Horror Stories from Microsoft DNS Users

What is your worst nightmare?
A break-in to your home while you’re asleep? Falling into a pit of snakes à la Indiana Jones?

What is your worst nightmare? A break-in to your home while you’re asleep? Falling into a pit of snakes à la Indiana Jones? How about mistakenly deleting critical records in your company’s network that bring the entire business to a halt? Or not being able to stay competitive when technology is moving faster than ever?

These are just a few scary scenarios that, all too often, are a reality for Microsoft DNS users. Without secure, centralized, automated network management, scaling networks to meet today’s business needs becomes virtually impossible. Enterprises that lag in network efficiency ultimately pay a hefty toll in stunted growth.

No central visibility into the infrastructure is reportedly the most frustrating part of working with Microsoft DNS. The platform was not designed to be centrally managed so users have no idea what they have or what is missing. It’s this disarray that keeps companies from 21st century computing like leveraging the cloud, provisioning mobile solutions, and doing an adequate job of securing important customer data.

Network professionals who are accustomed to working with Microsoft DNS know the pitfalls of this platform all too well:

  • Impossible to automate
  • No roles-based permissions for admins
  • No audit of DNS changes
  • Once a change is made, it is synced out to the network
  • No rollback available
  • High probability of human error
  • Unnecessary complexity
  • No security

In honor of Halloween, grab a fistful of candy, lock your door, and read – if you dare – these horror stories from network professionals who have lived through the terror of dealing with Microsoft DNS.



“With no central storage for all disparate pieces of data, it is impossible to automate with Microsoft.”


“No central visibility into the data means no idea what network changes are made. You don’t know what you have or what you’re missing – and there is no way to undo anything.”


“Microsoft DNS is a house of cards.”


“Microsoft is not designed to be managed centrally. This prevents us from moving forward on important business initiatives like moving processes to the Cloud and offering mobile options.”


“We’re one of the world’s largest brands. We operate in 150 countries with 150,000 employees. Yet, just three network admins can manage Microsoft changes using specially assigned laptops. They referred to the laptop as their ‘nuclear football’.  Once someone mistakenly deleted a zone that took out the intranet and Exchange for half a day.  As most don’t know, there is no ‘Delete Undo’ function in Microsoft DNS so it was lost altogether. Had they not had an off-line copy in the lab, they would not have been able to restore those critical applications.”


“Doing a deployment to a Microsoft DNS server involves creating new zones, but instead of adding the new zone into the configuration, it instead deleted all the zones and then re-added them (with the new ones). Microsoft DNS also pushes out the resource records (RR), so you have to wait while it rebuilds everything. This is a problem, especially in large environments. It takes time to rebuild all the zones, push them out and replicate all the changes.”

“I did a deployment and it deleted EVERYTHING… Then I had no choice but to sit there while it rebuilt everything. In the meantime, Active Directory replicated all the delete operations to the other DCs and all the DNS data magically disappeared from AD. I ended up with a DNS outage of nearly an hour!”


“Delete operations don’t actually delete the data, as you would expect. Data still lurks there until AD purges the data as part of the tombstoning process. In the meantime, it adds all the records again as new AD objects, so your AD object database grows massively with every deployment.”


“An engineer deleted a customer’s entire Active Directory DNS because they didn’t realize that MS DNS replicates delete operations too!”


“At a large semi-conductor company, MS Windows DNS servers were also used as file servers. A Windows server is NOT a purpose-built DNS server, and typically, a lot of Windows admins have access to it. The additional churn on the disk from the file server role caused HDD crashes that crippled the DNS server and shuttered business services.”


“Scavenging to remove outdated records presents its own horrifying headaches, with non-dynamic records often being scavenged, too. I’ve seen the scavenging process delete stuff it wasn’t meant to, and not delete stuff it was supposed to!”


“If you have more than 10,000 records when performing a zone reload, better go grab a coffee.”

An avatar of the author

Growth by Content is what I do. I’m fuelled by conversations, coffee and sarcasm.

Related content

Detect anomalies and CVE risks with Infrastructure Assurance 8.4 

The Infrastructure Assurance 8.4 release features an anomaly detection engine for outliers and a CVE analysis engine to uncover device vulnerabilities.

Read more

Get fast, resilient, and flexible DDI management with Integrity 9.6

With Integrity 9.6, network admins can get support for new DNS record types, architect and configure multi-primary DNS, and automate IP assignments.

Read more

Deepen your security insight with Infrastructure Assurance 8.3

BlueCat Infrastructure Assurance 8.3, with an enhanced analytics dashboard, including interactive widgets and top 10 alerts, is now available.

Read more

Security, automation, cloud integration keys to DDI solution success

Only 40% of enterprises believe they are fully successful with their DDI solution. Learn how to find greater success with new research from EMA and BlueCat.

Read more

Our commitment to Micetro customers and product investment

From CEO Stephen Devito, a word on BlueCat’s ongoing commitment to supporting Micetro customers and Micetro’s evolution as a network management tool.

Read more

Seven reasons to rethink firewall monitoring and boost automation 

With BlueCat Infrastructure Assurance, you can better protect your network with automated alerts and suggested remedies for hidden issues in your firewalls.

Read more