Rogue DNS "A" and "SRV" records

[Guest]

I have a very interesting problem regarding our DNS service... A little background; it is a primary dns zone that is authoritative for our W2K domain...all dns updates are done via dhcp dynamic updates.

Here is the problem, occaisionally you can do a nslookup on our domain (marshall.edu) and it will return our domain controllers of course, but sometimes it will include just a regular Windows XP machine. I go to DNS snap-in and load the zone to find the "A" record referring to some lab machine as "Same as Parent Folder". If I look a little deeper I find that the machine in question also has "SVC" records identifying it as a LDAP server. Even WINS is identifying some of the machines as Domain Controllers. After close inspection of the machines that these records were referring to, I noticed nothing odd about them.

 

[Jonathan de Boyne Pollard]

J> Even WINS is identifying some of the machines as
J> Domain Controllers.

It is likely, then, that the machines think that they
_are_ domain controllers.

<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-ms-dcs-overwrite-domain-name.html>

 

[Roger Abell]

The "SVC" records are SRV records ?
Is your DNS zone set to allow only secure updates ?

--
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4) MCDBA

I have a very interesting problem regarding our DNS service... A little

background; it is a primary dns zone that is authoritative for our W2K
domain...all dns updates are done via dhcp dynamic updates.

Here is the problem, occaisionally you can do a nslookup on our domain

(marshall.edu) and it will return our domain controllers of course, but
sometimes it will include just a regular Windows XP machine. I go to DNS
snap-in and load the zone to find the "A" record referring to some lab
machine as "Same as Parent Folder". If I look a little deeper I find that
the machine in question also has "SVC" records identifying it as a LDAP
server. Even WINS is identifying some of the machines as Domain Controllers.
After close inspection of the machines that these records were referring to,
I noticed nothing odd about them.

 

[Ace Fekay [MVP]]

In

I have a very interesting problem regarding our DNS service... A
little background; it is a primary dns zone that is authoritative for
our W2K domain...all dns updates are done via dhcp dynamic updates.

Here is the problem, occaisionally you can do a nslookup on our
domain (marshall.edu) and it will return our domain controllers of
course, but sometimes it will include just a regular Windows XP
machine. I go to DNS snap-in and load the zone to find the "A" record
referring to some lab machine as "Same as Parent Folder". If I look a
little deeper I find that the machine in question also has "SVC"
records identifying it as a LDAP server. Even WINS is identifying
some of the machines as Domain Controllers. After close inspection
of the machines that these records were referring to, I noticed
nothing odd about them.

In addition to Roger and Jonathan's response, try enabling Scanvenging to
remove stale (old) records.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory