Static DNS records hosted in AD/DDNS zone fall out

Archived from groups: microsoft.public.win2000.dns (More info?)

I've created two A records in an Active Directory integrated zone, both
via the DNS Admin snap-in and "nsupdate." The records stay around for a
while, but after "some time," they disappear. There are no errors in the
logs. There are several other static entries in that zone that never
disappear.

Is there a way to log record adds/deletions without pulling all logging
events?

Anyone see this happening? These records are heavily queried, and they
are the only ones that seem to be falling out of the zone. There are no
errors in the various logs.

As a work around, I've a cron job that is doing the work of constantly
pushing the records back in, but that's not the fix I prefer.

JD
1 answer Last reply
More about static records hosted ddns zone fall
  1. Archived from groups: microsoft.public.win2000.dns (More info?)

    "Jeff Sumner" <jdos2@mindspring.com> wrote in message
    news:jdos2-E12E44.09164321122004@msnews.microsoft.com...
    > I've created two A records in an Active Directory integrated zone, both
    > via the DNS Admin snap-in and "nsupdate." The records stay around for a
    > while, but after "some time," they disappear. There are no errors in the
    > logs. There are several other static entries in that zone that never
    > disappear.
    >
    > Is there a way to log record adds/deletions without pulling all logging
    > events?
    >
    > Anyone see this happening? These records are heavily queried, and they
    > are the only ones that seem to be falling out of the zone. There are no
    > errors in the various logs.
    >
    > As a work around, I've a cron job that is doing the work of constantly
    > pushing the records back in, but that's not the fix I prefer.

    You can if you wish Audit DS objects directly --
    this is separate from other things like Account
    Management or Account Logons.

    This is similar to file auditing in that you turn on
    the feature IN GENERAL, but must ALSO set the
    ACL (just like permission ACLs but referencing
    Auditing instead) ONLY on the specific objects
    (or trees of objects) which interest you.

    You will have to locate the DNS records or parent
    container and set the appropriate (permission-like)
    audit settings AND turn on the general setting.


    --
    Herb Martin


    >
    > JD
Ask a new question

Read More

Microsoft DNS Active Directory Windows