Re: Cannot delete a PTR record, AD integrated DNS

Thu, 05 Aug 2010 14:07:20 -0700 

This is interesting.
Checked \system32\dns on a few of our domain controllers, I'm not finding any zone files with any data in them. I haven't checked all the domain controllers. One thing though - on any DC, if I delete this record and then immediately refresh the zone, that record is right there again, like it's coming from something local or I didn't actually delete the record (though I'm not seeing any kind of error dialogue). 


Checked properties on this record.  There's no timestamp, it's a static 
record.  I suppose that means it could never become stale - thought about 
trying the "Delete this record when it becomes stale" checkbox.  Just 
because I've tried everything I know that makes sense.



I could interrupt DHCP if I do it late on a weekend night.  And it's worth a 
try.  But I just keep going back to the fact that this record reappears 
instantly, as fast as I can delete/refresh, that record is there, on any 
domain controller (all our DC's are running DNS).  So I'm thinking this 
isn't replicating from another DC or being dynamically created from a DHCP 
server.



--------------------------------------------------
From: "Ben Scott" <[email protected]>
Sent: Thursday, August 05, 2010 2:00 PM
To: "NT System Admin Issues" <[email protected]>
Subject: Re: Cannot delete a PTR record, AD integrated DNS


On Thu, Aug 5, 2010 at 2:38 PM, mb <[email protected]> wrote:

I've tried through ADSIEdit,

and interestingly, this record does not exist there.  It does show up in 
the
DNS console as a 'static' record, but I'm at a loss where it's coming 
from.


 Check %SystemRoot%\system32\dns\ for any files which might contain
the offending record.  Some vague notion deep in the dusty reaches of
the back of my mind says there's a thing where MS-DNS will
automatically load/merge records from (some of?) those files even if
it's AD integrated.

 Open the MS DNS MMC GUI.  Enable "Advanced" features (under "View"
menu).  Select the offending record and bring up properties.  What's
the time stamp?  Is it something recent or wicked old?  Check the
"Security" tab.  See if there are any funky permissions that might be
restricting things.

  If you can, try stopping your DHCP server service(s) and then
deleting the record, to see if it comes back without DHCP running.
It's the DHCP service which actually issues the DDNS UPDATE command
for AD clients.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~






















					Reply via email to