DNS SRV record keeps repopulating under the FOrward Lookup Zone
DNS SRV record keeps repopulating under the FOrward Lookup Zone _msdcs dc sites _tcp. It was a phantom domain controller removed from Active DIrectory months ago. ADSI Edit was also cleared and doesn't show the phantom DC but DNS is. NO errors in the logs and also tried dnscmd with no luck.
One domain at 2012 R2 functional level. FSMO roles were not on this phantom DC that was removed.
One domain at 2012 R2 functional level. FSMO roles were not on this phantom DC that was removed.
DrDave242
Is this just one single SRV record that keeps appearing, or multiple records?
ASKER
One single server one for that old server name as the _ldap and _kerberos record
How many domain controllers are in that domain (ones that are currently functional, I mean, not counting the old server that's no longer there)?
ASKER
6
On each of those DCs, open the netlogon.dns file and search it for the name of that defunct DC. This file is located in Windows\system32\config and is simply a text file that can be opened in Notepad. It contains a list of every DNS record that will be registered for that particular DC, so you shouldn't ever see the name of a different DC in that file. (It does happen on occasion, but typically only in a rename situation in which something has gone wrong.)
Please let me know what you find.
Please let me know what you find.
ASKER
Just checked all and all of them have their own host names only, no mention of the rouge defunt DC server.
Sounds like one of your DCs is not properly replicating and is repopulating. You should be able to check th ACLs on the record (if DNS is AD-integrated) and troubleshoot the troublesome DC.
ASKER
It is AD-integrated. How do I check that? Security tab shows enterprise dcs and domain admins have full control.
We had a similar issue a while back. It doesn't matter if you removed the DC from ADSI and demoted the server. Looks like the server has been powered up with the Services and it's just creating the DNS records for itself as they are missing. DCs have that feature built where, if by mistake srv records got deleted it recreates them. Ping the IP address multiple time and make sure that you don't have two servers using same IP address where one is a Unix server and the second a DC.
Was this server Physical?
Was this server Physical?
ASKER
Does not and IP and old server name are both unreachable. Yes it was physical
But behaviour is like the Server getting active and register it's DNS record. If you Delete the records manually combining cache DNS how long does it take before the DNS appear and what time stamp does it have.
I'm wondering if the DNS record are recreates at any time or let's say every hour in first minute.
I'm wondering if the DNS record are recreates at any time or let's say every hour in first minute.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It takes about a second, soon as refresh it comes back.
Is the domain you removed still alive ?
Do you have any trust relationship established with that domain ?
Is the orphaned DC present somewhere in the sites and services ?
Do you have any trust relationship established with that domain ?
Is the orphaned DC present somewhere in the sites and services ?