DNS records from 3 years ago

[Goid]

I have a virtual DC that I promoted on my domain, then moved to an isolated network for testing. I deleted that domain DNS zone, restarted the netlogon service, then checked DNS again. What happened was the entire zone was populated with DNS records from years ago, back when we were on the 192.168 addressing scheme. I checked c:\Windows\System32\DNS and the files there are related to our current addressing scheme, not the 192. What I am wondering is where this information came from. The backup DNS file is current to our infrastructure, so I don't know where else this info can come from. Maybe I'm missing something, but searches on Google show no other location where this could be stored. Does anyone know where else this info could have come from?

 

[TechyMcSe2k]

is that server still configured to replicate from other known NS servers? Do you have any other DNS servers accessible to this test box that would hold this info?

also, was this an Integrated AD DNS zone? This info is stored in the safety of AD and would possibly still have cached information within your AD...not in the System32/DNS folder.

run an ipconfig /displaydns and see if the records are there. if so do an ipconfig /flushdns on that server.


_______________________________________
I hope any help I give leads to great successes.
MCSE, MCSA, MCTS, CCA, VCP, CCNA

 

[Goid]

I have totally isolated this server so it is pulling the info from itself. It is an AD-integrated zone. Ipconfig /displaydns showed some entries, but none indicated anything on the 192. They referred to hostnames and local loopback address. After clearing DNS I only get response from the loopback address. So how would I query AD to find this orphaned information?

 

[Goid]

I just ran an LDAP query on Active Directory and I am finding that all of these servers exist in AD, even though they are not visible through any of the common tools. So the information was pulled from AD obviously, but the question remains why is this info still in AD? We have no sites that refer to this and no computer/DC objects that match the results.

 

[TechyMcSe2k]

you said: DC that I promoted on my domain, then moved to an isolated network for testing

It was replicated before the move when it became a DC. Then it sounds like you move it to Test; but the information would remain. Then without any further replications...the data is never removed. May need to turn on scavenging old records in DNS...maybe that will help.


_______________________________________
I hope any help I give leads to great successes.
MCSE, MCSA, MCTS, CCA, VCP, CCNA

 

[Goid]

What I am trying to do is test how things would occur on my domain, without actually making changes to the domain. We have a bunch of service/site records missing from the domain dns zone, but the forest zone contains these records. I am trying to figure why these entries are missing from domain.com/_msdcs but they exist on the _msdcs.domain.com zone and what i would need to do to fix them. One document I was reading suggested to delete the domain.com zone, restart netlogon to have this recreated from backup. I wanted to test what would happen in my production environment, which is why I have isolated this DC. So when I deleted the domain.com dns zone, restarted netlogon, the zone came back but with information from years ago that would blow up my current network if I actually did this. So I checked the %systemroot%\dns\backup folder. These backup files contain information that is correct to my current infrastructure. I don't think scavenging would help in this case because scavenging only works on DNS and all values within production DNS are valid. So I am trying to figure 1) where did the zone information from 3 years ago come from? 2) If it did come from Active Directory, why is Active Directory holding on to this information?