Can Not Remove Erroneouos MX Record From DNS Server

[Richard Huelbig]

Hello...

A little bit of background:
I've got one DNS server in my AD domain. My domain has three domain
controllers. I've got one mail server in the domain.

When I view the DNS records in my domain's forward lookup zone I see an MX
record as follows:
(same as parent folder) Mail Exchanger [10] w[].

To me, it looks like an MX record got corrupted somewhere along the line
because I have no hosts named w[]. I am making the assumption that this is a
corrupt record because I do have hosts named w5555, w6666, and w7777. In my
DNS record list I do have correct A records for w5555, w6666, and w7777.
However, there is no A record for w[]. In addition, the mail server that
I've got on my network is correctly listed with both an A record and MX
record.

So, what I want to do is delete the MX record for w[]. However, while I can
use the delete function from the pull-down menu, and while the record does
seem to be deleted, as soon as I refresh the list of records the MX record
for w[] reappears.

So...

1. Do you think that I am correct in my assumption that the MX record for
w[] is a corrupt record? (I'm very familiar with my network configuration so
I know that I don't, in fact, have a mail server with such a name.)

2. How could such a record have "come into existence"? In other words, what
could have caused a record to become corrupted?

3. And last, but most important, how can I delete this record without
having it reappear?

Any assistance would be appreciated.

Regards,

Richard Huelbig

 

[Kevin D. Goodknecht]

In

Hello...

A little bit of background:
I've got one DNS server in my AD domain. My domain has three domain
controllers. I've got one mail server in the domain.

When I view the DNS records in my domain's forward lookup zone I see
an MX record as follows:
(same as parent folder) Mail Exchanger [10] w[].

To me, it looks like an MX record got corrupted somewhere along the
line because I have no hosts named w[]. I am making the assumption
that this is a corrupt record because I do have hosts named w5555,
w6666, and w7777. In my DNS record list I do have correct A records
for w5555, w6666, and w7777. However, there is no A record for w[].
In addition, the mail server that I've got on my network is correctly
listed with both an A record and MX record.

So, what I want to do is delete the MX record for w[]. However, while
I can use the delete function from the pull-down menu, and while the
record does seem to be deleted, as soon as I refresh the list of
records the MX record for w[] reappears.

So...

1. Do you think that I am correct in my assumption that the MX
record for w[] is a corrupt record? (I'm very familiar with my
network configuration so I know that I don't, in fact, have a mail
server with such a name.)

2. How could such a record have "come into existence"? In other
words, what could have caused a record to become corrupted?

3. And last, but most important, how can I delete this record without
having it reappear?

Any assistance would be appreciated.

Regards,

Richard Huelbig

Instead of deleting the record and refreshing the zone, delete the record
and restart DNS.
That should make it go away.

 

[Richard Huelbig]

Hello Kevin,

Thanks for the information. I think I tried that the other day and it did
not work. So, I just tried it again, and unfortunately the record just keeps
reappearing. I did as you suggested, I deleted the record and then stopped
and restarted DNS, and when I went back into the zone the erroneous MX
record came back. Any other thoughts?

Thanks much...

Richard Huelbig

 

[Kevin D. Goodknecht]

In

Hello Kevin,

Thanks for the information. I think I tried that the other day and it
did not work. So, I just tried it again, and unfortunately the record
just keeps reappearing. I did as you suggested, I deleted the record
and then stopped and restarted DNS, and when I went back into the
zone the erroneous MX record came back. Any other thoughts?

Thanks much...

Richard Huelbig

Is the zone AD integrated?
If it is change it to Standard primary then delete the record restart DNS if
it does not come back change it back to AD Integrated.
If the zone is standard primary delete the record then go to
C:\winnt\system32\dns\backup folder and delete the zonename.dns file and
restart DNS.

I've not heard of an MX record being dynamically created but I guess it
could happen if you have AD set to replicate through SMTP in NTDS settings.
I will check on that and get back with you if all else fails.

 

[Richard Huelbig]

Kevin,



Got it!! Thanks for the guidance and pointing me in the right direction.



I checked the zone, and it was AD Integrated? So, I changed it to Standard
Primary, deleted the record, and then restarted DNS. Arghhhh! The record
reappeared. So, I then went to the c:\winnt\system32\dns\backup directory as
you suggested and I deleted the anyzone.dns file (note that the names in
this paragraph and the following example have been changed to protect the
innocent). I then restarted DNS again--the bad record came back yet again.
But where did it come from? Since I had deleted the anyzone.dns file in the
backup folder the record had to be "stored" somewhere else. So, I opened
(using notepad) the anyzone.dns file in the c:\winnt\system32\dns directory
(the parent to the backup folder). When I looked at that file I noticed a
very suspicious looking entry for an MX record. Here's a portion of the
file--notice the MX record for w\340\276\011--I have no idea what
w\340\276\011 is. And, since the MX record listed above that record (the one
for w8888) is the valid record for my mail server, I figured that the
w\340\276\011 was the culprit. I then reopened the anyzone.dns file using a
hex editor (because I've learned the hard way that you should not edit
hexadecimal/ASCII files using notepad or Word) and I deleted the line
containing w\340\276\011.



@ [AGE:3530897] 600 A 12.12.66.88

@ MX 10 w8888.anyzone.com.

@ MX 10 w\340\276\011.

431c7ada-005c-53ec-a45e-18ea0966ecfd._msdcs [AGE:3530970] 600 CNAME
w5555.anyzone.com.

54e05eea-4e17-229c-82de-5a10eade6614._msdcs [AGE:3530970] 600 CNAME
w6666.anyzone.com.

8b27cb18-d0a4-3641-9435-adf452aa1c13._msdcs [AGE:3531040] 600 CNAME
w7777.anyzone.com.



The modified anyzone.dns file contained this:



@ [AGE:3530897] 600 A 12.12.66.88

@ MX 10 w8888.anyzone.com.

431c7ada-005c-53ec-a45e-18ea0966ecfd._msdcs [AGE:3530970] 600 CNAME
w5555.anyzone.com.

54e05eea-4e17-229c-82de-5a10eade6614._msdcs [AGE:3530970] 600 CNAME
w6666.anyzone.com.

8b27cb18-d0a4-3641-9435-adf452aa1c13._msdcs [AGE:3531040] 600 CNAME
w7777.anyzone.com.



I then restarted DNS and voila, the bad record was gone. But I didn't get my
hopes up yet--I've seen this routine too many times! So, I changed the DNS
to AD Integrated, stopped and restarted the DNS, and sure enough, the record
was gone--for good this time! I even rebooted the server on which I'm
running DNS and when reviewing the records the erroneous MX record was
indeed gone.



I've learned something tonight and feel quite a bit better knowing that my
network does not have strange and unknown records floating around. Thanks
for your help! Over the past year or so I've had to post a couple of other
questions on the Microsoft NGs, and in each case I've received valuable and
to-the-point assistance from you and other MVPs.



Thanks again,



Richard Huelbig

 

[Kevin D. Goodknecht]

In

Kevin,



Got it!! Thanks for the guidance and pointing me in the right
direction.



I checked the zone, and it was AD Integrated? So, I changed it to
Standard Primary, deleted the record, and then restarted DNS.
Arghhhh! The record reappeared. So, I then went to the
c:\winnt\system32\dns\backup directory as you suggested and I deleted
the anyzone.dns file (note that the names in this paragraph and the
following example have been changed to protect the innocent). I then
restarted DNS again--the bad record came back yet again. But where
did it come from? Since I had deleted the anyzone.dns file in the
backup folder the record had to be "stored" somewhere else. So, I
opened (using notepad) the anyzone.dns file in the
c:\winnt\system32\dns directory (the parent to the backup folder).
When I looked at that file I noticed a very suspicious looking entry
for an MX record. Here's a portion of the file--notice the MX record
for w\340\276\011--I have no idea what w\340\276\011 is. And, since
the MX record listed above that record (the one for w8888) is the
valid record for my mail server, I figured that the w\340\276\011 was
the culprit. I then reopened the anyzone.dns file using a hex editor
(because I've learned the hard way that you should not edit
hexadecimal/ASCII files using notepad or Word) and I deleted the line
containing w\340\276\011.



@ [AGE:3530897] 600 A 12.12.66.88

@ MX 10 w8888.anyzone.com.

@ MX 10 w\340\276\011.

431c7ada-005c-53ec-a45e-18ea0966ecfd._msdcs [AGE:3530970] 600
CNAME w5555.anyzone.com.

54e05eea-4e17-229c-82de-5a10eade6614._msdcs [AGE:3530970] 600
CNAME w6666.anyzone.com.

8b27cb18-d0a4-3641-9435-adf452aa1c13._msdcs [AGE:3531040] 600
CNAME w7777.anyzone.com.



The modified anyzone.dns file contained this:



@ [AGE:3530897] 600 A 12.12.66.88

@ MX 10 w8888.anyzone.com.

431c7ada-005c-53ec-a45e-18ea0966ecfd._msdcs [AGE:3530970] 600
CNAME w5555.anyzone.com.

54e05eea-4e17-229c-82de-5a10eade6614._msdcs [AGE:3530970] 600
CNAME w6666.anyzone.com.

8b27cb18-d0a4-3641-9435-adf452aa1c13._msdcs [AGE:3531040] 600
CNAME w7777.anyzone.com.



I then restarted DNS and voila, the bad record was gone. But I didn't
get my hopes up yet--I've seen this routine too many times! So, I
changed the DNS to AD Integrated, stopped and restarted the DNS, and
sure enough, the record was gone--for good this time! I even rebooted
the server on which I'm running DNS and when reviewing the records
the erroneous MX record was indeed gone.



I've learned something tonight and feel quite a bit better knowing
that my network does not have strange and unknown records floating
around. Thanks for your help! Over the past year or so I've had to
post a couple of other questions on the Microsoft NGs, and in each
case I've received valuable and to-the-point assistance from you and
other MVPs.



Thanks again,



Richard Huelbig

No problem, glad to have been able to help!

 

[Michael Johnston [MSFT]]

That's great info. We'll have to make sure that gets documented.

Thank you,
Mike Johnston
Microsoft Network Support
--

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the
terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from
which they originated.