none
How to retrieve data missing from DNS TXT record RRS feed

  • Question

  • Hi,

    We have public facing DNS server running on Windows Server Core 2008 R2 running in a DMZ, while trying to update a DNS record (via MMC snap-in) i noticed that our TXT DNS record for SPF (Sender Policy Framework) is missing a lot of text entries from the last time I updated it. It was quite a long list of SPF entries and unfortunately can't remember what was in there and have no idea how all the data went missing.

    Is there any way to recover this record?

    Any help or advice would be greatly appreciated.

    Wednesday, August 22, 2018 5:20 PM

Answers

  • do you run backups on your dns server?

    C:\Windows\System32\dns

    maybe in some backup you have the spf information you currently missing.

    the .dns files can be opened with notepad (just in case)

    if you don't have any backup in place, you maybe have luck if you apply windows updates because they sometimes create restore points (vss copies of the complete disk -> vssadmin list shadows ) this shadow copies can be mounted for example with this handy powershell function https://p0w3rsh3ll.wordpress.com/2014/06/21/mount-and-dismount-volume-shadow-copies/ or a tool like vss browser

    why your dns txt entry gets lost is another question - but i think this can end up like chasing a ghost 


    Please remember to mark the replies as answers if they helped.

    • Marked as answer by Salamander80 Friday, August 24, 2018 10:54 AM
    Thursday, August 23, 2018 4:26 PM

All replies

  • Hi Salamander80,

    Thanks for your question.

    Is your DNS server an AD integrated DNS server?

    If so, I suggest you try to retrieve the records as described in the article in the link below.

    https://blogs.technet.microsoft.com/networking/2011/08/17/tracking-dns-record-deletion/

    If not, you can view the logs about the DNS server in the Event Viewer to see if you can find information about the lost records.

    Best Regards,

    Leon

    Thursday, August 23, 2018 9:54 AM
  • Thanks for the response Leon,

    The server isn't AD integrated DNS, it's just a standalone DNS server running on Windows server core. 

    I checked the event logs and didn't find anything pointing to an issue with data going missing. The only error was the one below:

     The DNS server recv() function failed. The event data contains the error.

    and some information events about the last time I know of a change happening:

    The DNS server wrote version 2016052121 of zone <mydomain> to file <mydomain>.dns.

    Am I to presume that this kind of DNS setup doesn't provide restore points or backups?



    Thursday, August 23, 2018 11:57 AM
  • Is there another DNS Server? If yes, did you check if the SPF entries are there?
    Thursday, August 23, 2018 2:14 PM
  • Only a secondary slave DNS server where the records replicate from the primary (authoritative) server where the problem is, so the SPF entries are gone on both 
    Thursday, August 23, 2018 3:53 PM
  • do you run backups on your dns server?

    C:\Windows\System32\dns

    maybe in some backup you have the spf information you currently missing.

    the .dns files can be opened with notepad (just in case)

    if you don't have any backup in place, you maybe have luck if you apply windows updates because they sometimes create restore points (vss copies of the complete disk -> vssadmin list shadows ) this shadow copies can be mounted for example with this handy powershell function https://p0w3rsh3ll.wordpress.com/2014/06/21/mount-and-dismount-volume-shadow-copies/ or a tool like vss browser

    why your dns txt entry gets lost is another question - but i think this can end up like chasing a ghost 


    Please remember to mark the replies as answers if they helped.

    • Marked as answer by Salamander80 Friday, August 24, 2018 10:54 AM
    Thursday, August 23, 2018 4:26 PM
  • Thanks all for your help and pointing me in the right direction.

    We don't run regular backups on these particular servers (certainly a task for later) but by digging down into C:\windows\system32\dns I luckily found a txt file which i opened in notepad and, hey presto, the missing SPF entries were all there.

    I also figured out why they disappeared in the first place and it was because I had inadvertently exceeded both maximum number of characters of 255 in a TXT record as well as the maximum number of SPF lookups of 10. I simply didn't notice it all disappear when I hit the Ok button and instead of giving an error message it just reduced the entries down to no longer than 20 of the first characters and removed the rest. I managed to get rid of some stale entries and copied from that backup but for the future I need to figure out a way to split up or shorten the SPF record 

    Friday, August 24, 2018 11:04 AM
  • i'm glad you found the records :-)

    maybe you can work with the 'include' statement the get around the limitation.


    Please remember to mark the replies as answers if they helped.

    Friday, August 24, 2018 1:03 PM