Announcement

Collapse
No announcement yet.

DNS Scavenging

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • DNS Scavenging

    Hey all, I'm having some issues with DNS scavenging. We have two DNS servers, with scavenging enabled in the following locations:

    Server1:
    Server1 > Properties > Advanced > Enable Scavenging
    Forward Lookup Zone > Properties > Aging

    Server2:
    Forward Lookup Zone > Properties > Aging

    Even though it is enabled, we continue to have duplicate A records throughout our enterprise. This is obviously causing issues with hostname resolution and such.

    I also noticed for the properties of scaveging period and saw that it was different on both servers:

    Server1, 7/31/2009 11:00:00 AM
    Server2, 5/15/2009 10:00:00 PM

    So why is scavenging not doing its job?

  • #2
    Re: DNS Scavenging

    How long has it been enabled for?

    Comment


    • #3
      Re: DNS Scavenging

      IS DNS AD integrated?

      What are your settings for scavenging (days) for the no-refresh and refresh intervals on the zones?

      Is scavenging enabled at the server level on Server2?

      Are the host records created dynamically or manually?

      Comment


      • #4
        Re: DNS Scavenging

        Thanks for the replies guys.

        Scavenging has been enabled for a good while now.. I'd say at least a year. Only now am I noticing duplicate records though.

        And DNS is AD Integrated.

        No refresh is set to 7 days, and refresh is at 14.

        Records are created dynamically.

        As far as scavenging being enabled, right now it is enabled on Server 1 for the DNS server itself, and for the forward lookup zone. On Server 2, it is enabled only in the forward lookup zone.

        Comment


        • #5
          Re: DNS Scavenging

          I've never mucked much with scavenging but my understanding is this:

          Scavenging needs to be enabled at the server and zone level.

          Here's my guess as to what's happening:

          1. Since DNS is AD integrated there's no concept of primary and secondary DNS servers. All DNS servers act as both primary and secondary servers.

          2. Since scavenging is not enabled at the server level on Server2, is it possible that the records are being scavenged on Server1 and repopulated from Server2?

          Try enabling scavenging at the server level on Server2 and then initiate a manual scavenge operation and see what happens.

          Comment


          • #6
            Re: DNS Scavenging

            Do you see 2501 event in dns events? Could you share some of the events occurs related to scavenging?

            Comment


            • #7
              Re: DNS Scavenging

              Originally posted by joeqwerty View Post
              I've never mucked much with scavenging but my understanding is this:

              Scavenging needs to be enabled at the server and zone level.

              Here's my guess as to what's happening:

              1. Since DNS is AD integrated there's no concept of primary and secondary DNS servers. All DNS servers act as both primary and secondary servers.

              2. Since scavenging is not enabled at the server level on Server2, is it possible that the records are being scavenged on Server1 and repopulated from Server2?

              Try enabling scavenging at the server level on Server2 and then initiate a manual scavenge operation and see what happens.
              Not possible unless there's replication issues otherwise its like making a change on DC1 and having DC2 replicate back old changes.

              Also its recommended scavenging only be enabled on one server per zone.

              Comment


              • #8
                Re: DNS Scavenging

                Originally posted by goosed View Post
                Thanks for the replies guys.

                Scavenging has been enabled for a good while now.. I'd say at least a year. Only now am I noticing duplicate records though.

                And DNS is AD Integrated.

                No refresh is set to 7 days, and refresh is at 14.

                Records are created dynamically.

                As far as scavenging being enabled, right now it is enabled on Server 1 for the DNS server itself, and for the forward lookup zone. On Server 2, it is enabled only in the forward lookup zone.
                Do you have a DHCP server that registers DNS records on behalf of the clients?

                When an A record is created, it won't get deleted by scavenging for at least 14 days. In the meantime you can end up with duplicates if a client is unable to update an existing record due to not having permissions to it.

                Comment


                • #9
                  Re: DNS Scavenging

                  Yes our DHCP does register clients. Here are the settings:

                  "Dynamically updated DNS A and PTR records if requested by DHCP clients" and "Discard A and PTR records when lease is deleted" are currently enabled.

                  I also noticed that if I uncheck "Scavenge stale records" under Server 2, but leave it enabled on Server 1, after a period of time Server 2 will again be enabled. I don't know if this makes a difference or not. Timestamps for both servers are identical.

                  Comment


                  • #10
                    Re: DNS Scavenging

                    A few days now, and duplicate A records are still being created

                    What about the DNSUpdateProxy group. Should my DHCP servers be a member of this group? And I noticed (spot checked) that A records are owned by the SYSTEM account. Is this normal?

                    And what about DHCP's DNS Update credentials. Currently they are blank. Should there be an account created solely for this?

                    Comment

                    Working...
                    X