Solved

DNS Records Deleted?

Posted on 2016-07-21
12
62 Views
Last Modified: 2016-07-28
I would like to know under what circumstances (either by design or otherwise... all inclusive) would any server (including domain controllers) remove their own DNS records.  

Is this not only possible but is it something that occurs regularly/normally??  and if so, why?

Thank you!
0
Comment
Question by:Danny Verrazano
  • 4
  • 4
  • 2
  • +2
12 Comments
 
LVL 25

Accepted Solution

by:
DrDave242 earned 250 total points
Comment Utility
Scavenging is the main reason that comes to mind. This is the process by which a DNS server looks at all of the records in a zone and deletes the ones that haven't been refreshed or updated within a certain length of time. The process is a bit more complicated that that, of course; this article gives a very good overview of it.
1
 

Author Comment

by:Danny Verrazano
Comment Utility
Let me ask a different way.

Does a server (and/or Domain Controller) have the ability to remove its own DNS records (A or SRV)?

If yes, when and why would that happen?

Anyone?
0
 
LVL 5

Expert Comment

by:efrimpol
Comment Utility
I've never come across a situation whereas a DC would remove it's own DNS info and I've been managing a network since days of NT4.
0
 

Author Comment

by:Danny Verrazano
Comment Utility
When dynamic updates is turned on, even with servers set with static IP addresses, do they refresh their DNS records on a schedule of some sort?  

If so, what would that refresh look like to the DNS servers?  How is it done?  Is it that they do a delete and then re-register??
0
 
LVL 25

Expert Comment

by:DrDave242
Comment Utility
I agree with efrimpol. Yes, the server has the ability to do this, because the permissions on the server's own DNS records allow it to make changes to them, but I can't think of a situation in which a server would delete them (aside from some kind of strange malware action).
0
 
LVL 25

Expert Comment

by:DrDave242
Comment Utility
I believe the refresh happens every 60 minutes for a DC and every 24 hours for everything else. Nothing gets deleted during a refresh; the timestamp on the record is simply updated.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 5

Assisted Solution

by:Mdlinnett
Mdlinnett earned 125 total points
Comment Utility
Scavenging only affects DCs / NameServers if the DNS entry is managed dynamically rather than statically, this is not 'out of the box' behaviour.

Go into your DNS console and check the 'Timestamp' column for your DC's, does it have a date and time or does it say 'static'?

If they aren't static, follow this guide to update the records you need to > http://social.technet.microsoft.com/wiki/contents/articles/21726.how-to-convert-a-dynamic-resource-record-to-a-static-one-without-re-creating-it-in-dns.aspx

Make sure that the affected DNS zone(s) are set to only receive Secure dynamic updates (Right-click the zone > Properties > 'General' tab).
1
 

Author Comment

by:Danny Verrazano
Comment Utility
So you all are mentioning that Dynamic DNS clients regularly update records (every 24 hours?).  

What is the expected normal behavior of servers/domain controllers with static IP addresses in regards to the event logs?  In other words, what events would be logged when a server/domain controller successfully updates or refreshes its DNS records?  

and

What events would be logged on Servers/Domain Controllers if they could not successfully update their DNS records?
0
 
LVL 5

Expert Comment

by:Mdlinnett
Comment Utility
I can't be very specific on that, I'm afraid.  What I can tell you is that the DNS console has it's own event log, you could filter that for errors / warnings?
0
 
LVL 25

Expert Comment

by:DrDave242
Comment Utility
I'm fairly certain nothing goes into the event logs when a machine (DC or not) successfully refreshes its DNS records. I'm not sure whether anything gets logged when a refresh fails, but I don't think so. At least, I can't recall ever seeing an event of that sort.

Incidentally, it doesn't even appear that debug logging logs refresh packets.
1
 
LVL 16

Assisted Solution

by:Learnctx
Learnctx earned 125 total points
Comment Utility
Does a server (and/or Domain Controller) have the ability to remove its own DNS records (A or SRV)?

Open in new window

Yes of course. A DC can do whatever it wants which is why you should limit what runs on a DC (for example sharing a rule like DHCP on a DC can have some really interesting outcomes if someone wants to mess with you).

If yes, when and why would that happen?

Open in new window

I have seen it happen when a DC has no primary DNS suffix set. Sometimes it just happens; if you run monitoring like SCOM with an AD management pack it is not unusual to see these sorts of errors from time to time. Restarting netlogon usually resolves the issue and causes the DC to re-register their records correctly.
1
 

Author Closing Comment

by:Danny Verrazano
Comment Utility
Thank you all for your input.  Greatly appreciated.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

The reason that corporations and businesses use Windows servers is because it supports custom modifications to adapt to the business and what it needs. Most individual users won’t need such powerful options. Here I’ll explain how you can enable Wind…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now