none
DNS Scavenging RRS feed

  • Question

  • Hi Team,

    I need to enable scavenging in AD integrated DNS. Need few suggestion before i implement the same.

    I have single domain and single forest AD infra and having multiple DNS servers in all DCs.

    Authorised DHCP with lease period 30 Days.

    in DNS having multipe AD integrated Primary zones for different domains but only want to enable scavenging in one zones

    The setting will be 15 days refresh time and 15 days no refresh time with scavenging interval to 1 day.

    So, the question is do i enable this for one DNS server and dedicate this server for scavenging only ?

    Please suggest any best practice by taking my infra setup as above.

    Regards


    Mihir Nayak If a post is helpful, please take a second to hit the green arrow on the left, or mark as answer, thanks

    Tuesday, August 16, 2016 4:28 AM

Answers

  • When there are multiple DNS severs hosting same zone, then one server will be enough since the records be replicated across in short time. 

    Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Tuesday, August 16, 2016 4:41 AM
  • Thanks Arnav..

    So as i said the time is 15/15 and interval 1 days . Means when a Dynamic DNS record is not updated by latest 15 days in 16 days it will be deleted and the same changes will be replicated to all other DNS server. Please correct me if i am wrong.

    Is there any risk you see in this approach ? if yes what would be the mitigation plan ?

    Also overall implementing these feature in first time, any risk ?

    Please suggest.


    Mihir Nayak If a post is helpful, please take a second to hit the green arrow on the left, or mark as answer, thanks

    Tuesday, August 16, 2016 4:54 AM

All replies

  • When there are multiple DNS severs hosting same zone, then one server will be enough since the records be replicated across in short time. 

    Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Tuesday, August 16, 2016 4:41 AM
  • Thanks Arnav..

    So as i said the time is 15/15 and interval 1 days . Means when a Dynamic DNS record is not updated by latest 15 days in 16 days it will be deleted and the same changes will be replicated to all other DNS server. Please correct me if i am wrong.

    Is there any risk you see in this approach ? if yes what would be the mitigation plan ?

    Also overall implementing these feature in first time, any risk ?

    Please suggest.


    Mihir Nayak If a post is helpful, please take a second to hit the green arrow on the left, or mark as answer, thanks

    Tuesday, August 16, 2016 4:54 AM
  • Yes, correct !!

    Why just one day ? What if the system is offline over a week + long weekend ? :)


    Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.


    • Edited by arnavsharma Tuesday, August 16, 2016 4:57 AM
    Tuesday, August 16, 2016 4:56 AM
  • Anyways, this should'nt be a problem. 

    Records will get updated once the system is up. :)


    Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Tuesday, August 16, 2016 4:58 AM
  • Thanks Buddy..

    Mihir Nayak If a post is helpful, please take a second to hit the green arrow on the left, or mark as answer, thanks

    Tuesday, August 16, 2016 5:01 AM
  • Hi Arnav,

    Just one doubt.. where i can set 1 day interval ?


    Mihir Nayak If a post is helpful, please take a second to hit the green arrow on the left, or mark as answer, thanks

    Tuesday, August 16, 2016 5:18 AM
  • Hi Mihir,

    You may set the scavenging interval here:

    A good blog about DNS scavenging and aging for your reference:

    https://blogs.technet.microsoft.com/networking/2008/03/19/dont-be-afraid-of-dns-scavenging-just-be-patient/

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Tuesday, August 16, 2016 6:27 AM
    Moderator
  • Hi Anne,

    I am only focusing for one zone, so here i believe it will be applicable for all zones hosted on that server.

    Please clarify.


    Mihir Nayak If a post is helpful, please take a second to hit the green arrow on the left, or mark as answer, thanks

    Tuesday, August 16, 2016 8:05 AM
  • Hi Mihir,

    Yeah, but it is configured here, we couldn't configure for specific zones, in zone properties, we can only set refresh and no-refresh interval.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Tuesday, August 16, 2016 8:15 AM
    Moderator
  • Thanks Anne..

    That means, for One Zone i can put the refresh and no refresh days and here i need to mention one day ?

    Then on basis of zone ageing it will work on a single zone where i enabled ageing ?

    my plan is to have 15/15 days as refresh and no refresh days with 1 day interval means in 16th day that record should be deleted if it is not updated. Only for one zone in one server where i have multiple dns servers with same data.

    Please suggest.


    Mihir Nayak If a post is helpful, please take a second to hit the green arrow on the left, or mark as answer, thanks


    Tuesday, August 16, 2016 8:20 AM
  • Hi Mihir,

    As mentioned in the blog in my last reply:

    Scavenging is set in three places on a Windows Server:

    1. On the individual resource record to be scavenged.
    2. On a zone to be scavenged.
    3. At one or more servers performing scavenging.

    As for the refresh and no-refresh interval, it is recommended to make refresh interval + no-refresh interval<=DHCP lease duration.

    It is also recommended to make DHCP server register DNS records on behalf of clients.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Tuesday, August 16, 2016 8:27 AM
    Moderator
  • Yes Anne,

    I understand your above points. my DHCP is authorised to register DNS records. But my plan is to enable scavenging for one Zone in one server where i have multiple AD integrated DNS servers.

    Plan is to have 15 days as DHCP lease period is 30 days so i am keeping the days 15+15=30 as DHCP lease

    but want to set interval for 1 day. Hence please suggest the best way to do this..

    I understand to set the automatic scavenging 1 day in DNS server properties after setting aging 15/15 for that specific zone.

    Please correct me if i am wrong..

    Also any risk or mitigation do i need to plan for this ?

    Thanks in advance


    Mihir Nayak If a post is helpful, please take a second to hit the green arrow on the left, or mark as answer, thanks

    Tuesday, August 16, 2016 8:35 AM
  • Hi Mihir,

    >Plan is to have 15 days as DHCP lease period is 30 days so i am keeping the days 15+15=30 as DHCP lease, but want to set interval for 1 day.

    Your plan configurations are OK.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, August 18, 2016 1:27 AM
    Moderator