none
DNS scavenging RRS feed

  • Question

  • Okay,

    I know this question has been asked multiple times but I still am having issues. Basically, I have 3 domain controllers (one windows 2003, one windows 2008r2 and a Windows 2012). I plan to demote/remove the 2003 D.C.

    Recently, I have had complaints that DNS is not working properly. Stale records are still being resolved and clients are becoming frustrated (users).  I have read the following article time and time again but still cannot get my head around it 

    https://blogs.technet.microsoft.com/networking/2008/03/19/dont-be-afraid-of-dns-scavenging-just-be-patient/

    So, I enabled DNS scavenging on ALL of my DC's and on my DHCP server, I have enabled the follwing settings on my DNS tab:

    - Dynamically update DNS if requested by clients

    - Discard A & ptr records

    - Dynnamically update DNS records, etc, etc....

    (My scope pool for DHCP is 192.168.62.40 - 192.168.63.252 and the duration is limited to 8 days)

    What then transpired is that a few static DNS records (after approx 3-4 days) were deleted which caused even more confusion????

    In the end, I had to disable DNS scavenging which is back to where i started. Can anyone suggest what the corrects settings could be without deleteion of static records?  In fact, has anyone got this working correctly at all??

    Thanks

    Andrew

    Thursday, January 19, 2017 4:35 PM

All replies

  • Hi Andrew,

    >> I have read the following article time and time again but still cannot get my head around it 

    How much time did you configure for refresh time and non-refresh time?Please try to configure custom events for DNS server and then check if clients registered this records.

    Have you tried to manually delete these records? How about result?

    Have you tried to reload DNS server? Did issue still occur?

    Best Regards

    John


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, January 20, 2017 6:27 AM
  • hi Andrew,

    let me help here:

    1- DNS scavenging should be enabled on one DC only. not on all DCs. because it's only one DC who would do the delete operation when the cycle time comes.

    2- DNS server being having stale records resolved means you have one of 2 issues:

          a) either DHCP server is not able to update the DNS records properly

          b) client machines are not able to update their records as well in DNS causing stale records in DNS not being updated and still showing old IP addresses.

    now how to check and verify all of this:

    1- create a dedicated DHCP service account that is a normal domain user account in active directory and assign it to the DHCP server under IPV4 > properties>credentials tab

    2- go to DNS server and right click on zone level and go to > security > advanced > make sure that DHCP user account is have write permissions on current object and all child objects as well.

    3- add all DHCP server computer objects as well as the newly created DHCP service account to the AD group called "dnsupdateproxy" group

    4- go to one of the DCs and enabled scavenging on one of the zones on the zone properties itself.

    5- on same DNS console right click on server node > properties> advanced> and select check box of "scavenge stale records....after...X days"

    now all of this should help and you please give it a try..

    notes:

    a) to verify if DHCP is able to update DNS records properly or not check the DHCP logs and you will find each transaction whether It was updated in DNS or simply failed.

    b) after each DNS scavenging cycle there will be a clear event log (can't remember the event ID) that will tell exactly how many records got deleted if any.


    Thanks Mahmoud

    • Proposed as answer by mahelsay Friday, January 20, 2017 6:33 AM
    Friday, January 20, 2017 6:33 AM