none
Classless subnets registered as 'Host (A)' records

    Question

  • I am working at a site where in DNS as well as the obvious 169.154.*.* 'Host (A)' records in DNS, there are a number of 'Host (A)' records that are for classless subnets that exist on the LAN  (eg: 10.3.2.0).
    My assumption is that these can be deleted. However I wanted to check if there is something that causes this to happen legitimately that I don't know about or does anyone have an idea as to how this could happen.
    All DCs are Windows 2003 SP2 and the Domain&Forest Functional levels are Windows 2000 Native.

    Thanks in advance,
    Cormac
    Monday, December 21, 2009 2:59 PM

All replies

  • CormacITComSec,
        I know clasically the x.x.x.0 address it considered the network address, but we can use this to address a box. What is registered to this IP address? is the sebent it is on have more than a /24 mask (i.e. - 10.1.1.0/23 would include 10.1.1.0-10.1.2.255 so 10.1.2.0 would be a valid address in most cases).
        Also I am betting that this is happening via dynamic update, do you have DNS "Secure-Only" updates turned on? If so in most cases you can see the computer that preformed the update 9if you are itherwise unsure) by looking at the record sercurity (just like a normal file) and looking at the owner of that record.

         Hope this helps. Let us know if you have any further questions.
    If you need extra help, you can reach us at: InitialAssist@cbfive.com See my blogs at http://www.cbfive.com/blog / Jared
    Thursday, February 18, 2010 9:29 AM