dns records damaged, start of authority not registering correctly

[sildargod]

Hi,

we have a large network (70 user +) running active directory
replicated on 2 servers, and recently we had a number of connectivity
issues..

somewhere along the line our dns records got destroyed and recreating
them creates them with an error.

my start of authority (which is supposed to pdc.company.org) is
registering as pdc.10.11.12.1 ... as a result, it cannot resolve and
my domain has stopped responding!! this is leading to endless problems
and i'm feeling lost and nearly at my wit's end.

uninstalling dns on both my pdc and bdc, deleting cache.dns records
and the dns records in system32\config has no effect as the broken
records get recreated immediately when i reinstall dns.

if i edit the soa to be pdc.company.org it resolves to 10.11.12.1 and
the records update to pdc.company.org.

a minute later however, my records readjust to being pdc.10.11.12.1
and it can no longer resolve.

i've run through a million and one attempts to repair my dns, down to
creating every entry manually, but still i have the same thing
happening..

anyone have any ideas?

Cheers!
Kaleem

 

[Herb Martin]

Hi,

we have a large network (70 user +) running active directory
replicated on 2 servers, and recently we had a number of connectivity
issues..

[That's actually quite small but doesn't matter. Large doesn't start until
(many) thousands.]

somewhere along the line our dns records got destroyed and recreating
them creates them with an error.

This doesn't just 'happen' so finding the person responsible or
understanding
how it happened may be important to you.

my start of authority (which is supposed to pdc.company.org) is
registering as pdc.10.11.12.1 ... as a result, it cannot resolve and
my domain has stopped responding!! this is leading to endless problems
and i'm feeling lost and nearly at my wit's end.

"as a result" ??? There is nothing in that sentence that explains a
problem.

Recreate the zone, if you have a Domain make that zone dynamic.
Restart every DC or the DC's "netlogon" service.

Run "Ipconfig /registerDNS" on ever machine.

Manually add any records that are not set for "dynamic" registration.

uninstalling dns on both my pdc and bdc, deleting cache.dns records

Should be no need to delete cache.

and the dns records in system32\config has no effect as the broken
records get recreated immediately when i reinstall dns.

You should either NOT be deleting anything in "config".

if i edit the soa to be pdc.company.org it resolves to 10.11.12.1 and
the records update to pdc.company.org.

a minute later however, my records readjust to being pdc.10.11.12.1
and it can no longer resolve.

That is the same number.

Is this an AD Integrated DNS server SET? With more than one DC?
They are going to replicate.

i've run through a million and one attempts to repair my dns, down to
creating every entry manually, but still i have the same thing
happening..

You cannot practically and correctly create records manually for an AD
Domain.

 

[sildargod]

Hi,

we have a large network (70 user +) running active directory
replicated on 2 servers, and recently we had a number of connectivity
issues..

[That's actually quite small but doesn't matter. Large doesn't start until
(many) thousands.]

somewhere along the line our dns records got destroyed and recreating
them creates them with an error.

This doesn't just 'happen' so finding the person responsible or
understanding
how it happened may be important to you.

my start of authority (which is supposed topdc.company.org) is
registering as pdc.10.11.12.1 ... as a result, it cannot resolve and
my domain has stopped responding!! this is leading to endless problems
and i'm feeling lost and nearly at my wit's end.

"as a result" ??? There is nothing in that sentence that explains a
problem.

Recreate the zone, if you have a Domain make that zone dynamic.
Restart every DC or the DC's "netlogon" service.

Run "Ipconfig /registerDNS" on ever machine.

Manually add any records that are not set for "dynamic" registration.

uninstalling dns on both my pdc and bdc, deleting cache.dns records

Should be no need to delete cache.

and the dns records in system32\config has no effect as the broken
records get recreated immediately when i reinstall dns.

You should either NOT be deleting anything in "config".

if i edit the soa to bepdc.company.orgit resolves to 10.11.12.1 and
the records update topdc.company.org.

a minute later however, my records readjust to being pdc.10.11.12.1
and it can no longer resolve.

That is the same number.

Is this an AD Integrated DNS server SET? With more than one DC?
They are going to replicate.

i've run through a million and one attempts to repair my dns, down to
creating every entry manually, but still i have the same thing
happening..

You cannot practically and correctly create records manually for an AD
Domain.

forgive me, perhaps i wasn't being entirely clear.

we haven't yet determined what or who caused the record damage, but,

my pdc is supposed to be called "pdc.company.org" but in my records it
is listed as "pdc.10.11.12.1"

"pdc.company.org" resolves to 10.11.12.1 which is what it's ip address
is, but "pdc.10.11.12.1" doesn't resolve to anything, which is
perfectly correct by my understanding.

yet, when i change my Start of Authority in dns to look to
pdc.company.org as the primary server, it automatically changes to
"pdc.10.11.12.1" after a minute or two. i cannot stop this and i don't
know why it's doing it in the first place. have done a net start
netlogon on both dc's and reregistering the dns settings registers the
pdc as "pdc.10.11.12.1" which is not working.

i'm at my wit's end..

any steps i should take from here?

thanks again!
Kaleem

 

[Herb Martin]

Hi,

we have a large network (70 user +) running active directory
replicated on 2 servers, and recently we had a number of connectivity
issues..

[That's actually quite small but doesn't matter. Large doesn't start
until
(many) thousands.]

somewhere along the line our dns records got destroyed and recreating
them creates them with an error.

This doesn't just 'happen' so finding the person responsible or
understanding how it happened may be important to you.

my start of authority (which is supposed topdc.company.org) is
registering as pdc.10.11.12.1 ... as a result, it cannot resolve and
my domain has stopped responding!! this is leading to endless problems
and i'm feeling lost and nearly at my wit's end.

Recreate the zone, if you have a Domain make that zone dynamic.
Restart every DC or the DC's "netlogon" service.
Run "Ipconfig /registerDNS" on every machine.
Manually add any records that are not set for "dynamic" registration.

my pdc is supposed to be called "pdc.company.org" but in my records it
is listed as "pdc.10.11.12.1"

Where it is listed like this? Where specifically? (In DNS? Then in which
zone?) Nothing like that should every appear in DNS -- you shouldn't
have a zone that looks anything like this.

"pdc.company.org" resolves to 10.11.12.1 which is what it's ip address
is, but "pdc.10.11.12.1" doesn't resolve to anything, which is
perfectly correct by my understanding.

Why should it? Is this some type of DNS record? What type?
Where do you see then? When does it matter?

yet, when i change my Start of Authority in dns to look to

What does the above mean? The Start of Authority doesn't say where
anything should "look" except to REGISTER the dynamic records since
it lists the Primary/Master.

pdc.company.org as the primary server, it automatically changes to
"pdc.10.11.12.1" after a minute or two.

Changes where? In the SOA record?

What is the PRIMARY Domain name AND suffix of this machine in
the System Control Panel?

Are there any "Connection specific suffixes" listed for ANY NICs in
the IP->Advanced->DNS properties (if only one NIC remove them.)

i cannot stop this and i don't
know why it's doing it in the first place. have done a net start
netlogon on both dc's and reregistering the dns settings registers the
pdc as "pdc.10.11.12.1" which is not working.

Post the UNEDITED TEXT output from "IPConfig /all >cfg.txt" here.

Run "DCDiag /c" on ever DC and post that text output as well.

 

[sildargod]

Hi,
we have a large network (70 user +) running active directory
replicated on 2 servers, and recently we had a number of connectivity
issues..
[That's actually quite small but doesn't matter. Large doesn't start
until
(many) thousands.]
somewhere along the line our dns records got destroyed and recreating
them creates them with an error.
This doesn't just 'happen' so finding the person responsible or
understanding how it happened may be important to you.
my start of authority (which is supposed topdc.company.org) is
registering as pdc.10.11.12.1 ... as a result, it cannot resolve and
my domain has stopped responding!! this is leading to endless problems
and i'm feeling lost and nearly at my wit's end.
Recreate the zone, if you have a Domain make that zone dynamic.
Restart every DC or the DC's "netlogon" service.
Run "Ipconfig /registerDNS" on every machine.
Manually add any records that are not set for "dynamic" registration.
a minute later however, my records readjust to being pdc.10.11.12.1
and it can no longer resolve.

my pdc is supposed to be called "pdc.company.org" but in my records it
is listed as "pdc.10.11.12.1"

Where it is listed like this? Where specifically? (In DNS? Then in which
zone?) Nothing like that should every appear in DNS -- you shouldn't
have a zone that looks anything like this.

"pdc.company.org" resolves to 10.11.12.1 which is what it's ip address
is, but "pdc.10.11.12.1" doesn't resolve to anything, which is
perfectly correct by my understanding.

Why should it? Is this some type of DNS record? What type?
Where do you see then? When does it matter?

yet, when i change my Start of Authority in dns to look to

What does the above mean? The Start of Authority doesn't say where
anything should "look" except to REGISTER the dynamic records since
it lists the Primary/Master.

pdc.company.orgas the primary server, it automatically changes to
"pdc.10.11.12.1" after a minute or two.

Changes where? In the SOA record?

What is the PRIMARY Domain name AND suffix of this machine in
the System Control Panel?

Are there any "Connection specific suffixes" listed for ANY NICs in
the IP->Advanced->DNS properties (if only one NIC remove them.)

i cannot stop this and i don't
know why it's doing it in the first place. have done a net start
netlogon on both dc's and reregistering the dns settings registers the
pdc as "pdc.10.11.12.1" which is not working.

Post the UNEDITED TEXT output from "IPConfig /all >cfg.txt" here.

Run "DCDiag /c" on ever DC and post that text output as well.

just to confirm, i have resolved the problem (to an extent) and i have
every intent of murdering someone.

there is a group policy object under local computer -> administrative
templates -> network -> dns client -> primary dns suffix.

some fool had entered in 10.11.12.1 as the primary dns suffix into the
global group policy and all the machines (including the servers.) had
taken this to heart. removing this has resolved my dns problem and i
am able to operate again. now, however i have another problem as
someone (most likely this same fool, who is due an ascii whooping) has
created a 2 way trust with one of our domain controllers, making our
pcs think the controller is a domain itself.

this tears me up, it really does, but thank you for bearing with me in
what has been a *very* tense and grouchy few days.

Cheers!
Kaleem

 

[Herb Martin]

just to confirm, i have resolved the problem (to an extent) and i have
every intent of murdering someone.

Glad to hear you made good progress. If killing is not allowed for
such infractions in your juridictions, perhaps losing admin privileges
is a minimum punishment.

there is a group policy object under local computer -> administrative
templates -> network -> dns client -> primary dns suffix.

Most people never think to set that THERE. There is also one in DNS
which is actually GOOD to set to the actual DNS name suffix.

some fool had entered in 10.11.12.1 as the primary dns suffix into the
global group policy and all the machines (including the servers.) had
taken this to heart. removing this has resolved my dns problem and i
am able to operate again. now, however i have another problem as
someone (most likely this same fool, who is due an ascii whooping) has
created a 2 way trust with one of our domain controllers, making our
pcs think the controller is a domain itself.

An "Ascii whooiping" -- that sounds interesting.

this tears me up, it really does, but thank you for bearing with me in
what has been a *very* tense and grouchy few days.

Certainly. Glad to help as little as I did.