1 Reply Latest reply on Sep 10, 2018 9:30 AM by horizenred

    Could IPAM Delete a DNS Forward Lookup Zone?



      Yesterday our network technician was working with Solarwinds support to set up IPAM (v4.3.2) so that it would pull the current DNS tables from our DNS server.  Around the same time we started getting calls from users that they could not longer access their computers/servers.


      We went to our DNS server and found the forward lookup zone for our domain was GONE!  Completely gone!


      We recreated the zone and computers began re-registering in DNS, but we are still trying to find the root cause of the problem.


      The service ID used to allow IPAM to communicate with our DNS servers was setup as Domain Admin which should not have been the case! But it was, so it had the permissions to delete DNS zones.  My question is, does IPAM allow changes on the Solarwinds server to be made to the actual DNS server?  Could a deleted zone in IPAM result in the zone being deleted on the DNS server?

      - If yes, how do we prevent this from happening?


      Also, why does IPAM insist on grabbing it's own copy rather than just referencing the DNS server?  Is it to take a load off the DNS Server?  to still provid name/IP resolution if DNS server is down?


      Thanks for you help!

        • Re: Could IPAM Delete a DNS Forward Lookup Zone?

          The IPAM software is capable of IP address AND DNS Management. If the account that was used to link DNS to SolarWinds was a DA account and it had permissions to remove the zone, from my understanding, it will remove it from the zone if deleted in SolarWinds. I also believe that is why IPAM communicates with the DNS servers with zone transfers rather than just poll the DNS server. I do not believe that this provides any kind of name/IP resolution, just simply to transfer the data to and from like another DC or DNS server. We are looking at managing DNS with our IPAM tool, but you could try to follow this SolarWinds link to setup a DNS poll instead. I have not followed these steps so I am unsure how they work.


          Please note, though a network admin, I have never had to handle our DNS since it is tied to our domain controllers, so I am not completely familiar with DNS management options directly.