#Static host entries showing up

Hey all. Like the title says, I'm seeing static host entries (vserver services name-service dns hosts) appearing "by itself". Specifically, one of our DCs show up with an old IP which it does not have anymore. I delete it, and a while later (may be days or weeks, I don't know) it reappears with the same old IP.
So the DC name is correct, but the IP is wrong. I've scoured AD for any remnants of it, but can't find anything. The other DCs don't show up there at all, but are found using DNS run-time.
Static hosts overrides dns, so I'm seeing error messages in the event log (secd.conn.auth.failure), but as we have several DCs this isn't causing any issues.
Where could this come from? (9.7)

WINS maybe? also, did you check the ressource records in DNS for the DCs, maybe there are some leftovers in there that get picked up...

We don't do WINS, and I've gone as far as dumping the AD DNS zones to text to see if I can find the old IP, it's just nowhere to be found...

Even so, why would it be added to the static hosts table?

Yeah, I have seen systems do that. I guess it might be to force the use of a particular LIF that has the corresponding service policy set, instead of the LIF that would be selected by the default routing determinism algorithm

Taking a guess, could this be some old script adding the host entry to the SVM? These are static entries as you noted, so it would not be added by ONTAP automatically when doing a DNS lookup or anything else. I would check the audit log for any clues. The DNS host name of the DC or (bad) IP Address should help in your search.