Aug 10, 2011
tom

A and CNAME records vanish overnight on AD Integrated DNS zone

Question

I have a Windows Server 2008 AD Integrated DNS zone across two domain controllers, I have added various CNAMEs pointing to our Build and Dev Web servers to support or continuous integration process.

These CNAME, and the A record for a server vanish over night, not all of them just a small selection usually between 5 and 7 days after they were created.

  • No one else in the company has touched the config (only 2 of us have access, I have primary responsibility for managing DNS).
  • DNS Scavenging is disabled on both DNS servers.
  • There are no error messages or warnings in the Event Logs.

Any ideas, suggestions or solutions appreciated.

Answer

I’d still suspect scavenging, personally; those settings have a habit of not working right. The per-zone settings and per-server settings combine to make for some strange behavior.

But, we don’t have to guess at what’s going on. Turn on the Directory Service Changes security audit category on your domain controllers; more info on how to do this here.

You will then get events in your security log (specifically, 5136 for changes or 5141 for deletions) that communicate exactly who, what, and when the entries were messed with.

Related posts:

  1. AD Integrated DNS Zone restore/repair
  2. How to use AD-integrated DNS to serve records for two unrelated domains
  3. The Active Directory integrated DNS zone _msdcs.COMPANY.LOCAL was not found
  4. AD domain member DNS record randomly disappearing from AD’s DNS server
  5. Workstations’ records not updating in DNS

Leave a comment