Active Directory 中的域名记录指向 .0 IP 地址,删除该地址安全吗?

tag-icon tag-icon active-directory windows-server-2012-r2 internal-dns
Active Directory 中的域名记录指向 .0 IP 地址,删除该地址安全吗?

不确定删除是否安全。我读到这些 AD 域名记录是由 netlogon 服务和/或其他服务创建的,并且不可更改。我有两个域控制器,每个都在 AD DNS 中正确显示,但有第三个记录,其 IP 为 192.168.203.0 ??? 我不知道它是从哪里来的。删除是否安全?

我之所以问这个问题,是因为这似乎在内部导致了 Exchange Autodiscover 的一些问题。dcdiag(无参数)返回所有正常,并且事件日志中没有关于复制或 AD 的错误。如果我使用 /test:dns 运行 dcdiag,我会得到各种错误,网络上的所有主机都被测试为 DC。

简单介绍一下背景。我们目前正在将 Exchange 服务器从 2003 迁移到 2010,并设置了新的 2012 R2 DC。旧 DC 是 Exchange 的 03。(我知道,这不好,但它是 10 年前由其他人设置的!)。我有一个使用相同服务器的实验室(来自迁移前拍摄的图像),并且域根目录中没有带有 .0 的 IP。因此,自从最近开始升级以来,这个问题就出现在生产系统中。03 服务器将在下周左右退役,所以也许它会在此过程中消失?

我很感激任何建议。谢谢!

这是域上的 nslookup,供参考,您可以看到 .0 记录。

    C:\>nslookup
Default Server:  UnKnown
Address:  fdcc:12e5:12e5:cb::2

> server 192.168.203.222
Default Server:  bert.yourdomain.org
Address:  192.168.203.222

> set type=any
> yourdomain.org
Server:  bert.yourdomain.org
Address:  192.168.203.222

yourdomain.org   internet address = 192.168.203.4
yourdomain.org   internet address = 192.168.203.0
yourdomain.org   internet address = 192.168.203.222
yourdomain.org   nameserver = mail.yourdomain.org
yourdomain.org   nameserver = bert.yourdomain.org
yourdomain.org
        primary name server = bert.yourdomain.org
        responsible mail addr = hostmaster.yourdomain.org
        serial  = 15137
        refresh = 900 (15 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)
yourdomain.org   text =

        "v=spf1 ip4:192.168.203.4 ~all"
yourdomain.org   AAAA IPv6 address = fdcc:12e5:12e5:cb:3c2e:de4c:9d70:25b5
yourdomain.org   AAAA IPv6 address = fdcc:12e5:12e5:cb::2
mail.yourdomain.org      internet address = 192.168.203.4
bert.yourdomain.org      internet address = 192.168.203.222
bert.yourdomain.org      AAAA IPv6 address = fdcc:12e5:12e5:cb:3c2e:de4c:9d70:25b5
bert.yourdomain.org      AAAA IPv6 address = fdcc:12e5:12e5:cb::2
>

如果您愿意,我可以提供标准 dcdiag 输出,但这里是 /test:dns 输出,只是一个片段(很长)。所有测试都通过了标准 dcdiag。但使用 test:dns,它会遍历网络上的所有 IP,甚至不显示实际 DC 的测试,当然它们都会失败。

    C:\Windows\system32>dcdiag /test:dns

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = BERT
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\BERT
      Starting test: Connectivity
         ......................... BERT passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\BERT

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... BERT passed test DNS

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : yourdomain

   Running enterprise tests on : yourdomain.org
      Starting test: DNS
         Summary of test results for DNS servers used by the above domain controllers:

            DNS server: 192.168.203.100 (yourdomain.org.)
               1 test failure on this DNS server

            DNS server: 192.168.203.101 (yourdomain.org.)
               1 test failure on this DNS server

            DNS server: 192.168.203.103 (yourdomain.org.)
               1 test failure on this DNS server

            DNS server: 192.168.203.16 (yourdomain.org.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.203.16
            DNS server: 192.168.203.19 (yourdomain.org.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.203.19
            DNS server: 192.168.203.20 (yourdomain.org.)
               1 test failure on this DNS server

相关内容