DNS - Missing Record Resolves

[airbourne]

I am really stumped about this. I have a PC that is not joined to my domain, but is on the network. I have 3 DNS servers. When I ping HOSTX from my computer, it returns an IP address of a subnet that no longer exists in my network.

When I do an NSLOOKUP for HOSTX, it gives me DNSSVR2 as the server the lookup was performed.

I check the DNS table for all 3 of my servers - there is no entry for HOSTX in either forward or reverse lookup zones. I perform a IPCONFIG /FLUSHDNS on all my DNS servers, my machine.

Now, I don't expect a machine that is not part of my domain to register with my DNS server, but my question is, if I cannot see any such host in my DNS server, why does it resolve at all? How can I find, see or purge any entries in the DNS table that are ghosted?

 

[nsantin]

Have you refreshed the cache on the servers and local machine?

 

[airbourne]

How do I do that?

 

[nsantin]

Client:
From a command prompt:
ipconfig /flushdns

Server:
You didn't specific which DNS server you are running. If windows, then point to the server in DNS, right click and select "Clear Cache

 

[pQi]

scavenge stale resource records on your DNS server.
Right click on your DNS Server and select accordingly.

Try it and let me know

 

[airbourne]

As per my first post, I did do an IPCONFIG /FLUSHDNS on all the DNS servers (there are 3) and my client machine.

I have turned on Scavenging on the servers yesterday. The problem record is still occuring.

I ping WSALP1.
I get response: 10.120.100.143 (timed out)
That subnet does not exist anymore.
No entries for that subnet are listed in either the forward or reverse lookup zones, on any server.

That host does not exist in any folder of the GUI. It also does not exist in a HOSTS file (empty) or LMHOSTS file (empty) on any server or my client I am pinging from. Yet, an NSLOOKUP tells me that the host, WSALP1 is being resolved by 10.100.100.197, which is one of my DNS servers.

When I was looking for duplicate records this morning, I noticed that there was a record in DNS, JOHNSONB2K, that was marked [x] delete when stale, and the timestamp was 8/3/2003. That's a long time not to be stale. That computer was an old PC that was decomissioned and removed from the floor 2 years ago. I know, I removed it.

How long should scavenging take? If it doesn't seem to be working, is there a way to rebuild the DNS database?

I know that I could probably fix this whole issue by either putting in an entry for the host, joining it to the domain (which would put in an entry). However, it bothers me that this would mask another underlying problem with my DNS server.

Thank you all for you replies.

 

[nsantin]

As per my first response, IPCONFIG /FLUSHDNS is a DNS CLIENT command it doesn't do anything on the DNSserver. Unless of course your DNS server is running DHCP Client.

 

[airbourne]

Oops. I cleared the cache too. Sorry, I forgot to include that. That did not fix the problem.

 

[nsantin]

You aren't using any local HOST files anywhere are you?

 

[pQi]

scavenge stale resource records, force it.

 

[elgrandeperro]

Don't use ping as a tool.

Instead, query the dns server directly for those records.

Make sure they are actually on the server.

nslookup - EACHOFORYOURDNSSERVERS
> set debug
> YOURHOSTTHATISINERROR
Also:

> set debug
> set type=soa
> YOURDOMAIN

Do that for each DNS server.

Things to see:

If the SOA serial is the same on each.
If the record is on each server.

gene

 

[elgrandeperro]

Oh, and debug mode will show the TTL to see if it is being refreshed or static.

gene