none
dns entries keep reappearing

    Question

  • There are a bunch of old DNS entries that keep reappearing, apparently out of nowhere.  Because of one cause or another, some machines, all on DHCP, get a new IP address, but the old IP entries are in the AD/DNS.  I can go to each machine, do an ipconfig/renew and ipconfig/registerdns and I can see that after a little bit all the AD/DNS servers for the domain have the new correct IP.  This lasts less than an hour, with the old IP coming back after that.   It seems to take about a week for those old records to disappear for good but would be good to know what needs to be done to get rid of them sooner.

    Note that I'm just a normal user with no write access to the AD/DNS servers or their configuration, but can query all of them and/or ask IT to do a few things.

    Wednesday, May 16, 2012 2:18 PM

Answers

  • Hello,

    First of all, I would recommend protecting your DNS zones from random updates by requiring secure updates which will allow only authenticated computers to update their DNS records.

    For the cleanup which is made each week, I think that it is because aging and scavenging is enabled.


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    Wednesday, May 16, 2012 2:22 PM
  •  Hello Hasm, 

    Please go through the below thread once, sure it can help you to resolve your query.

    http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/8419a93c-ac50-49e1-853a-3ecaa351eb9c


    Regards, Ravikumar P

    Wednesday, May 16, 2012 3:00 PM

All replies

  • Hello,

    First of all, I would recommend protecting your DNS zones from random updates by requiring secure updates which will allow only authenticated computers to update their DNS records.

    For the cleanup which is made each week, I think that it is because aging and scavenging is enabled.


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    Wednesday, May 16, 2012 2:22 PM
  • Hello, 

    you can post your query here rather than in general forum.

    Since you are the normal user, you are not authorized to do this activity (clearing of old DNS entries.)

    I suggest you to contact the right person who is managing the Domain Controllers and Domains.

    Anyways this is can achieved by the concept of DNS Aging/Scavenging.



    Regards, Ravikumar P

    Wednesday, May 16, 2012 2:40 PM
  • Aging/scavenging may work but it takes too long.  I want to get rid of the entries sooner.  And yes, these are all authenticated computers, part of the domain.
    Wednesday, May 16, 2012 2:51 PM
  • I'll post "there", thanks.

    The reason I ask here is that the "authorized" person has deleted the old DNS entries multiples times but nonetheless they keep reappearing the same way.  And again, I'd like to get rid of the bad records before aging/scavenging takes place.

    Wednesday, May 16, 2012 2:52 PM
  •  Hello Hasm, 

    Please go through the below thread once, sure it can help you to resolve your query.

    http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/8419a93c-ac50-49e1-853a-3ecaa351eb9c


    Regards, Ravikumar P

    Wednesday, May 16, 2012 3:00 PM
  • Hi Hasm,
     
    As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as ‘Answered’ as the previous steps should be helpful for many similar scenarios. If the issue still persists, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.
     
    BTW, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts.
     
    Best Regards
     
    Kevin

    TechNet Community Support

    Tuesday, May 22, 2012 2:08 AM