DNS "A" records

[Simon]

Hi folks,

This morning I noticed that from our DNS a number of "A" records (around 15
to 20 records) went missing from the forward zone.
we have gone through the DNS logs but found no major event....


Can anybody help with tips on how to investigate this case....This is a
pinching problem as there is no gurantee that this may not happen again....

rgds
Simon

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Hi folks,

This morning I noticed that from our DNS a number of "A"
records (around 15 to 20 records) went missing from the
forward zone.
we have gone through the DNS logs but found no major
event....


Can anybody help with tips on how to investigate this
case....This is a pinching problem as there is no
gurantee that this may not happen again....

It sounds to me like the records were scavenged by DNS, if they are supposed
to br static records, make sure they aren't time stamped.

 

[Simon]

Kevin....Thanks for the quick response.....

I suspected that first I did was remove the Scavenging setting on the
forward zone.....since then things are cool .....

Yes they were static records....

Can you please help me summarise my understanding on this...apologies if I
am confused on some things

1. The servers whose A records were missing from the zone were Win2k Servers
with static IP
--> My assumtion : They are active servers so I belive that the records
should not be scavanged

2. The DNS is configured for secure updates
----> My assumption is the servers being members of the domain should be
able to do a dynamic update

3. a bit more for "make sure they aren't time stamped"

Thanks for your valuable time.

rgds
Simon

 

[ObiWan]

It sounds to me like the records were scavenged by DNS,

if they are supposed to br static records, make sure they
aren't time stamped.

Also; setup a scheduled job to backup your DNS zone files
e.g. "zipping" them and using date/time in the name, this way
you'll also have a quick recovery solution (just in case)

 

[ObiWan]

It sounds to me like the records were scavenged by DNS,

if they are supposed to br static records, make sure they
aren't time stamped.

Almost forgot ... are there some other DNS servers (IPs)
which are allowed to change the zone ?!? If that's the case
I'd investigate to see if someone didn't just delete those
records ...probably it was an error

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Kevin....Thanks for the quick response.....

I suspected that first I did was remove the Scavenging
setting on the forward zone.....since then things are
cool .....

Yes they were static records....

Can you please help me summarise my understanding on
this...apologies if I am confused on some things

1. The servers whose A records were missing from the zone
were Win2k Servers with static IP
--> My assumtion : They are active servers so I belive
that the records should not be scavanged

If something changed on the servers that prevented them from re-registering
their addresses in DNS, the record will be scavenged based on the last
timestamp on the record.

2. The DNS is configured for secure updates
----> My assumption is the servers being members of the
domain should be able to do a dynamic update

This is true but you would have to take a look at the zone or record ACL to
see if someone may have either accidentally or purposely changed the
permissions that prevented the machines from having permission to update
their records.

3. a bit more for "make sure they aren't time stamped"

If the servers are static and will stay that way, on the property sheet for
their records clear the check box "Delete this record when it becomes
stale", this will remove the timestamp and prevent the record from being
scavenged.

 

[Simon]

Thanks a lot guys ...we think it is the permissions which could be the issue
which did not allow some servers to update to the DNS ......

Thanks a lot for the pointer....

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Thanks a lot guys ...we think it is the permissions which
could be the issue which did not allow some servers to
update to the DNS ......

That would explain it, if the servers lost permission to update DNS, the
record would not get an updated timestamp and would eventually get scavenged
as a stale record.