| Author | Messages | |
jfigueroa
Posts:13
 | | 03/08/2006 11:18 AM |
| I have an AD 2003 domain and an AD integrated DNS zone. If I look a the
properties of that DNS zone and go to the "Name Servers" tab, I see a
few servers that are not our domain controllers/DNS servers. Those
servers look like DNS servers in other domains that we have a trust
with.
I guess I am curious as to how these servers end up as NS records for
that zone?. The zone is AD integrated and is set to "Dynamic updates",
"secure Only".
I could and will delete those records but I am thinking those records
will come back. The name servers in question do NOT show up with "*" on
the IP address, which could be the result of a query.
Ideas?
Thanks
Johnny Figueroa
Enterprise Network Consultant/Integrator
Network Services Banner Health Voice (602)
495-4195 Fax (602) 495-4406
WARNING: This message, and any attachments, are intended only for the
use of the individual or entity to which it is addressed and may contain
information that is privileged, confidential and exempt from disclosure
under applicable law. If the reader of this message is not the intended
recipient or employee/agent responsible for delivering the message to
the intended recipient, you are hereby notified that any dissemination,
distribution or copying of the communication is strictly prohibited. If
you receive this communication in error, please notify us immediately
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| ZJORZ
Posts:133
| | 03/08/2006 11:30 AM |
| ________________________________
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of Figueroa, Johnny
Sent: Thu 2006-03-09 00:17
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] Name Server records
I have an AD 2003 domain and an AD integrated DNS zone. If I look a the
properties of that DNS zone and go to the "Name Servers" tab, I see a
few servers that are not our domain controllers/DNS servers. Those
servers look like DNS servers in other domains that we have a trust
with.
I guess I am curious as to how these servers end up as NS records for
that zone?. The zone is AD integrated and is set to "Dynamic updates",
"secure Only".
I could and will delete those records but I am thinking those records
will come back. The name servers in question do NOT show up with "*" on
the IP address, which could be the result of a query.
Ideas?
Thanks
Johnny Figueroa
Enterprise Network Consultant/Integrator
Network Services Banner Health Voice (602)
495-4195 Fax (602) 495-4406
WARNING: This message, and any attachments, are intended only for the
use of the individual or entity to which it is addressed and may contain
information that is privileged, confidential and exempt from disclosure
under applicable law. If the reader of this message is not the intended
recipient or employee/agent responsible for delivering the message to
the intended recipient, you are hereby notified that any dissemination,
distribution or copying of the communication is strictly prohibited. If
you receive this communication in error, please notify us immediately
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
> | | | |
| jfigueroa
Posts:13
| | 03/08/2006 11:40 AM |
| It is a DC/DNS and it replicates to the forest which is
actually just one domain.
That's just it, I don't see how or why anybody would go in
there and add them. There are only a few people that have the access to do that
and adding those records just does not make sense.
Thanks
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Almeida Pinto,
Jorge deSent: Wednesday, March 08, 2006 4:28To:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Name Server
records
what is the replication
scope of the zone?
if it is:
DC within domain OR DC/DNS servers within
domain then someone must have added them manually. Before removing them try
finding out who added them and more important WHY?
jorge
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on
behalf of Figueroa, JohnnySent: Thu 2006-03-09 00:17To:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] Name Server
records
I have an AD 2003 domain and an AD integrated DNS zone. If I
look a theproperties of that DNS zone and go to the "Name Servers" tab, I
see afew servers that are not our domain controllers/DNS servers.
Thoseservers look like DNS servers in other domains that we have a
trustwith.I guess I am curious as to how these servers end up as NS
records forthat zone?. The zone is AD integrated and is set to "Dynamic
updates","secure Only".I could and will delete those records but I
am thinking those recordswill come back. The name servers in question do NOT
show up with "*" onthe IP address, which could be the result of a
query.Ideas?ThanksJohnny FigueroaEnterprise Network
Consultant/IntegratorNetwork Services Banner Health Voice (602)495-4195
Fax (602) 495-4406WARNING: This message, and any attachments, are
intended only for theuse of the individual or entity to which it is
addressed and may containinformation that is privileged, confidential and
exempt from disclosureunder applicable law. If the reader of this
message is not the intendedrecipient or employee/agent responsible for
delivering the message tothe intended recipient, you are hereby notified
that any dissemination,distribution or copying of the communication is
strictly prohibited. Ifyou receive this communication in error, please
notify us immediatelyList info : http://www.activedir.org/List.aspxList
FAQ : http://www.activedir.org/ListFAQ.aspxList
archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| CKaiser
Posts:2
| | 03/08/2006 11:46 AM |
| Are there secondary DNS zones for your domain set up in the other
domains that have the trust? Someone may have set it up so they could
resolve names in your domain from the trusted domain...
**********************
Charlie Kaiser
W2K3 MCSA/MCSE/Security, CCNA
Systems Engineer
Essex Credit / Brickwalk
510 595 5083
**********************
> -----Original Message-----
> From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of
> Figueroa, Johnny
> Sent: Wednesday, March 08, 2006 3:39 PM
> To: ActiveDir@xxxxxxxxxxxxxxxxxx
> Subject: RE: [ActiveDir] Name Server records
>
> It is a DC/DNS and it replicates to the forest which is
> actually just one domain.
>
> That's just it, I don't see how or why anybody would go in
> there and add them. There are only a few people that have the
> access to do that and adding those records just does not make sense.
>
> Thanks
>
>
>
> ________________________________
>
> From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of
> Almeida Pinto, Jorge de
> Sent: Wednesday, March 08, 2006 4:28
> To: ActiveDir@xxxxxxxxxxxxxxxxxx
> Subject: RE: [ActiveDir] Name Server records
>
>
> what is the replication scope of the zone?
>
> if it is:
> DC within domain OR DC/DNS servers within domain then someone
> must have added them manually. Before removing them try
> finding out who added them and more important WHY?
>
> jorge
>
> ________________________________
>
> From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of Figueroa, Johnny
> Sent: Thu 2006-03-09 00:17
> To: ActiveDir@xxxxxxxxxxxxxxxxxx
> Subject: [ActiveDir] Name Server records
>
>
>
>
> I have an AD 2003 domain and an AD integrated DNS zone. If I
> look a the
> properties of that DNS zone and go to the "Name Servers" tab, I see a
> few servers that are not our domain controllers/DNS servers. Those
> servers look like DNS servers in other domains that we have a trust
> with.
>
> I guess I am curious as to how these servers end up as NS records for
> that zone?. The zone is AD integrated and is set to "Dynamic updates",
> "secure Only".
>
> I could and will delete those records but I am thinking those records
> will come back. The name servers in question do NOT show up
> with "*" on
> the IP address, which could be the result of a query.
>
> Ideas?
>
> Thanks
>
> Johnny Figueroa
> Enterprise Network Consultant/Integrator
> Network Services Banner Health Voice (602)
> 495-4195 Fax (602) 495-4406
>
> WARNING: This message, and any attachments, are intended only for the
> use of the individual or entity to which it is addressed and
> may contain
> information that is privileged, confidential and exempt from
> disclosure
> under applicable law. If the reader of this message is not
> the intended
> recipient or employee/agent responsible for delivering the message to
> the intended recipient, you are hereby notified that any
> dissemination,
> distribution or copying of the communication is strictly
> prohibited. If
> you receive this communication in error, please notify us immediately
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
>
>
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| davidadner
Posts:0
| | 03/08/2006 11:52 AM |
| One guess is you're using zone transfers with the option
"Allow only servers on name servers tab" (or whatever it's called) and the
person who set this up added the DNS server in question.
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Figueroa,
JohnnySent: Wednesday, March 08, 2006 5:39 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Name Server
records
It is a DC/DNS and it replicates to the forest which is
actually just one domain.
That's just it, I don't see how or why anybody would go
in there and add them. There are only a few people that have the access to do
that and adding those records just does not make sense.
Thanks
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Almeida Pinto,
Jorge deSent: Wednesday, March 08, 2006 4:28To:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Name Server
records
what is the replication
scope of the zone?
if it is:
DC within domain OR DC/DNS servers
within domain then someone must have added them manually. Before removing them
try finding out who added them and more important WHY?
jorge
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on
behalf of Figueroa, JohnnySent: Thu 2006-03-09 00:17To:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] Name Server
records
I have an AD 2003 domain and an AD integrated DNS zone. If I
look a theproperties of that DNS zone and go to the "Name Servers" tab, I
see afew servers that are not our domain controllers/DNS servers.
Thoseservers look like DNS servers in other domains that we have a
trustwith.I guess I am curious as to how these servers end up as
NS records forthat zone?. The zone is AD integrated and is set to "Dynamic
updates","secure Only".I could and will delete those records but I
am thinking those recordswill come back. The name servers in question do
NOT show up with "*" onthe IP address, which could be the result of a
query.Ideas?ThanksJohnny FigueroaEnterprise
Network Consultant/IntegratorNetwork Services Banner Health Voice
(602)495-4195 Fax (602) 495-4406WARNING: This message, and any
attachments, are intended only for theuse of the individual or entity to
which it is addressed and may containinformation that is privileged,
confidential and exempt from disclosureunder applicable law. If the
reader of this message is not the intendedrecipient or employee/agent
responsible for delivering the message tothe intended recipient, you are
hereby notified that any dissemination,distribution or copying of the
communication is strictly prohibited. Ifyou receive this
communication in error, please notify us immediatelyList info
: http://www.activedir.org/List.aspxList
FAQ : http://www.activedir.org/ListFAQ.aspxList
archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| jfigueroa
Posts:13
| | 03/09/2006 7:19 AM |
| Jorge, I was replying to the question about the replication
scope of the zone. The servers in question are not in the same domain,
they are separate domain that are not part of our AD infrastructure but we have
an external trust with them.
I did some testing and created a secondary zone on an
external domain, allowed zone transfers in the internal domain, secured dynamic
updates just like the production scenario and I can not get those NS records
from the external domain to show up internally which was the last
assumption.
Here is what I see in production from an NSLOOKUP of NS
records for internal.com (no IP address at the bottom for the
server1.external.corp NS)
internal.com nameserver =
server1.internal.com
internal.com nameserver =
server2.internal.com
internal.com nameserver =
server1.external.corp
server1.internal.com internet address =
10.1.1.2
server2.internal.com internet address =
10.1.1.3
Thanks
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Almeida Pinto,
Jorge deSent: Thursday, March 09, 2006 12:25To:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Name Server
records
although those DCs are not
yours, but they are in the same domain (I first thought they belonged to another
domain) and these also host DNS services, then yes those DC/DNS servers will
host the same zones and will thus register the NS records for the zones they
host
jorge
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on
behalf of Figueroa, JohnnySent: Thu 2006-03-09 00:39To:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Name Server
records
It is a DC/DNS and it replicates to the forest which is
actually just one domain.
That's just it, I don't see how or why anybody would go in
there and add them. There are only a few people that have the access to do that
and adding those records just does not make sense.
Thanks
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Almeida Pinto,
Jorge deSent: Wednesday, March 08, 2006 4:28To:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Name Server
records
what is the replication
scope of the zone?
if it is:
DC within domain OR DC/DNS servers within
domain then someone must have added them manually. Before removing them try
finding out who added them and more important WHY?
jorge
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on
behalf of Figueroa, JohnnySent: Thu 2006-03-09 00:17To:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] Name Server
records
I have an AD 2003 domain and an AD integrated DNS zone. If I
look a theproperties of that DNS zone and go to the "Name Servers" tab, I
see afew servers that are not our domain controllers/DNS servers.
Thoseservers look like DNS servers in other domains that we have a
trustwith.I guess I am curious as to how these servers end up as NS
records forthat zone?. The zone is AD integrated and is set to "Dynamic
updates","secure Only".I could and will delete those records but I
am thinking those recordswill come back. The name servers in question do NOT
show up with "*" onthe IP address, which could be the result of a
query.Ideas?ThanksJohnny FigueroaEnterprise Network
Consultant/IntegratorNetwork Services Banner Health Voice (602)495-4195
Fax (602) 495-4406WARNING: This message, and any attachments, are
intended only for theuse of the individual or entity to which it is
addressed and may containinformation that is privileged, confidential and
exempt from disclosureunder applicable law. If the reader of this
message is not the intendedrecipient or employee/agent responsible for
delivering the message tothe intended recipient, you are hereby notified
that any dissemination,distribution or copying of the communication is
strictly prohibited. Ifyou receive this communication in error, please
notify us immediatelyList info : http://www.activedir.org/List.aspxList
FAQ : http://www.activedir.org/ListFAQ.aspxList
archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| ZJORZ
Posts:133
| | 03/09/2006 7:28 AM |
| ________________________________
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of Figueroa, Johnny
Sent: Thu 2006-03-09 00:39
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Name Server records
It is a DC/DNS and it replicates to the forest which is actually just one domain.
That's just it, I don't see how or why anybody would go in there and add them. There are only a few people that have the access to do that and adding those records just does not make sense.
Thanks
________________________________
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Almeida Pinto, Jorge de
Sent: Wednesday, March 08, 2006 4:28
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Name Server records
what is the replication scope of the zone?
if it is:
DC within domain OR DC/DNS servers within domain then someone must have added them manually. Before removing them try finding out who added them and more important WHY?
jorge
________________________________
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of Figueroa, Johnny
Sent: Thu 2006-03-09 00:17
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] Name Server records
I have an AD 2003 domain and an AD integrated DNS zone. If I look a the
properties of that DNS zone and go to the "Name Servers" tab, I see a
few servers that are not our domain controllers/DNS servers. Those
servers look like DNS servers in other domains that we have a trust
with.
I guess I am curious as to how these servers end up as NS records for
that zone?. The zone is AD integrated and is set to "Dynamic updates",
"secure Only".
I could and will delete those records but I am thinking those records
will come back. The name servers in question do NOT show up with "*" on
the IP address, which could be the result of a query.
Ideas?
Thanks
Johnny Figueroa
Enterprise Network Consultant/Integrator
Network Services Banner Health Voice (602)
495-4195 Fax (602) 495-4406
WARNING: This message, and any attachments, are intended only for the
use of the individual or entity to which it is addressed and may contain
information that is privileged, confidential and exempt from disclosure
under applicable law. If the reader of this message is not the intended
recipient or employee/agent responsible for delivering the message to
the intended recipient, you are hereby notified that any dissemination,
distribution or copying of the communication is strictly prohibited. If
you receive this communication in error, please notify us immediately
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
> | | | |
| ZJORZ
Posts:133
| | 03/09/2006 8:26 AM |
| ________________________________
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of Figueroa, Johnny
Sent: Thu 2006-03-09 20:16
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Name Server records
Jorge, I was replying to the question about the replication scope of the zone. The servers in question are not in the same domain, they are separate domain that are not part of our AD infrastructure but we have an external trust with them.
I did some testing and created a secondary zone on an external domain, allowed zone transfers in the internal domain, secured dynamic updates just like the production scenario and I can not get those NS records from the external domain to show up internally which was the last assumption.
Here is what I see in production from an NSLOOKUP of NS records for internal.com (no IP address at the bottom for the server1.external.corp NS)
internal.com nameserver = server1.internal.com
internal.com nameserver = server2.internal.com
internal.com nameserver = server1.external.corp
server1.internal.com internet address = 10.1.1.2
server2.internal.com internet address = 10.1.1.3
Thanks
________________________________
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Almeida Pinto, Jorge de
Sent: Thursday, March 09, 2006 12:25
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Name Server records
although those DCs are not yours, but they are in the same domain (I first thought they belonged to another domain) and these also host DNS services, then yes those DC/DNS servers will host the same zones and will thus register the NS records for the zones they host
jorge
________________________________
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of Figueroa, Johnny
Sent: Thu 2006-03-09 00:39
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Name Server records
It is a DC/DNS and it replicates to the forest which is actually just one domain.
That's just it, I don't see how or why anybody would go in there and add them. There are only a few people that have the access to do that and adding those records just does not make sense.
Thanks
________________________________
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Almeida Pinto, Jorge de
Sent: Wednesday, March 08, 2006 4:28
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Name Server records
what is the replication scope of the zone?
if it is:
DC within domain OR DC/DNS servers within domain then someone must have added them manually. Before removing them try finding out who added them and more important WHY?
jorge
________________________________
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of Figueroa, Johnny
Sent: Thu 2006-03-09 00:17
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] Name Server records
I have an AD 2003 domain and an AD integrated DNS zone. If I look a the
properties of that DNS zone and go to the "Name Servers" tab, I see a
few servers that are not our domain controllers/DNS servers. Those
servers look like DNS servers in other domains that we have a trust
with.
I guess I am curious as to how these servers end up as NS records for
that zone?. The zone is AD integrated and is set to "Dynamic updates",
"secure Only".
I could and will delete those records but I am thinking those records
will come back. The name servers in question do NOT show up with "*" on
the IP address, which could be the result of a query.
Ideas?
Thanks
Johnny Figueroa
Enterprise Network Consultant/Integrator
Network Services Banner Health Voice (602)
495-4195 Fax (602) 495-4406
WARNING: This message, and any attachments, are intended only for the
use of the individual or entity to which it is addressed and may contain
information that is privileged, confidential and exempt from disclosure
under applicable law. If the reader of this message is not the intended
recipient or employee/agent responsible for delivering the message to
the intended recipient, you are hereby notified that any dissemination,
distribution or copying of the communication is strictly prohibited. If
you receive this communication in error, please notify us immediately
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
> | | | |
| jfigueroa
Posts:13
| | 03/09/2006 12:00 PM |
| This makes more sense. Those other domains could be 2000 where you don't
have the ability to do conditional or domain specific forwarding.
I will look into that. Jorge would also be correct in that someone
probably manually added them, probably a while back and I just noticed
it.
Thank you
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Charlie Kaiser
Sent: Wednesday, March 08, 2006 4:44
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Name Server records
Are there secondary DNS zones for your domain set up in the other
domains that have the trust? Someone may have set it up so they could
resolve names in your domain from the trusted domain...
**********************
Charlie Kaiser
W2K3 MCSA/MCSE/Security, CCNA
Systems Engineer
Essex Credit / Brickwalk
510 595 5083
**********************
> -----Original Message-----
> From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Figueroa,
> Johnny
> Sent: Wednesday, March 08, 2006 3:39 PM
> To: ActiveDir@xxxxxxxxxxxxxxxxxx
> Subject: RE: [ActiveDir] Name Server records
>
> It is a DC/DNS and it replicates to the forest which is actually just
> one domain.
>
> That's just it, I don't see how or why anybody would go in there and
> add them. There are only a few people that have the access to do that
> and adding those records just does not make sense.
>
> Thanks
>
>
>
> ________________________________
>
> From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Almeida
> Pinto, Jorge de
> Sent: Wednesday, March 08, 2006 4:28
> To: ActiveDir@xxxxxxxxxxxxxxxxxx
> Subject: RE: [ActiveDir] Name Server records
>
>
> what is the replication scope of the zone?
>
> if it is:
> DC within domain OR DC/DNS servers within domain then someone must
> have added them manually. Before removing them try finding out who
> added them and more important WHY?
>
> jorge
>
> ________________________________
>
> From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of Figueroa, Johnny
> Sent: Thu 2006-03-09 00:17
> To: ActiveDir@xxxxxxxxxxxxxxxxxx
> Subject: [ActiveDir] Name Server records
>
>
>
>
> I have an AD 2003 domain and an AD integrated DNS zone. If I look a
> the properties of that DNS zone and go to the "Name Servers" tab, I
> see a few servers that are not our domain controllers/DNS servers.
> Those servers look like DNS servers in other domains that we have a
> trust with.
>
> I guess I am curious as to how these servers end up as NS records for
> that zone?. The zone is AD integrated and is set to "Dynamic updates",
> "secure Only".
>
> I could and will delete those records but I am thinking those records
> will come back. The name servers in question do NOT show up with "*"
> on the IP address, which could be the result of a query.
>
> Ideas?
>
> Thanks
>
> Johnny Figueroa
> Enterprise Network Consultant/Integrator Network Services Banner
> Health Voice (602)
> 495-4195 Fax (602) 495-4406
>
> WARNING: This message, and any attachments, are intended only for the
> use of the individual or entity to which it is addressed and may
> contain information that is privileged, confidential and exempt from
> disclosure under applicable law. If the reader of this message is not
> the intended recipient or employee/agent responsible for delivering
> the message to the intended recipient, you are hereby notified that
> any dissemination, distribution or copying of the communication is
> strictly prohibited. If you receive this communication in error,
> please notify us immediately
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
>
>
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| dasadasanudas@xxxx.yyy
| | 03/09/2006 12:46 PM |
| You will also get these records if you demote DCs and if the demotion
didn't do a good cleanup job after itself.
M@
On 08/03/06, Figueroa, Johnny wrote:
>
> I have an AD 2003 domain and an AD integrated DNS zone. If I look a the
> properties of that DNS zone and go to the "Name Servers" tab, I see a
> few servers that are not our domain controllers/DNS servers. Those
> servers look like DNS servers in other domains that we have a trust
> with.
>
> I guess I am curious as to how these servers end up as NS records for
> that zone?. The zone is AD integrated and is set to "Dynamic updates",
> "secure Only".
>
> I could and will delete those records but I am thinking those records
> will come back. The name servers in question do NOT show up with "*" on
> the IP address, which could be the result of a query.
>
> Ideas?
>
> Thanks
>
> Johnny Figueroa
> Enterprise Network Consultant/Integrator
> Network Services Banner Health Voice (602)
> 495-4195 Fax (602) 495-4406
>
> WARNING: This message, and any attachments, are intended only for the
> use of the individual or entity to which it is addressed and may contain
> information that is privileged, confidential and exempt from disclosure
> under applicable law. If the reader of this message is not the intended
> recipient or employee/agent responsible for delivering the message to
> the intended recipient, you are hereby notified that any dissemination,
> distribution or copying of the communication is strictly prohibited. If
> you receive this communication in error, please notify us immediately
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
|
|