none
One DNS record getting deleted RRS feed

  • Question

  • Hi

    I have two DCs, Windows 2008 R2 and 2012 R2. The DNS record for one member server, a Windows 2008 R2, disappear from time to time.

    Scavenging is enabled on the whole AD DNS zone.

    This record is the only one which seems to be deleted.

    I have tried to create a static DNS record, as the server has static IP, but this is also getting deleted even when "Delete this record.." is not enabled.

    DNS audit is enabled.

    Logs:

    Log Name:      Security
    Source:        Microsoft-Windows-Security-Auditing
    Date:          16-11-2018 02:50:46
    Event ID:      4662
    Task Category: Directory Service Access
    Level:         Information
    Keywords:      Audit Success
    User:          N/A
    Computer:      DC2008R2.ADDomainName.local
    Description:
    An operation was performed on an object.

    Subject :
        Security ID:        ADDomainName\MemberServer$
        Account Name:        MemberServer$
        Account Domain:        ADDomainName
        Logon ID:        0xb241eb

    Object:
        Object Server:        DS
        Object Type:        dnsNode
        Object Name:        DC=MemberServer,DC=ADDomainName.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=ADDomainName,DC=local
        Handle ID:        0x0

    Operation:
        Operation Type:        Object Access
        Accesses:        Write Property
                    
        Access Mask:        0x20
        Properties:        Write Property
            {771727b1-31b8-4cdf-ae62-4fe39fadf89e}
                {e0fa1e69-9b45-11d0-afdd-00c04fd930c9}
                {d5eb2eb7-be4e-463b-a214-634a44d7392e}
        {e0fa1e8c-9b45-11d0-afdd-00c04fd930c9}


    Additional Information:
        Parameter 1:        -
        Parameter 2:        

    First dNSTombstoned = false then in same second:

    Log Name:      Security
    Source:        Microsoft-Windows-Security-Auditing
    Date:          16-11-2018 02:50:52
    Event ID:      5136
    Task Category: Directory Service Changes
    Level:         Information
    Keywords:      Audit Success
    User:          N/A
    Computer:      DC2008R2.ADDomainName.local
    Description:
    A directory service object was modified.
    	
    Subject:
    	Security ID:		ADDomainName\MemberServer$
    	Account Name:		MemberServer$
    	Account Domain:		ADDomainName
    	Logon ID:		0xb241eb
    
    Directory Service:
    	Name:	ADDomainName.local
    	Type:	Active Directory Domain Services
    	
    Object:
    	DN:	DC=MemberServer,DC=ADDomainName.local,cn=MicrosoftDNS,DC=DomainDnsZones,DC=ADDomainName,DC=local
    	GUID:	DC=MemberServer,DC=ADDomainName.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=ADDomainName,DC=local
    	Class:	dnsNode
    	
    Attribute:
    	LDAP Display Name:	dNSTombstoned
    	Syntax (OID):	2.5.5.8
    	Value:	TRUE
    	
    Operation:
    	Type:	Value Added
    	Correlation ID:	{6ed8c57d-84e4-4f7d-b32e-b90bac0442e6}
    	Application Correlation ID:	-
    


    To me is seems that "MemberServer" is deleting it's own record. But why?

    "Register this connection's addresses in dns" under IPv4 and IPv6 is also enabled.

    Any ideas how to troubleshoot this?

    /Kim

    Friday, November 16, 2018 9:05 AM

All replies