This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 7.000000000000001%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJJ%3C/text%3E%3C/svg%3E)
we have one Windows 2016 server with IP 192.168.2.100. The DNS A and PTR record for this server
is configured static. Somehow, the static PTR was deleted. Is there any log to detect why this PTR is deleted or what you think is the cause?
Thank you!
Some ideas here.
--please don't forget to upvote and Accept as answer if the reply is helpful--
Just checking if there's any progress or updates?
--please don't forget to upvote and Accept as answer if the reply is helpful--
Thanks for checking and help, David.
I checked it only shows the PTR record is deleted from one of Windows DNS server but did not show who deleted. does it mean that server deleted itself? thanks
shows the PTR record is deleted from one of Windows DNS server but did not show who deleted. does it mean that server deleted itself
Bottom line is there may not be a clear record of who or what deleted a PTR record.
--please don't forget to upvote and Accept as answer if the reply is helpful--
anything you think could cause the static PTR to be deleted on the server side? Thank you!
Maybe scavenging or someone's accidental deletion.
if someone's accidental deletion, does the log show who did?
Looks like it does not for PTR records.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Hi. Thank you for your question and reaching out. I’d be more than happy to help you with your query.
There may be several reasons why a static PTR record would be deleted on a Windows server, including:
To identify the cause of the deletion, you can check the event logs on the DNS server for any events related to the PTR record deletion. The DNS server logs events in the Microsoft-Windows-DNS-Server-Service/Admin log located in the Event Viewer under the Applications and Services Logs.
You can also check the Windows Security Event Log for any suspicious activity such as logon failures, logon successes, and account management events that may indicate a security breach.
It's also important to check the backup of the DNS Server and see if the PTR record was deleted from there as well.
In addition, it would be a good idea to review any changes that have been made to the DNS server's configuration, including any scripts or automated tools that may have been used to update or manage DNS records.
If you suspect that the deletion was caused by a security breach, it's crucial to take immediate action to secure your DNS server, including changing all credentials, reviewing the security settings, and conducting a thorough security audit of your network.
If the reply was helpful, please don’t forget to upvote or accept as answer, thank you.
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Comments have been turned off. Learn more
