PTR Record disappearing from AD Integrated zone

Oktay_Gür · External Since: Jun 20, 2007 Posts: 3

Hello,
We have this weird occurance we have been trying to figure out recently.
Every few days, we will have a record from DNS reverse zone (which is AD
Integrated) disappear.The record that disappears is a Domain Controller.
The forward record stays. Only the Reverse will disappear.
There is no fix cycle. This happens randomly but every few days apart.
Not a fix number of days. Just any day after few days. It has happened
once or twice in succession like very next day or so.
We have tried disabling auto registration on NIC. We have manually
created DNS records (forward and reverse) using DNS. Nothing seems to
help.It's really becoming more of a concern now as we have certain
application relying on that which screams everytime that PTR disappears.
Any and everything that can help is welcome.

Our system W2k3-R2 with Exchange2003 Ent

Ace Fekay [MVP] · External Since: Mar 29, 2006 Posts: 318

In news:u5OHwGysHHA.4424@TK2MSFTNGP04.phx.gbl,
Oktay Gür <teknik DeleteThis @gurbilisim.com> typed:
> Hello,
> We have this weird occurance we have been trying to figure out
> recently. Every few days, we will have a record from DNS reverse zone
> (which is AD Integrated) disappear.The record that disappears is a
> Domain Controller. The forward record stays. Only the Reverse will
> disappear. There is no fix cycle. This happens randomly but every few
> days
> apart. Not a fix number of days. Just any day after few days. It has
> happened once or twice in succession like very next day or so.
> We have tried disabling auto registration on NIC. We have manually
> created DNS records (forward and reverse) using DNS. Nothing seems to
> help.It's really becoming more of a concern now as we have certain
> application relying on that which screams everytime that PTR
> disappears. Any and everything that can help is welcome.
>
> Our system W2k3-R2 with Exchange2003 Ent

Is the DC multihomed?
What DNS addresses are in the DC's IP properties?
Is the zone AD integrated or a primary or secondary zone?

--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations

Having difficulty reading or finding responses to your post?
Instead of the website you're using, try using OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. Anonymous access. It's free - no username or password
required nor do you need a Newsgroup Usenet account with your ISP. It
connects directly to the Microsoft Public Newsgroups. OEx allows you
o easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject. It's easy:

How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

"Quitting smoking is easy. I've done it a thousand times." - Mark Twain

Oktay_Gür · External Since: Jun 20, 2007 Posts: 3

Ace Fekay [MVP] yazmýþ:
> In news:u5OHwGysHHA.4424@TK2MSFTNGP04.phx.gbl,
> Oktay Gür <teknik.TakeThisOut@gurbilisim.com> typed:
>> Hello,
>> We have this weird occurance we have been trying to figure out
>> recently. Every few days, we will have a record from DNS reverse zone
>> (which is AD Integrated) disappear.The record that disappears is a
>> Domain Controller. The forward record stays. Only the Reverse will
>> disappear. There is no fix cycle. This happens randomly but every few
>> days
>> apart. Not a fix number of days. Just any day after few days. It has
>> happened once or twice in succession like very next day or so.
>> We have tried disabling auto registration on NIC. We have manually
>> created DNS records (forward and reverse) using DNS. Nothing seems to
>> help.It's really becoming more of a concern now as we have certain
>> application relying on that which screams everytime that PTR
>> disappears. Any and everything that can help is welcome.
>>
>> Our system W2k3-R2 with Exchange2003 Ent
>
>
> Is the DC multihomed?
> What DNS addresses are in the DC's IP properties?
> Is the zone AD integrated or a primary or secondary zone?
>
>
Sorry for late answers;

DC isnt multihomed.It s just making web server.It is Ad integrated and
primary zone registered.,Here my DNS and IP configuration: (all ip is
fake for the security reason ,sorry for that)..

NETWORK IP CONFIG
IP ADD: 85.85.85.85
NETMASK:X.X.X.X
GATEWAY:X.X.X.X
PRIMARY DNS :85.85.85.85
SECONDRY DNS :212.212.212.212

DNSMNGT CONFIG:
Forward Lookup Zone

for mydomain.com ====>

(same as parent folder) Name Server (NS) ns1.mydomain.com.
(same as parent folder) HOST (A) 85.85.85.85
ftp HOST (A) 85.85.85.85
mail HOST (A) 85.85.85.85
ns1 HOST (A) 85.85.85.85
www Alias (CNAME) ns1.mydomain.com.
(same as parent folder) Mail Exchanger (MX) [10]
mail.mydomain.com
(same as parent folder) Start Of Authority (SOA) [200]
ns1.mydomain.com.

Reverse Lookup Zone

85.85.85.X Subnet ====>

(same as parent folder) Name Server (NS) ns1.mydomain.com.
(same as parent folder)Start Of Authority (SOA) [120] ns1.mydomain.com.
85.85.85.85 Pointer (PTR) ns1.mydomain.com.

Ace Fekay [MVP] · External Since: Mar 29, 2006 Posts: 318

In news:uXfWQY8tHHA.668@TK2MSFTNGP05.phx.gbl,
Oktay Gür <teknik.DeleteThis@gurbilisim.com> typed:
> Sorry for late answers;
>
> DC isnt multihomed.It s just making web server.It is Ad integrated and
> primary zone registered.,Here my DNS and IP configuration: (all ip is
> fake for the security reason ,sorry for that)..
>
> NETWORK IP CONFIG
> IP ADD: 85.85.85.85
> NETMASK:X.X.X.X
> GATEWAY:X.X.X.X
> PRIMARY DNS :85.85.85.85
> SECONDRY DNS :212.212.212.212
>
> DNSMNGT CONFIG:
> Forward Lookup Zone
>
> for mydomain.com ====>
>
> (same as parent folder) Name Server (NS)
> ns1.mydomain.com. (same as parent folder) HOST (A)
> 85.85.85.85 ftp HOST (A)
> 85.85.85.85
> mail HOST (A) 85.85.85.85
> ns1 HOST (A) 85.85.85.85
> www Alias (CNAME)
> ns1.mydomain.com. (same as parent folder) Mail Exchanger
> (MX) [10] mail.mydomain.com
> (same as parent folder) Start Of Authority (SOA) [200]
> ns1.mydomain.com.
>
>
> Reverse Lookup Zone
>
> 85.85.85.X Subnet ====>
>
> (same as parent folder) Name Server (NS) ns1.mydomain.com.
> (same as parent folder)Start Of Authority (SOA) [120]
> ns1.mydomain.com. 85.85.85.85 Pointer (PTR)
> ns1.mydomain.com.

If your DNS server is 85.85.85.85,then what is 212.212.212.212? That's your
secondary DNS. Why is that there? Is that an ISP's DNS? Does it host
mydomain.com zone or your reverse zone? If it does not host the mydomain.com
zone, or the reverse zone, then REMOVE it. THis is important for AD as well
as your PTR issue. ONLY use hte internal DNS.

Ace

Ace Fekay [MVP] · External Since: Mar 29, 2006 Posts: 318

In news:%230yXqfMuHHA.3688@TK2MSFTNGP03.phx.gbl,
Oktay Gür <teknik.TakeThisOut@gurbilisim.com> typed:
> Oktay Gür yazmýþ:
>
> nope ..doesnt matter.Still same..PTR records disappeared after 8
> hours.what else i can make it plaese help....??

Did you try to create the records manually or automatically?

Ace

Oktay_Gür · External Since: Jun 20, 2007 Posts: 3

Ace Fekay [MVP] yazmýþ:
> In news:%230yXqfMuHHA.3688@TK2MSFTNGP03.phx.gbl,
> Oktay Gür <teknik.RemoveThis@gurbilisim.com> typed:
>> Oktay Gür yazmýþ:
>>
>> nope ..doesnt matter.Still same..PTR records disappeared after 8
>> hours.what else i can make it plaese help....??
>
> Did you try to create the records manually or automatically?
>
> Ace
>
>
>
Yes.I tried that but didnt work.Should i install SP2.?.

Ace Fekay [MVP] · External Since: Mar 29, 2006 Posts: 318

In news:%23N5Ce3kuHHA.1188@TK2MSFTNGP04.phx.gbl,
Oktay Gür <teknik.DeleteThis@gurbilisim.com> typed:
> Ace Fekay [MVP] yazmýþ:
>> In news:%230yXqfMuHHA.3688@TK2MSFTNGP03.phx.gbl,
>> Oktay Gür <teknik.DeleteThis@gurbilisim.com> typed:
>>> Oktay Gür yazmýþ:
>>>
>>> nope ..doesnt matter.Still same..PTR records disappeared after 8
>>> hours.what else i can make it plaese help....??
>>
>> Did you try to create the records manually or automatically?
>>
>> Ace
>>
>>
>>
> Yes.I tried that but didnt work.Should i install SP2.?.

There is not much of a secret as to how DNS registration works. SImply,
create a zone, allow updates on the zone (allow secure and non-secure to
simplify it), make absolutely sure that this DNS server is the ONLY DNS
server in IP properties, and it just works.

If there are multiple DCs with the zone, depending on how you created the
other DC/DNS can cause issues. If you installed another DC into the same
domain or at least intot he same replication scope and install DNS on the
server, you simply just WAIT until the zone automatically appears. If you
tried to manually create the zone, which already exists in AD (since it is
AD integrated), then you've just created a duplicate zone. Hence what could
be happening.

You may also have dupe zones in the DomainNC and in DomainDnsZones and/or
ForestDnsZones app partitions.

To verify this is true or not, you will need ADSI Edit. Here's some help...

__________________________
If you have a duplicate, that's telling me that there is a zone that exists
in the DomainNC and in the DomainDnsZones Application partition. This means
at one time, or currently, you have a mixed Win2000/2003 environment and you
have DNS installed on both operating systems. On Win2000, if the zone is AD
Integrated, it is in the DomainNC, and should be set the same in Win2003's
DC/DNS server to keep compatible. Someone must have attempted to change it
in Win2003 DNS to put it in the DomainDnsZones partition no realizing the
implications, hence the duplicate. In a scenario such as this where you want
to use the Win2003 app partitions, you then must insure the zone on the
Win2003 is set to the DomainNC, then uninstall DNS off the Win2000 machine,
then once that's done, you can then go to the Win2003 DNS and change the
partition's replication scope to one of the app partitions.

In ADSI Edit, you can view all five partitions. You were viewing the app
partitions, but not the main partitions. You need to add the DomainNC
partition in order to delete that zone. But you must uninstall DNS off the
Win2000 server first, unless you want to keep the zone in the DomainNC. But
that wouldn't make much sense if you want to take advantage of the _msdcs
zone being available forest wide in the ForestDnsZones partition, which you
should absolutley NOT delete. I would just use the Win2003 DNS servers only.

In ADSI Edit, rt-click ADSI Edit, connect to, in the Connection Point click
on "Well known Naming Context", then in the drop-down box, select "Domain".
Drill down to CN=System. Under that you will see CN=MicrosoftDNS. You will
see the zone in there.

But make sure to decide FIRST which way to go before you delete anything.

Some reading for you...
Directory Partitions:
http://www.microsoft.com/resources/documentation/Windows/2000/server/r...it/en-u

kbAlertz- (867464) - Explains how to use ADSI Edit to resolve app partitions
issues:
http://www.kbalertz.com/kb_867464.aspx
__________________________

Ace