Fixing case in Windows DNS entries

There is almost no legitimate reason to spend time “correcting” the case (uppercase, lowercase, CamelCase) of DNS entries, in fact there aren’t any I can think of at the moment.

That said, maybe you find yourself in a position where a DNS entry in Windows Server does not appear in the way you would prefer.  Deleting the entry in the DNS MMC and re-registering the entry they way you’d like it often doesn’t alter the original format.  The reason here is the first time a server performs a dynamic registration/update of its DNS name in an AD integrated zone, an object is created in that zone.  Deleting that entry manually (or letting it expire) results in the entry being dnsTombstoned and not truly deleted, not yet anyway.

dnsTombstoned

If DNS Scavenging is configured, that object will eventually be removed permanently, if not, the object is essentially immortal.  When you re-register the same name, the original object is re-animated (dnsTombstoned = <not set>, or I’ve also seen “FALSE”) causing the original format of the name to come back.

Here’s how to go about “fixing” that.

Each AD object representing a DNS entry is stored in a specific place in AD, based on the replication scope of that particular zone.

Zone replication scope
Location in Active Directory
All DNS servers in the Active Directory forest
Replicates zone data to all DNS servers that are running on domain controllers in the Active Directory forest. Usually, this is the broadest scope of replication.
DC=<zone name>,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=<domain>
All DNS servers in the Active Directory domain
Replicates zone data to all DNS servers that are running on domain controllers in the Active Directory domain. This option is the default setting for Active Directory–integrated DNS zone replication in Windows Server 2003 and Windows Server 2008.
DC=<zone name>,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<domain>,DC=<domain>
All domain controllers in the Active Directory domain
Replicates zone data to all domain controllers in the Active Directory domain.
DC=<zone name>,CN=MicrosoftDNS,CN=System,DC=<domain>,DC=<domain>

The individual entries have objects one level deeper e.g. DC=MYSERVER,DC=mydomain.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=mydomain,DC=com

If you wanted to change that server name to lowercase e.g. “myserver”, the DC=MYSERVER,DC=mydomain.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=mydomain,DC=com object would need to be removed, also potentially replicated to the rest of the relevant servers and then I reloaded the zone just to make sure.

At that point I could re-register with the name in the format I wanted.

Advertisements

Tags:

3 responses to “Fixing case in Windows DNS entries”

  1. Chris says :

    Which command do you use to remove “MYSERVER” or do you use an MMC?

    • ril3y says :

      You need to use something like ADSIEDIT or ADExplorer rather than the DNS MMC because the MMC doesn’t actually remove the AD object, it just marks it “inactive.” Standard disclaimer: Careful with those tools as you can do a lot of damage

      • Chris says :

        Ah ha, ADSIEDIT, that’s the one I was thinking of, I could tell that the DNS MMC wasn’t truly removing the records. Thanks for the guidance, and of course, those tools are dangerous! I appreciate the reminder!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: