How can i get mapping of an ip address to a hostname history records on premise network?
i wish to get something like this data:
192.168.1.1 was maped to: mycomp.mydomain.dom from: 1/1/2016 to: 1/2/2016
192.168.1.2 was maped to: mycomp.mydomain.dom from: 1/2/2016 to: 1/3/2016
192.168.1.1 was maped to: othercomp.mydomain.dom from: 1/1/2016 to: 1/2/2016
etc...
for all domain records. is there an option to query the enterprise dns server? or maybe Active directory?
All DNS servers support axfr queries, which are Zone transfers. which will basically give you a dump of the entire domain. You could script that to create that dump on a schedule.
In order to allow Zone Transfers you need to enable the server to do so.
On Bind servers you need to add
acl trusted-servers {
192.168.191.10; //ns2
25.111.24.6; //ns3
};
To the zone.
For Windows you can run this command (as discussed on technet article Modify DNS zone transfer settings
dnscmd ServerName /ZoneResetSecondaries ZoneName /SecureList[SecondaryIPAddress...]
As for discovering those records retrospectively, the best bet you've got for that is going through backups, for bind there will be Zone files. For AD it depends how it is set up, but they should be stored as .dns files in the %SystemRoot%\System32\Dns folder on the primary and secondary nameservers.