Tuesday, February 21, 2012 9:57 PMHello.
Months ago we merged a couple of domains into a single, new domain. We have three DC's and all run DNS. DNS is Active Directory integrated.
I was just poking around today and noticed that old workstation hostnames (A records) from an old domain are in DNS. I've deleted the records but they just return. These computers were re-imaged, so to my knowledge there shouldn't be any residual information from the old domain on the computers.
I've run nslookup and checked for old DNS servers, but the only name servers that are found are the three new DC's, as expected. I've also logged into each DC and deleted the records on each, thinking that possibly the records were being replicated across the domain.
I haven't the slightest idea how these records are being created. Can anyone offer some insight? This is driving me crazy!
Thursday, February 23, 2012 7:27 AMModerator
Thanks for posting here.
Have you verified the ownership of this ghost record and that should help us to locate the computer which registered it .
Meanwhile, enabling auditing feature should also help us to troubleshoot in order to found the source host . We usually will use this method to investigate record missing issue but I think it should also help us to track in this one :
Auditing a DNS Zone
TechNet Community Support
Thursday, February 23, 2012 5:21 PM
Thanks for the suggestion. I'll enable auditing and see if it turns anything up.
Since this is happening to a great number of machines it was easy to find one with the problem. I will try to explain this as clearly as possible but even I'm confused...
The new hostname on this machine is CCHS-2109-02. However, in DNS the IP address was applied to 2109-14. On the workstation I could ping 2109-14 and it would respond with the IPv4 IP address of the machine. When I pinged CCHS-2109-02, it responded with the IPv6 address. As a test, I deleted the 2109-14 record from DNS, and I also disabled IPv6 on the workstation. So far the old hostname has not returned to DNS, but in the past when I've deleted the erroneous hostnames they would return within a couple of days, so I'm not getting too excited yet.
I looked in the registry for the old hostname but couldn't find any reference to it. I wasn't present when these machines were added to the new domain, but I'm wondering if they were added to the new domain with their old hostnames, and then changed after being on the domain, and therefore resulting in some kind of strange residual settings.
Friday, February 24, 2012 5:21 AM
Check the following thread, posted today, too, with a similar issue. See if the suggestions I posted help.
MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights.