Static DNS records disappearing

Similar Messages

• Where do deleted Static DNS records go?

  Since we enabled the Active Directory recycle bin some time ago, we noticed that there is also a recycle bin for the ForestDNSRecords and DomainDNSRecords container. It appears that dynamic DNS entries are being treated like any other object and getting
  moved to CN=Deleted Objects,DC=<Domain|Forest>DNSZones,DC=<YourDomain>,DC=<Suffix>. When Static entries are deleted we do not see them in the Deleted Objects container. Is that a bug, by design, or are we missing something?

  Static records should show up along with dynamically created records. I don't believe they would go anywhere else, since they are just DNS nodes in the same context. Maybe there's some other mitigating issue that may be causing it?
  Have you seen the following links? If not, let us know what links you were reading, please.
  What to do when DNS records disappear
  http://searchwindowsserver.techtarget.com/tip/What-to-do-when-DNS-records-disappear
  Using AD Recycle Bin to restore deleted DNS zones and their contents in Windows Server 2008 R2
  http://blogs.technet.com/b/askds/archive/2010/08/12/using-ad-recycle-bin-to-restore-deleted-dns-zones-and-their-contents-in-windows-server-2008-r2.aspx
  Curious, when you deleted the dynamic and static records, did you do that on the same DC in the same AD Site?
  Are there any replication errors or issues?
  Let's also eliminate any possibilities of the existence of duplicate AD integrated zones. If there are, one DC's *view* or what it *sees* in a partition will be different than another DC's view.
  Using ADSI Edit to Resolve Conflicting or Duplicate AD Integrated DNS zones
  http://blogs.msmvps.com/acefekay/2009/09/02/using-adsi-edit-to-resolve-conflicting-or-duplicate-ad-integrated-dns-zones
  Ace Fekay
  MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
  This posting is provided AS-IS with no warranties or guarantees and confers no rights.

• Static DNS record deleted automatically- Windows 2008 R2 SP1

  Hi,
  I have scoured the Interweb and tried all suggestions to no avail for this one. Here's the scenario:
  My client has a Windows 2008 R2 SP1 (Windows 2003 domain/forest functional level) server which is a DC and DNS server. The problem is that a DNS record for an Exchange 2010 server is getting deleted every 10 or 40 minutes. This started occurring for no obvious
  reason a few weeks ago. The impact is that users cannot connect to Exchange (caching does not seem to help with this, which is odd). I disabled scavenging, which did not resolve the issue. I enabled auditing and found a 4662 event revealing that the domain
  administrator account was deleting the server A record (and pointer record). Why this is happening is what I am trying to investigate next: possible bug? The zone is configured as non secure- maybe making it securing it would help? But this does not explain
  why the record is being deleted. There is no NIC teaming implemented, which I understand can cause issues. 
  As an interim measure I created a script employing dnscmd that recreates the record every 15 minutes, which works for the most part, but not always, which is why I added a deny permission on the record for the domain Administrators group, seems so far to
  have prevented the record from being deleted.
  Any advise on the cause of this and how to investigate why the record is being deleted will be much appreciated!

  Hi- thanks for that. However I have seen those links and already followed them: I turned off scavenging (default 7 day configuration) and the record still gets deleted (scavenging date is not due till a later data in any case). Also the record is static
  so it would not get scavenged? The option to delete the record if stale is unchecked.
  I already enabled auditing and identified event 4662, which identified that the domain administrator account that is deleting the record:
  Log Name:      Security
  Source:        Microsoft-Windows-Security-Auditing
  Date:          8/01/2014 11:47:25 AM
  Event ID:      4662
  Task Category: Directory Service Access
  Level:         Information
  Keywords:      Audit Success
  User:          N/A
  Computer:      DC.domain.com.au
  Description:
  An operation was performed on an object.
  Subject :
  Security ID:
  DOMAIN\administrator
  Account Name:
  administrator
  Account Domain:
  DOMAIN
  Logon ID:
  0x2e1b093
  Object:
  Object Server:
  DS
  Object Type:
  dnsNode
  Object Name:
  DC=EXCHANGEHOST,DC=domain.com.au,CN=MicrosoftDNS,CN=System,DC=domain,DC=com,DC=au
  Handle ID:
  0x0
  Operation:
  Operation Type:
  Object Access
  Accesses:
  Write Property
  Access Mask:
  0x20
  Properties:
  Write Property
  {771727b1-31b8-4cdf-ae62-4fe39fadf89e}
  {e0fa1e69-9b45-11d0-afdd-00c04fd930c9}
  {d5eb2eb7-be4e-463b-a214-634a44d7392e}
  {e0fa1e8c-9b45-11d0-afdd-00c04fd930c9}
  Additional Information:
  Parameter 1:
  Parameter 2:
  Please advise!
  Thanks
   

• DNS - A Record Disappears while AAAA Record for Host is registered

  Hi,
  I have a strange issue.  Recently we have noticed dynamically registered IPv4 addresses disappearing from our internal Windows DNS forward lookup zones.
  I don't run our very large DNS environment, so unfortunately, I can't examine the configuration.  The problem seems to be tied to Windows servers with IPv6 enabled (windows 2008 and Windows 2008 R2 servers).
  In our Windows server configuration, we allow the check mark for "Allow this connection to be registered in DNS" to be selected in the TCP/IP settings of the production IP address for the server.
  Periodically, we have noticed that the IPv4 A records disappears from DNS while the AAAA IPv6 address for the server remains in tact. 
  I have been troubleshooting this problem from the server side (DNS client side).  It appears that if I disable 6TO4 IPv6 addresses from the server and then restart the server, the problem goes away (IPv4 address comes back in DNS after the reboot). 
  To disable IPv6 transition technologies, we implement DISABLECOMPONENTS = 1.
  Although, this work around seems to solve all of our problems, I don't understand why the IPv4 address gets removed in the first place?  I suspect a misconfiguration on the DNS server.
  More information:
  Overall IPv6 Problem: By default, the 6to4 tunneling protocol is enabled in Windows 7, Windows Vista, Windows Server 2008 R2, and Windows Server 2008 when an interface is assigned a public IPv4 address (that is, an IPv4 address that is not in the ranges
  10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16). 6to4 will automatically assign an IPv6 address to the 6to4 tunneling interface for each such address that is assigned, and 6to4 will dynamically register these IPv6 addresses on the assigned DNS server. If this
  behavior is not desired, we recommend disabling IPv6 tunnel interfaces on the affected hosts. In the company network, it also appears that IPv6 registration sometimes causes IPv4 A records to be removed in DNS. Microsoft has informed us that this http://support.microsoft.com/kb/2782438
  might be the reason for the behavior. But I am still pressing to root cause because we are not using DHCP in our server vlans.
  Using the options to disable IPv6 described in article 929852 is fully supported by Microsoft: Microsoft Answer: "Disabling IPv6 is not recommended but it's completely supported, but you might have to enable it back in future if you are going to implement
  new technologies like DirectAccess etc, which needs IPv6."
  Microsoft recommends that we use DisabledComponents = 1 for all Windows 2008 and Windows 2008 R2 servers that are problematic: This will disable IPv6 transition technologies and Servers will not get IPv6 address
  It has also been asked that instead of disabling IPv6 on all of our Windows servers can we just disable IPv6 on the DNS servers: Microsoft Answer: disabling IPv6 only on DNS Servers will not help, as it will not stop clients from registering their IPv6 address.
  Disabling IPv6 will impact applications that require IPv6. The known application services are: HomeGroup and DirectAccess -- we do not believe our company is currently using these technologies.

  Disappearing DNS records may point to duplicate AD zones, so the first thing to do, is let's eliminate if there are any duplicate AD zones.
  Using ADSI Edit to Resolve Conflicting or Duplicate AD Integrated DNS zones
  http://msmvps.com/blogs/acefekay/archive/2009/09/02/using-adsi-edit-to-resolve-conflicting-or-duplicate-ad-integrated-dns-zones.aspx
  Additional reading:
  DNS Records Disappearing and DNS Auditing
  http://msmvps.com/blogs/acefekay/archive/2010/12/09/dns-records-disappearing-and-dns-auditing.aspx
  Ace Fekay
  MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/
  This post is provided AS-IS with no warranties or guarantees and confers no rights.

• DNS Host(A) records disappear after a while

  Hi all,
  a few weeks ago we started to change the TCP/IP configuration of our printers from "static" to DHCP with reservations. The DHCP server is configured to register forward Host(A) and reverse PTR record on DNS on behalf of (all) clients, both are W2K3 with SP2.
  This works well for all our Toshiba printers/copiers and most of our HP printers. However, on a handful of HP printers the Host(A) record in the DNS zone get lost / disappeard after some time, leading into a non working name resolution. But only the Host(A) record, the reverse PTR record is still there. Currently we have this issue with  Business InkJet 2800 attached via a JetDirect J3258G to our network.
  In the past we noticed, that on another printer the Host(A) record re-appears after some hours, only to disappear after a while again. These intervals last some hours up to one day, but seem to follow no period or schedule, like DHCP lease time, DNS scavening etc.
  I have intentionally not "listed" all the technical details in this first post. However, if you need specific details I will be happy to share them.
  Any hint or comment is appreciated
  regards

  This is by design.
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/afd3c338-1706-4898-b269-550c018073c0/dns-entry-for-dc-not-dynamically-updating-server-2008-r2?forum=winserverDS
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/ed97a286-d884-43d6-87e2-5cd5e59cfe9a/windows-2008-r2-domain-controllers-and-static-dns-entries?forum=winserverNIS
  Please take a moment to Vote as Helpful and/or Mark as Answer where applicable. Thanks.

• How do I setup a DNS record to point to an internal IP with a port.

  I am trying to setup a DNS entry on my AD server to point to a web sever that I have setup to run certain services.  All of these services run through IIS on port 82 for example service A is internally 192.168.0.1:82/info/login and service B is 192.168.0.1:82/tech/login.
   I am trying to give these services easy to use names like for example info.mycompany.com and tech.mycompany.com so that it is easy to access for the employees but I am obviously missing something because I have had no luck setting up anything.  My
  company is still using SBS 2003 as it's AD and DNS server so I am working with flint and bear skin here.
  I am also trying to do the same thing for the external access to these services but where as I have the internal address for these services I have the external static IP.  When using the external IP with the port from outside the network everything
  works fine but I would like for it to to have a simple name identical to the internal names but accessible from the outside.  I frankly feel out of my depth on both of these issues and I would really appreciate any help that can be lent.  Thank you. 

  You cant set a dns record (that would be used by a browser) to point to an ip and port, srv records can but that requires the application to look them up.
  To have  info.mycompany.com  point to 192.168.0.1:82/info/login you
  would add a cname or A record to the dns pointing to that IP, then in IIS you would assign that dns name to the host headers. Also in IIS you would need to use
  URL rewrite plugin with this you would setup a redirect for that host header {HTTP_HOST} to point to that link.

• Static IP Address disappear.

  Hi,
  Static IP address disappear when the laptop poweroff and when turn on again.   But on standby, hibernation or restarting the laptop the static address is still present.  
  Only when powering off the whole ip, subnet, gateway and dns are gone.   Did a bios update, nic update but did not fix the issue.
  Any thing that I must check or update?
  By the way it is a Lenovo Thinkpad X201s.
  Thanks,
  Cliff

  If you use Access Connections edit the current profile and check out the "additional settings" tab. You have the option to override TCP/IP and DNS defaults and i belive this one is checked and set to DHCP by default. In that case every time the profile is applied it will revert to DHCP and static IP is removed. You could either remove the check to override TCP/IP and DNS settings or you can specify the static IP address here or uninstall Access Connections if you prefer to use the Windows settings only.
  -gan

• DNS records are not 100% correct

  For a while now we've been noticing that some DNS records are not correct. The records are pointing to incorrect IP addresses. One by one I open the record, update the IP, then replicate across all domain controllers.
  What would cause the hostname of one machine to point to another IP address?

  I believe what you're seeing is from DHCP-DNS registration. You may have duplicates, or incorrect data for records that can't be updated by DHCP service or the DHCP client due to permissions on the record. You may also not have scavenging in place.
  In summary:
  Configure DHCP Credentials. The credentials only need to be a plain-Jane, non-administrator, user account. But give it a really strong password.
  Set DHCP to update everything, whether the clients can or cannot.
  Set the zone for Secure & Unsecure Updates. Do not leave it Unsecure Only.
  Add the DHCP server(s) to the Active Directory, Built-In DnsUpdateProxy security group. Make sure ALL other non-DHCP servers are NOT in the DnsUpdateProxy group. For example, some believe that the DNS servers or other DCs not running DHCP should be in it.
  They must be removed or it won't work. Make sure that NO user accounts are in that group, either. (I hope that's crystal clear - you would be surprised how many will respond asking if the DHCP credentials should be in this group.)
  On Windows 2008 R2 or newer, DISABLE Name Protection.
  If DHCP is co-located on a Windows 2008 R2 or Windows 2012 DC, you can and must secure the DnsUpdateProxy group by running the following:
  dnscmd /config /OpenAclOnProxyUpdates 0
  Configure Scavenging on ONLY one DNS server. What it scavenges will replicate to others anyway. Set the scavenging NOREFRESH and REFRESH values combined to be equal or greater than the DHCP Lease length.
  For specifics and step by steps, and good discussions on what's going on in the background and what to expect:
  DHCP Service Configuration, Dynamic DNS Updates, Scavenging, Static Entries, Timestamps, DnsUpdateProxy Group, DHCP Credentials, prevent duplicate DNS records, DHCP has a "pen" icon, and more...
  http://msmvps.com/blogs/acefekay/archive/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group.aspx  
  Good summary
  How Dynamic DNS behaves with multiple DHCP servers on the same Domain?
  http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/e9d13327-ee75-4622-a3c7-459554319a27
  Another good Summary:
  Thread: "DNS problem" December 18, 2013
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/37b8b6b3-6cb1-496c-8492-09ded13bab18/dns-problem?forum=winserverNIS
  Ace Fekay
  MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/
  This post is provided AS-IS with no warranties or guarantees and confers no rights.

• DNS record with 2 IPs

  I am running a DNS server on a 10.6.6 box and want to add a 2nd IP to a DNS record on the LAN. The reason being is that I backup clients to a PresSTORE server onto tape. Some laptops are not always connected by ethernet so it would be handy to "drop back" to the wireless IP address. I have tried adding the 2nd (wireless) IP for a DNS entry but when pinging the client it only tries the 1st IP in the list. Reverse DNS points to both IPs. Is there a way of doing this?
  Any help finding a solution would be greatly appreciated.
  Cheers, Paul

  This reeks of an IP subnet routing error, a DNS error, or of a firewall or connectivity issue.
  No, No & No
  DNS would not likely be my first stop here, if I do understand what you're up to. (And I'm not certain I do.)
  OK this is as simple as I can think of asking... I have one DNS A Record for a client with 2 IP addresses, one IP for ethernet, other for wireless. Obviously they both can't have the same IP on the same subnet so if DNS lookup can't resolve to 1st IP, how can one force it to try resolving to 2nd before giving up with an error?
  I guess the ethernet & wireless could have the same IP if they were both not active when both connected. But expecting the user to switch off wireless when the etherent cable is plugged in and switch back on when the cable is unplugged, for the same of simplicity of a network connection *+I think not+*.
  Also with IPs in the A Record, I have found DNS always tries resolving to the higher of the 2 IPs first (192.168.1.35 before 192.168.1.36). Then if .36 is offline it won't try resolving to .35 again until the DNS cache has been flushed.
  Are these using WiFi routers, or access points?
  Simple Apple Extreme Base Station configured as a wireless access point.
  Is there one IP subnet for all hosts irrespective of wired or wireless connection, or multiple subnets?
  One IP subnet
  Is there one DHCP server, or multiple DHCP servers?
  One DHCP server
  Is your PresSTORE box configured with static IP?
  Static, not that is makes the slightest bit of difference.
  By the look of it I am gonna have to wait until PresSTORE supports Bonjour!

• DNS record ownership for DHCP clients

  my configuration:
  dhcp/dns/dc installed on same system - Windows 2008 R2 SP1 in domain environment.
  all zones configured to secure updates only with aging and scavenging enabled
  dhcp servers are member of DNSupdateproxy group.
  dhcp are configured with standard domain user account (this user was made a member of dnsupdateproxy as well, DOES THAT MATTER?)
  dhcp scopes are configured with default DNS setup (force DNS update by DHCP)
  now...
  all DNS records for endpoint devices on dhcp lease (windows7, mac os X, ubuntu) are owned by SYSTEM
  in security tab for some DNS records i can see service account with write permission to record ( i believe this is desired state)
  in other records service account has no permission but timestamps are still updated by computer account (hostname$ has write permission). these records have pencil icon on computers in dhcp lease table.
  Problem with this (hostname$ has write permissions) is when user connect to network via VPN (obtains dhcp lease) it get's two records registered in DNS -> 1 record for ip distributed by dhcp server and 2nd record for his home private network.
  Have anyone seen this before?
  i've tried deleting DNS records / releasing ip on endpoint device (example win7). It would not register to DNS by DHCP. However if i do ipconfig /registerdns it will do it, but dhcp service account won't have permission no this record.

  Apparently it appears that DHCP may not be configured with credentials, DHCP DNS settings are not configured to force DHCP to register ALL requests, nor has the DHCP server itself have been added to the DnsUpdateProxy group. These are all prerequisites
  for DHCP to own all records, otherwise you will see default behavior, which is:
  By default, a Windows 2000 and newer statically configured machines will
  register their A record (hostname) and PTR (reverse entry) into DNS.
  If set to DHCP, a Windows 2000 or newer machine will request DHCP to allow
  the machine itself to register its own A record, but DHCP will register its PTR
  (reverse entry) record.
  The entity that registers the record in DNS, owns the record.
  In summary:
  Configure DHCP Credentials. The credentials only need to be a plain-Jane, non-administrator, user account. Give it a really strong password.
  Set DHCP properties, DNS tab, to update everything, whether the clients can or cannot.
  Add the DHCP server(s) to the Active Directory, Built-In DnsUpdateProxy security group.
  Make sure ALL other non-DHCP servers are NOT in the DnsUpdateProxy group. For example, some believe that the DNS servers or other DCs not running DHCP should be in it. They must be removed or it won't work.
  On Windows 2008 R2 or newer, DISABLE Name Protection.
  If DHCP is co-located on a Windows 2008 R2 or Windows 2012 DC, you can and must secure the DnsUpdateProxy group by running the following:
  dnscmd /config /OpenAclOnProxyUpdates 0
  Configure Scavenging one one DNS server. Set the NOREFRESH and REFRESH values combined to be equal or greater than the DHCP Lease length. What it scavenges will replicate to others anyway.
  DHCP Service Configuration, Dynamic DNS Updates, Scavenging, Static Entries, Timestamps, DnsUpdateProxy Group, DHCP Credentials, prevent duplicate DNS records, DHCP has a "pen" icon, and more...
  Published by Ace Fekay, MCT, MVP DS on Aug 20, 2009 at 10:36 AM  3758  2 
  http://msmvps.com/blogs/acefekay/archive/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group.aspx 
  Good summary:
  How Dynamic DNS behaves with multiple DHCP servers on the same Domain?
  http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/e9d13327-ee75-4622-a3c7-459554319a27
  DNS Record Ownership and the DnsUpdateProxy Group
   http://technet.microsoft.com/en-us/library/dd334715(v=ws.10).aspx
  DNS Record Ownership and the DnsUpdateProxy Group
  "... to protect against unsecured records or to permit members of the DnsUpdateProxy group to register records in zones that allow only secured dynamic updates, you must create a dedicated (NON-ADMIN) user account and
  configure DHCP servers to perform DNS dynamic updates with the credentials of this account (user name, password, and domain). Multiple DHCP servers can use the credentials of one dedicated user account."
  http://technet.microsoft.com/en-us/library/dd334715(WS.10).aspx
  DNS record ownership and the DnsUpdateProxy group
  http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/b17c798c-c4b2-4624-926c-4d2676e68279/
  Ace Fekay
  MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/
  This post is provided AS-IS with no warranties or guarantees and confers no rights.

• Server DNS record automatically deleted

  We built a new file server 10 days ago. When we set it up it would have gotten a dhcp address which then we converted it into having a static ip address.
  8 days later the DNS Record for the server automatically got deleted. This was not setup as a static record in DNS as it would have had a time stamp on it. The server was online the whole time and was not rebooted. What would cause the DHCP record of the
  file server to automatically get deleted when this has never happened when setting up new servers or productions servers as none of our staff deleted the record.

  Hi,
  The reord is first registered by DHCP server, so the owner would be the DHCP server. And only DHCP server could change the record. Once the lease in DHCP is expired, the record will be deleted.
  Just reigster the record manually, if it is deleted again, then it should be a problem. But I don't think it will happen.

• DNS record ownership and the DnsUpdateProxy group

  I have a 2 x 2003 domain controller that have DNS and DHCP Services installed
  I was thinking of configuring DHCP to use a service account to update DNS records.
  If I set this, do the DHCP Servers need to be members of the DNSUpdateProxy security group for the service account to work?>

  I have to agree with John here. I don't think it's reasonable to just say 'ms told us so'. We need a
  technical before and answer is given. I have multiple DHCP servers and I use a security account on them to register the records and never use the
  DNSUpdateProxy Group and I have no problems. My thinking is this:
  Assume we are using Integrated Secure Zones in AD:
  Scenario 1:
  Windows DHCP server i registering records on behalf of clients
  Not a member of DNSUpdateProxy Group and not using dedicated account
  Records will have owner as dhcpserver$  and only that account can update
  This is a problem if that DHCP server fails
  Also, non Windows DHCP server with no AD account cannot update
  Scenario 2:
  Windows DHCP server i registering records on behalf of clients
  Member of DNSUpdateProxy Group and not using dedicated account
  Records will have owner as SYSTEM  and authenticated users can updated meaning any user or client on that domain
  No problem if that DHCP server fails as any other authorized DHCP server can update
  Non Windows DHCP servers can updated if they have a domain machine account
  Scenario 3:
  Windows DHCP server i registering records on behalf of clients
  Using a dedicated account
  Records added with owner same as this dedicated account
  Another DHCP server that also uses this same account can updated the records
  A non windows DHCP server that can use this account can also update the records
  Now, can someone from MS please clarify the technical reason they say that in Scenario 3, you must add the DHCP servers to the
  DNSUpdateProxy group ?
  http://technet.microsoft.com/en-us/library/cc780538(v=ws.10).aspx
  I guess this link didn't help?
  DNS Record Ownership and the DnsUpdateProxy Group
  "... to protect against unsecured records or to permit members of the DnsUpdateProxy group to register records in zones that allow only secured dynamic updates, you must create a dedicated user account and configure DHCP servers to perform DNS dynamic updates
  with the credentials of this account (user name, password, and domain). Multiple DHCP servers can use the credentials of one dedicated user account."
  http://technet.microsoft.com/en-us/library/dd334715(WS.10).aspx
  Just to add:
  Why is the DnsUpdateProxy group needed in conjunction with credentials?
  The technical reason is twofold:
  DnsUpdateProxy:
   Objects created by members of the DNSUpdateProxy group have no security; therefore, any authenticated user can take ownership of the objects.
  DHCP Credentials:
   Forces ownership to the account used in the credentials, which the DnsUpdateProxy group allowed to take ownership other than the registering client.
  Otherwise, the default process is outlined below, and this applies to non-Microsoft operating systems, too, but please note that non-Microsoft operating systems can't use Kerberos to authenticate to dynbamically update into a Secure Only zone, however
  you can configure Windows DHCP to do that for you.
  1. By default, Windows 2000 and newer statically configured machines will
  register their own A record (hostname) and PTR (reverse entry) into DNS.
  2. If set to DHCP, a Windows 2000, 2003 or XP machine, will request DHCP to allow
  the machine itself to register its own A (forward entry) record, but DHCP will register its PTR
  (reverse entry) record.
  3. If Windows 2008/Vista, or newer, the DHCP server always registers and updates client information in DNS.
     Note: "This is a modified configuration supported for DHCP servers
           running Windows Server 2008 and DHCP clients. In this mode,
           the DHCP server always performs updates of the client's FQDN,
           leased IP address information, and both its host (A) and
           pointer (PTR) resource records, regardless of whether the
           client has requested to perform its own updates."
           Quoted from, and more info on this, see:
  http://technet.microsoft.com/en-us/library/dd145315(v=WS.10).aspx
  4. The entity that registers the record in DNS, owns the record.
     Note "With secure dynamic update, only the computers and users you specify
          in an ACL can create or modify dnsNode objects within the zone.
          By default, the ACL gives Create permission to all members of the
          Authenticated User group, the group of all authenticated computers
          and users in an Active Directory forest. This means that any
          authenticated user or computer can create a new object in the zone.
          Also by default, the creator owns the new object and is given full control of it."
          Quoted from, and more info on this:
  http://technet.microsoft.com/en-us/library/cc961412.aspx
  More on this discussed in:
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/6f5b82cf-48df-495e-b628-6b1a9a0876ba/regular-domain-user-uses-rsat-to-create-dns-records?forum=winserverNIS
  If that doesn't help, I highly suggest to contact Microsoft Support to get a definitive response. If you do, I would be highly curious what they say if it's any different than what I found out from the product group (mentioned earlier in this thread).
  And of course, if you can update what you find out, it will surely benefit others reading this thread that have the same question!
  Thank you!
  Ace Fekay
  MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
  This posting is provided AS-IS with no warranties or guarantees and confers no rights.

• Same server 2 DNS records

  Hello.
  I have a Windows Server 2012 R2 Core that have 2 NICs.
  Its has a NIC in the Local servernet (192.168.2.15) , and a NIC in the DMZ net (192.168.3.10).
  My issue is, that the server is registrering 2 addresses in the DNS record on the Domain Controller.
  I only want the Servernet NIC (192.168.2.15) in the DNS record.
  I know that you under the local NIC can disable, that a interface should register in the DNS.
  My only issue is, that im running the Core version - so i dont have access to this...
  I have tried several netsh commands, but niether of them seems to Work.
  How should i "fix" this issue?
  Any help would be appreciated :)
  Datatechnician

  easy way would be netsh:
  netsh interface ipv4 set dnsserver source=static address=192.168.1.10 register=none
  http://technet.microsoft.com/en-us/library/cc738592(v=ws.10).aspx#BKMK_5
  or  you could even configure it through registry
  HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\<YOURGUID><interface>\RegistrationEnabled to 0</interface>
  MCP/MCSA/MCTS/MCITP

• Another DNS record deletion question

  I am fairly new to the environment, as i switched my consulting job to an internal job. 
  The environment was a flat file dns, with one primary DNS server and multiple secondary servers. I move away from the flat file DNS (single master model), to an active directory integrated DNS with multiple DNS zones. So I moved the multiple DNS domains
  away from the master zone to their own dedicated DNS zones on the domain controllers within their domain.
  The Colleagues already warned me that DNS records tend to mysteriously disappear from time to time, but could not find any proof. I checked the usual suspects (scavenging), but that was disabled. 3 weeks back, I splitted the single DNS zone, in multiple
  DNS zones, where the splitted DNS is pointing to their own dedicated domain controllers. I used following procedure to do it:
  http://blogs.technet.com/b/askpfeplat/archive/2013/12/02/how-to-split-and-migrate-child-domain-dns-records-to-a-dedicated-dns-zone.aspx
  Since the migration we had several encounters of DNS records which were deleted, some were explainable (wrong ILO settings), but some were not. As i could not explain the deletions, i enabled auditing on DNS to see who or what is responsible for deleting
  those objects. This morning i was notified that again a records went missing, so I went to inspect the audit logs. To my surprise I saw that my admin account was logged with the record was deleted. Now I did not delete any records, have no scripts running
  that modify DNS in anyway, and i seriously doubt that my admin account has been compromised. Is there anyone who could explain why records (A records of members servers) are being deleted, although scavenging is disabled?
  I have checked the DNS suffix, and verified that it is not set. In which the client uses the active directory domain to which it is a member.     
  Answers provided are coming from personal experience, and come with no warranty of success. I as everybody else do make mistakes.

  Hi,
  Because the Active Directory integrated DNS replication between all the DNS server, one of the DNS server delete the record others will delete the record too, so Mahdi’s suggestion
  is better to know what happen when the DNS records deleted.
  More information:
  Active Directory-Integrated DNS
  http://technet.microsoft.com/en-us/library/cc978010.aspx
  Understanding DNS Zone Replication in Active Directory Domain Services
  http://technet.microsoft.com/en-us/library/cc772101.aspx
  Hope this helps.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• How many DNS record need to create in Internal & external DNS server for exchange?

  Hi friends,
  I recently installed Exchange Server 2010 in my organization for testing purpose and I've register a pubic ip too for exchange server on godaddy.com. How many
  internal & External DNS records reqired to configure on external & Internal dns server so my all feature like Auto-discover, Activ -sync,& webmail start working perfectly.
  It's my first time configuring exchange for a organization.
  Thanks & Regards,
  Pradeep Chaugule

  Hi,
  Just as what ManU Philip said, you need to create
  Autodiscovery.domaincom and mail.domain.com for external dns server.
  Generally, you configure your Exchange Servers as DNS clients of your internal DNS server.
  Refer from:
  http://technet.microsoft.com/en-us/library/aa996996(v=exchg.65).aspx
  Best Regards.