Sign in with
Sign up | Sign in
Your question

Static DNS records hosted in AD/DDNS zone fall out

Last response: in Windows 2000/NT
Share
Anonymous
December 21, 2004 12:16:43 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

I've created two A records in an Active Directory integrated zone, both
via the DNS Admin snap-in and "nsupdate." The records stay around for a
while, but after "some time," they disappear. There are no errors in the
logs. There are several other static entries in that zone that never
disappear.

Is there a way to log record adds/deletions without pulling all logging
events?

Anyone see this happening? These records are heavily queried, and they
are the only ones that seem to be falling out of the zone. There are no
errors in the various logs.

As a work around, I've a cron job that is doing the work of constantly
pushing the records back in, but that's not the fix I prefer.

JD
Anonymous
December 21, 2004 2:13:38 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

"Jeff Sumner" <jdos2@mindspring.com> wrote in message
news:jdos2-E12E44.09164321122004@msnews.microsoft.com...
> I've created two A records in an Active Directory integrated zone, both
> via the DNS Admin snap-in and "nsupdate." The records stay around for a
> while, but after "some time," they disappear. There are no errors in the
> logs. There are several other static entries in that zone that never
> disappear.
>
> Is there a way to log record adds/deletions without pulling all logging
> events?
>
> Anyone see this happening? These records are heavily queried, and they
> are the only ones that seem to be falling out of the zone. There are no
> errors in the various logs.
>
> As a work around, I've a cron job that is doing the work of constantly
> pushing the records back in, but that's not the fix I prefer.

You can if you wish Audit DS objects directly --
this is separate from other things like Account
Management or Account Logons.

This is similar to file auditing in that you turn on
the feature IN GENERAL, but must ALSO set the
ACL (just like permission ACLs but referencing
Auditing instead) ONLY on the specific objects
(or trees of objects) which interest you.

You will have to locate the DNS records or parent
container and set the appropriate (permission-like)
audit settings AND turn on the general setting.



--
Herb Martin


>
> JD
!