Static DNS records hosted in AD/DDNS zone fall out

[Jeff Sumner]

I've created two A records in an Active Directory integrated zone, both
via the DNS Admin snap-in and "nsupdate." The records stay around for a
while, but after "some time," they disappear. There are no errors in the
logs. There are several other static entries in that zone that never
disappear.

Is there a way to log record adds/deletions without pulling all logging
events?

Anyone see this happening? These records are heavily queried, and they
are the only ones that seem to be falling out of the zone. There are no
errors in the various logs.

As a work around, I've a cron job that is doing the work of constantly
pushing the records back in, but that's not the fix I prefer.

JD

 

[Herb Martin]

I've created two A records in an Active Directory integrated zone, both
via the DNS Admin snap-in and "nsupdate." The records stay around for a
while, but after "some time," they disappear. There are no errors in the
logs. There are several other static entries in that zone that never
disappear.

Is there a way to log record adds/deletions without pulling all logging
events?

Anyone see this happening? These records are heavily queried, and they
are the only ones that seem to be falling out of the zone. There are no
errors in the various logs.

As a work around, I've a cron job that is doing the work of constantly
pushing the records back in, but that's not the fix I prefer.

You can if you wish Audit DS objects directly --
this is separate from other things like Account
Management or Account Logons.

This is similar to file auditing in that you turn on
the feature IN GENERAL, but must ALSO set the
ACL (just like permission ACLs but referencing
Auditing instead) ONLY on the specific objects
(or trees of objects) which interest you.

You will have to locate the DNS records or parent
container and set the appropriate (permission-like)
audit settings AND turn on the general setting.