List Archives

This forum is an archive of all posts to our mailing list over the past few years. The forum is set read only therefore to contribute you will need to join our list community. See more info about this here.

When subscribed to the list you should use your standard email client to send your posts to ActiveDir@mail.activedir.org.

List Archives

Unanswered Active Topics

Forums Search

Forums >ActiveDir Mail List Archive >List Archives

Subject: [ActiveDir] CNAME records scavenged

Prev Next

You are not authorized to post a reply.

Author

Messages

neil.ruston@credit-suisse.com User is Offline

Posts:82

09/17/2009 11:17 PM
Hi, Apologies for the lack of info in advance :-) [I'm passing on what little info I have!] It has been reported to me that several CNAME records have been scavenged from a zone, which is hosted by Windows based DNS servers (W2k3). My questions are: * Given that CNAME records are manually created and thus have no TTL, under what conditions could/would a CNAME record be scavenged? * Is this a scenario seen before? * Any known root causes? * Any mitigation steps known? Process, permissions, hotfix etc etc. Any info which sheds some light would be hugely appreciated? Many thanks, neil Neil Ruston CREDIT SUISSE +44 (0) 20 7883 3779 * neil.ruston@credit-suisse.com =============================================================================== Please access the attached hyperlink for an important electronic communications disclaimer: http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html ===============================================================================

deji

Posts:257

09/17/2009 11:19 PM
CNAMEs can have Timestamps. Any timestamped records can end up in the oops-bin. Sincerely, _____ (, / \| /) /) /) /---\| (/_ ______ ___// _ // _ ) / \|_/(__(_) // (_(_)(/_(_(_/(__(/_ (_/ /) (/ www.akomolafe.name<http://www.akomolafe.name/> - we know IT -5.75, -3.23 Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: activedir-owner@mail.activedir.org [activedir-owner@mail.activedir.org] On Behalf Of Ruston, Neil [neil.ruston@credit-suisse.com] Sent: Friday, September 11, 2009 5:12 AM To: activedir@mail.activedir.org Subject: [ActiveDir] CNAME records scavenged Hi, Apologies for the lack of info in advance [I’m passing on what little info I have!] It has been reported to me that several CNAME records have been scavenged from a zone, which is hosted by Windows based DNS servers (W2k3). My questions are: • Given that CNAME records are manually created and thus have no TTL, under what conditions could/would a CNAME record be scavenged? • Is this a scenario seen before? • Any known root causes? • Any mitigation steps known? Process, permissions, hotfix etc etc. Any info which sheds some light would be hugely appreciated? Many thanks, neil Neil Ruston CREDIT SUISSE +44 (0) 20 7883 3779 • neil.ruston@credit-suisse.com ============================================================================== Please access the attached hyperlink for an important electronic communications disclaimer: http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html ==============================================================================

AD00000939 User is Offline

Posts:3

09/17/2009 11:19 PM
Also, if aging is enabled using dnscmd /ageallrecords against a DNS zone, all existing records, including manual records, will be timestamped and enabled for scavenging. Arden On Fri, Sep 11, 2009 at 9:12 AM, Rick Sheikh <ricksheikh@gmail.com> wrote: > CNAMEs are manually created but it is entirely possible for someone who > created it, to check the "Delete the record when it becomes stale" box thus > recording the TimeStamp on it, which will make it a scavenging candidate. > Any record can be scavenged. > > > > > > On Fri, Sep 11, 2009 at 7:12 AM, Ruston, Neil < > neil.ruston@credit-suisse.com> wrote: > >> Hi, >> >> Apologies for the lack of info in advance J [I’m passing on what little >> info I have!] >> >> It has been reported to me that several CNAME records have been scavenged >> from a zone, which is hosted by Windows based DNS servers (W2k3). >> >> My questions are: >> >> · Given that CNAME records are manually created and thus have no >> TTL, under what conditions could/would a CNAME record be scavenged? >> >> · Is this a scenario seen before? >> >> · Any known root causes? >> >> · Any mitigation steps known? Process, permissions, hotfix etc etc. >> >> Any info which sheds some light would be hugely appreciated? >> >> Many thanks, >> >> neil >> >> >> ******* Neil Ruston* >> >> ***** CREDIT****** SUISSE* >> >> +44 (0) 20 7883 3779 >> >> * neil.ruston@credit-suisse.com >> >> >> >> ============================================================================== >> Please access the attached hyperlink for an important electronic >> communications disclaimer: >> http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html >> >> ============================================================================== >> >> > -- Connect at LinkedIn: http://www.linkedin.com/in/ardenpineda Call me: http://www.jaxtr.com/ermitanyo

You are not authorized to post a reply.

Forums >ActiveDir Mail List Archive >List Archives > [ActiveDir] CNAME records scavenged

ActiveForums 3.7

Syndicate

Friends

List Archives

List Archives

Friends

Members

Articles

Related Links

Ads