Static DNS records hosted in AD/DDNS zone fall out
Last response: in Windows 2000/NT
Archived from groups: microsoft.public.win2000.dns (More info?)
I've created two A records in an Active Directory integrated zone, both
via the DNS Admin snap-in and "nsupdate." The records stay around for a
while, but after "some time," they disappear. There are no errors in the
logs. There are several other static entries in that zone that never
disappear.
Is there a way to log record adds/deletions without pulling all logging
events?
Anyone see this happening? These records are heavily queried, and they
are the only ones that seem to be falling out of the zone. There are no
errors in the various logs.
As a work around, I've a cron job that is doing the work of constantly
pushing the records back in, but that's not the fix I prefer.
JD
I've created two A records in an Active Directory integrated zone, both
via the DNS Admin snap-in and "nsupdate." The records stay around for a
while, but after "some time," they disappear. There are no errors in the
logs. There are several other static entries in that zone that never
disappear.
Is there a way to log record adds/deletions without pulling all logging
events?
Anyone see this happening? These records are heavily queried, and they
are the only ones that seem to be falling out of the zone. There are no
errors in the various logs.
As a work around, I've a cron job that is doing the work of constantly
pushing the records back in, but that's not the fix I prefer.
JD
More about : static dns records hosted ddns zone fall
Archived from groups: microsoft.public.win2000.dns (More info?)
"Jeff Sumner" <jdos2@mindspring.com> wrote in message
news:jdos2-E12E44.09164321122004@msnews.microsoft.com...
> I've created two A records in an Active Directory integrated zone, both
> via the DNS Admin snap-in and "nsupdate." The records stay around for a
> while, but after "some time," they disappear. There are no errors in the
> logs. There are several other static entries in that zone that never
> disappear.
>
> Is there a way to log record adds/deletions without pulling all logging
> events?
>
> Anyone see this happening? These records are heavily queried, and they
> are the only ones that seem to be falling out of the zone. There are no
> errors in the various logs.
>
> As a work around, I've a cron job that is doing the work of constantly
> pushing the records back in, but that's not the fix I prefer.
You can if you wish Audit DS objects directly --
this is separate from other things like Account
Management or Account Logons.
This is similar to file auditing in that you turn on
the feature IN GENERAL, but must ALSO set the
ACL (just like permission ACLs but referencing
Auditing instead) ONLY on the specific objects
(or trees of objects) which interest you.
You will have to locate the DNS records or parent
container and set the appropriate (permission-like)
audit settings AND turn on the general setting.
--
Herb Martin
>
> JD
"Jeff Sumner" <jdos2@mindspring.com> wrote in message
news:jdos2-E12E44.09164321122004@msnews.microsoft.com...
> I've created two A records in an Active Directory integrated zone, both
> via the DNS Admin snap-in and "nsupdate." The records stay around for a
> while, but after "some time," they disappear. There are no errors in the
> logs. There are several other static entries in that zone that never
> disappear.
>
> Is there a way to log record adds/deletions without pulling all logging
> events?
>
> Anyone see this happening? These records are heavily queried, and they
> are the only ones that seem to be falling out of the zone. There are no
> errors in the various logs.
>
> As a work around, I've a cron job that is doing the work of constantly
> pushing the records back in, but that's not the fix I prefer.
You can if you wish Audit DS objects directly --
this is separate from other things like Account
Management or Account Logons.
This is similar to file auditing in that you turn on
the feature IN GENERAL, but must ALSO set the
ACL (just like permission ACLs but referencing
Auditing instead) ONLY on the specific objects
(or trees of objects) which interest you.
You will have to locate the DNS records or parent
container and set the appropriate (permission-like)
audit settings AND turn on the general setting.
--
Herb Martin
>
> JD
Related ressources:
- ForumDNS domain issues
- ForumActive Directory, DNS , and ISP hosted domains
- ForumQuestions on putting up a new DNS server.
- ForumPTR records via legacy Geographic zones
- ForumPlease help me understand Google Apps setup- DNS ? MX Records ?
- ForumZone transfer
- ForumCreating zone on my 'internal' DNS servers to allow unique..
- ForumDNS domain and host records with the same name
- ForumAn attempt to resolve the DNS name of a domain controller in the domai
- ForumDNS "A" records
- ForumConfiguring DNS for new exchange server.
- Foruminternal DNS for outside POP mail with same name (company...
- ForumDNS Set up
- ForumDNS newbie needs help
- ForumWhat should be my DNS and Machine name?
- ForumDNS Problems
- Forumrecord or zone
- ForumDelegating a Classless Reverse DNS Zone
- ForumDNS and MX Records
- ForumParallel and com ports not appearing in device manager
- More resources
!
