Domain controller has wrong IP address in DNS

    General discussion

  • We have parent domain (lets call it and several child domains in our country offices, which have separate IP networks. Now we are having strange problems with one of our child domain ( which has network We have domain controller "de-dct01" with IP address Yesterday I noticed that A record in DNS had changed for this server from to I've tried to change it back to correct value, delete record and recreate it, but it always changes back to, either less than 1/2h after my change, or if I reload that DNS zone, it reverts back to incorrect value immediately. That incorrect IP address is actually address of domain controller of one other child domain ( This -zone is active directory integrated zone, so it looks like updating DNS record manually doesn't somehow update record where it is stored in AD, and DNS server always retrieves incorrect address from AD.

    What I could try to do next? Locate DNS data in AD and edit it via ADSI edit or something?
    Thursday, October 29, 2009 11:19 AM

All replies

  • How is the computer registered in AD in the OU domain controllers?
    Can you check if the domain controller has 2 NIC's enabled? Is the DC able to register DDNS records?
    Can you check some logging on the DNS server t9o check who updated this A record?
    Can you check adapter settings of the DC? Maybe it registers itself also in other zones such as the zone.
    Thursday, October 29, 2009 2:56 PM
  • Hi Jelle,

    sorry it tooks so long for my reply, I was on sick leave.

    1) Computer accounts seems to be OK in domain controllers-OU, nothing special there compared to domain controllers of other child domains.
    2) This computer has only one physical NIC. There's also RRAS installed and configured on server (used as VPN server), which has "virtual" adapter, but this virtual adapter receives IP address from DHCP server, also we have this same RRAS configuration in other child domains, so I dont believe its an issue. Dynamic updates from DHCP seems to work normally.
    3) I've enabled debug logging on this server over time when this record changes, but there isn't any reference in logs to this change. I will try this one more time during this night, when all client computers on network are shut down to make smaller log. Also, as this record reverts immediately back to wrong setting if I reload this zone, I dont believe that this change is done via update.
    4) Adapter settings of DC are same way as in other child domains too, so this should not be problem.
    Monday, November 02, 2009 10:06 AM
  • Hello,

    using RRAS on DCs is a really bad solution and can reuslt in multiple problems. Get rid of this kind of configuration. Which DHCP scope is configured in the RRAS console, make sure it's not using x.x.50.x

    See here about RRAS and multihoming:
    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
    Saturday, November 07, 2009 11:20 PM
  • Hi Vattumato,


    It's been more than 1 year for your issue. I know its a cold case now. But I have recently run into the same issue. And I found the solution. It is very simple: on the DC in question, change all the registries  relate to the old IP to the new value!!! That's it...



    Friday, February 04, 2011 10:09 PM
  • Hi,


    I realize this may not be the same issue, however this is the closest thing I have found to my issue.    


    Scenario: Our company has 2 domain controllers.   DC1 in City A and DC2 in City B.   City A and City B connected via VPN.  DC 1 is Server 2003 and DC2 is Server 2008.   DC2 was added about 6 months ago.

    Everyday around 2:30 the "A" record on DC2 for DC1 changes to the wrong IP address.  

    What might cause this?  

    I have never administered DNS servers before so I am at a loss.

    I would appreciate any help.





    Monday, December 12, 2011 10:29 PM
  • Hi Kevin,

    Since this thread is two years old, I would recommend to start a new thread. This will allow you to control the thread, too, as for marking answers, etc. Al;so, this thread is set to "discussion" not necessarily to "ask a question"

    As for what can cause it, there are numerous things that can cause it from using the wrong DNS servers in the machine's NIC properties, multihomed DCs (more than one unteamed NIC, multiple IPs, iSCSI interface with an IP, and/or RRAS installed on a DC), to Duplicate DNS AD Integrated zones. The latter is usually the culprit.

    To assist, we'll need config and other info to diagnose it, such as ipconfig /all from each DC, event log errors, repadmin /replsum, possibly a dcdiag (maybe later), what replication scope the AD zones are in, operating system versions, etc.

    You can start with seeing if you have dupe zone to at least eliminate that as a factor:

    Using ADSI Edit to Resolve Conflicting or Duplicate AD Integrated DNS zones


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs:

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn
    Tuesday, December 13, 2011 1:57 AM