20,212 questions
Some ideas here.
--please don't forget to upvote and Accept as answer if the reply is helpful--
PTR deletion
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 7.000000000000001%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJJ%3C/text%3E%3C/svg%3E)
John JY
221
Reputation points
we have one Windows 2016 server with IP 192.168.2.100. The DNS A and PTR record for this server
is configured static. Somehow, the static PTR was deleted. Is there any log to detect why this PTR is deleted or what you think is the cause?
Thank you!
Windows for business | Windows Server | User experience | Other
Accepted answer
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous2023-01-26T21:54:29.36+00:00 -
Anonymous
2023-01-27T13:33:51.8666667+00:00 Just checking if there's any progress or updates?
--please don't forget to
upvoteandAccept as answerif the reply is helpful-- -
John JY 221 Reputation points
2023-01-27T15:31:15.8466667+00:00 Thanks for checking and help, David.
I checked it only shows the PTR record is deleted from one of Windows DNS server but did not show who deleted. does it mean that server deleted itself? thanks
Sign in to comment -
3 additional answers
Sort by: Most helpful
-
Anonymous
2023-01-27T15:44:03.9433333+00:00 shows the PTR record is deleted from one of Windows DNS server but did not show who deleted. does it mean that server deleted itself
Bottom line is there may not be a clear record of who or what deleted a PTR record.
--please don't forget to
upvoteandAccept as answerif the reply is helpful---
John JY 221 Reputation points
2023-01-27T21:10:17.9+00:00 anything you think could cause the static PTR to be deleted on the server side? Thank you!
-
Anonymous
2023-01-27T21:15:25.9833333+00:00 Maybe scavenging or someone's accidental deletion.
-
John JY 221 Reputation points
2023-01-27T22:04:13.3766667+00:00 if someone's accidental deletion, does the log show who did?
-
Anonymous
2023-01-27T22:05:49.68+00:00 Looks like it does not for PTR records.
Sign in to comment -
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Limitless Technology 44,751 Reputation points2023-01-31T08:54:36.07+00:00 Hi. Thank you for your question and reaching out. I’d be more than happy to help you with your query.
There may be several reasons why a static PTR record would be deleted on a Windows server, including:
- Manual Deletion: The PTR record may have been deleted manually by an administrator or another user with access to the DNS server.
- Automated script: The PTR record may have been deleted by an automated script that was designed to remove or update DNS records.
- DNS server software: There could be a bug in the DNS server software that caused the PTR record to be deleted.
- Security breach: A malicious actor may have gained unauthorized access to the DNS server and deleted the PTR record.
To identify the cause of the deletion, you can check the event logs on the DNS server for any events related to the PTR record deletion. The DNS server logs events in the Microsoft-Windows-DNS-Server-Service/Admin log located in the Event Viewer under the Applications and Services Logs.
You can also check the Windows Security Event Log for any suspicious activity such as logon failures, logon successes, and account management events that may indicate a security breach.
It's also important to check the backup of the DNS Server and see if the PTR record was deleted from there as well.
In addition, it would be a good idea to review any changes that have been made to the DNS server's configuration, including any scripts or automated tools that may have been used to update or manage DNS records.
If you suspect that the deletion was caused by a security breach, it's crucial to take immediate action to secure your DNS server, including changing all credentials, reviewing the security settings, and conducting a thorough security audit of your network.
If the reply was helpful, please don’t forget to upvote or accept as answer, thank you.
-
Deleted
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Comments have been turned off. Learn more
