Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DNS Records being deleted

Status
Not open for further replies.

AJP69

IS-IT--Management
Jul 1, 2003
81
GB
My Windows 2000 DNS server has started playing up recently and I was looking for some suggestions.

Certain host records have been deleted for no apparent reason and there are no obviously relevant errors in the event logs. The reverse pointer entry remains intact.

THE DNS service is Active Directory integrated and has a handfull of other servers and it is the addresses for some of these servers that are being deleted from DNS.

Each of our server has 3 NICS which are on 3 DIFFERENT LANS, one is a workstation LAN, no problems there. the second is a primary interserver LAN (this is where the record is being deleted)and the third is a secondary interserver lan which is just there as a manual backup.

The server that is having it's DNS host record deleted has the following host records and associated pointer records

10.0.1.20 Database1 - Workstation LAN
10.0.2.20 Database1 - PrimaryInterserver LAN
10.0.3.20 Database1 - SecondaryInterserver LAN

So When I ping Database1 from a workstation on the 10.0.1 lan I correctly get it returning 10.0.1.20.

When I ping Database1 from a server on the 10.0.3 lan I correctly get it returning 10.0.3.20.

BUT when I ping Database1 from a server on the 10.0.2 lan I get it returning 10.0.3.20 instead of 10.0.2.20

When I check the DNS server I find that the host record for Database1 10.0.3.20 has been deleted.

The host records are for virtual SQL servers and thus far this is the only one affected. I checked the database Cluster and can't see any obvious problems there.

This has worked well for 5 years, it is strange that it should go wrong now.

Any ideas would be appreciated.

AJ





 
By default Windows 2000 allows anyone non-secure zone file updates of the DNS server.

1st step here would be to only allow secure dynamic updates.


 
Thanks for the reply.

Sorry I should have said it is Aactive Directory integrated with secure updates turned on.

The DNS server is for the database and terminal servers only, it does not receive or forward from other servers.

In theory the updates could only come from the virtual database server but there is no reason for this and especially now after 5 years of operation.
 
Your zone may have gotten corrupt. This is known to happen, and with AD integrated zones, the best thing to do is convert the zone back to a standard primary, fix the records and leave it for a few days, and then change it back to AD Integrated again to purge the corruption. Here's someone documenting the process in an environment that's may be more complex than yours, but you'll be able to pick out the relevant bits:


ShackDaddy
 
Sorry, I forgot to point out that you might also try turning off WINS integration for a while, since that's also been known to cause this. Since WINS handles multi-homing very badly, it can screw with DNS A-records when you've got them linked up together.

ShackDaddy
 
Thanks for that link, I will check it out, luckily we got rid of WINS and Netbios when we moved to Win2000.

 
Useful to know but no DCHP on our DC
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top