events would be logged on Servers/Domain Controllers if they could not successfully update their DNS records?
0
 
MdlinnettCommented:
I can't be very specific on that, I'm afraid.  What I can tell you is that the DNS console has it's own event log, you could filter that for errors / warnings?
0
 
DrDave242Commented:
I'm fairly certain nothing goes into the event logs when a machine (DC or not) successfully refreshes its DNS records. I'm not sure whether anything gets logged when a refresh fails, but I don't think so. At least, I can't recall ever seeing an event of that sort.

Incidentally, it doesn't even appear that debug logging logs refresh packets.
1
 
LearnctxConnect With a Mentor EngineerCommented:
Does a server (and/or Domain Controller) have the ability to remove its own DNS records (A or SRV)?

Open in new window

Yes of course. A DC can do whatever it wants which is why you should limit what runs on a DC (for example sharing a rule like DHCP on a DC can have some really interesting outcomes if someone wants to mess with you).

If yes, when and why would that happen?

Open in new window

I have seen it happen when a DC has no primary DNS suffix set. Sometimes it just happens; if you run monitoring like SCOM with an AD management pack it is not unusual to see these sorts of errors from time to time. Restarting netlogon usually resolves the issue and causes the DC to re-register their records correctly.
1
 
Danny VerrazanoAuthor Commented:
Thank you all for your input.  Greatly appreciated.
0
All Courses

From novice to tech pro — start learning today.