none
DHCP Service not siscarding A and PTR records in DNS when lease is deleted RRS feed

  • Question

  • Hi,

    I have a Window Server 2003 SP2 DHCP server with a scope that has a 1 hour lease time. I know that is short, but I cannot change it right now. The scope is configured as follows on the DNS tab:

    > Enable DNS dynamic updates according to the settings below [TICKED]

       > Dynamically update DNS A and PTR records only if requested by DHCP clients [NOT TICKED]

       > Always dynamically update DNS A and PTR records [TICKED]

    > Discard A and PTR records when lease is deleted [TICKED]

    > Dynamically update DNS A and PTR records for DHCP clients that do not request updates (e.g. NT4 clients) [TICKED]

    The DHCP Server is also a Domain Controller.
    The DHCP clients are Windows XP SP3 workstations.

    The DHCP service allocates IP addresses to DHCP clients fine.
    Upon IP allocation, the DNS A and PTR records are being registered in DNS fine.
    When the lease expires, the IP lease is deleted successfully from DHCP scope.
    When the IP lease is deleted, the following event is record in the DHCP log file <date,time>,Deleted,x.y.y.z,,,

    However, the DNS A and PTR records are not being deleted from DNS when the lease expires. I thought that the setting in the DHCP scope which is ticked "Discard A and PTR records when lease is deleted" would have the DHCP service delete the A and PTR records from DNS when the lease is deleted from DHCP.

    Obviously I do not understand this settings correctly or something is misconfigured.

    Can anyone explain this behaviour?

    In a nutshell, when the lease expires and the allocation is deleted from DHCP, I would like the DNS A and PTR records deleted from DNS as well (without the need to DNS scavenging to do a cleanup).

    Thanks,
    Darren


    Tuesday, May 29, 2012 5:28 AM

Answers

All replies

  • Hi,

    Thanks for posting here.

    Have we tried to manually release the DHCP lease by command “ipconfig /release” on DHCP client computer ? and what would happen to its DNS record ? would that be deleted ?

    Have we also set DHCP update credentials in DHCP service ? and which account was the owner of its DNS records ?

    Please understand that discard does not mean delete records by DHCP server itself immediately, system will clean these records by the DNS aging/scavenging settings on DNS server . So is there any reason without that ?

    Since we’ve set the lease duration to one day ,please also adjust the No Refresh and Refresh time properly on DNS server in order to keep the DNS clean and updatd :

    DHCP, Dynamic DNS Updates , Scavenging, static entries & time stamps, and the DnsProxyUpdate Group

    http://msmvps.com/blogs/acefekay/archive/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group.aspx

    How DNS Scavenging and the DHCP Lease Duration Relate

    http://blogs.technet.com/b/askpfe/archive/2011/06/03/how-dns-scavenging-and-the-dhcp-lease-duration-relate.aspx

    Optimizing your network to keep your DNS squeaky clean

    http://blogs.technet.com/b/networking/archive/2009/02/09/optimizing-your-network-to-keep-your-dns-squeaky-clean.aspx

    Regards,

    Tiger Li

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact  tnmff@microsoft.com.


    Tiger Li

    TechNet Community Support

    Wednesday, May 30, 2012 5:09 AM
  • Hi,

    Please feel free to let us know if the information was helpful to you.

    Regards,

    Tiger Li

    TechNet Subscriber Support in forum
    If you have any feedback on our support, please contact  tnmff@microsoft.com.


    Tiger Li

    TechNet Community Support

    Thursday, May 31, 2012 6:51 AM
  • Thank you for the reply. I appreciate you taking the time to provide your thoughts on my question.

    No, I have not tried the ipconfig /release, though I am pretty sure that would be fine. The problems is only when laptop is shutdown down and the IP lease expires with the computer off the network.

    No, I do not have DHCP credentials configured, but that is something worth consideration. Note that the server is also a domain controller.

    The DHCP Server service is running under the LOCAL STSTEM account. The DNS record permissions have ENTERRPISE DOMAIN CONTROLLERS: FULL CONTROL and also SYSTEM: FULL CONTROL permissions on the DNS record. From this, I assume the DHCP Server service has permissions to the record.

    You say that DISCARD does not mean DELETE and that the the DNS Scavenging process cleans up stale records. I understand how DNS Scavenging works, but this should only cleanup anything that slips through the cracks (I thought).

    If that is the case (DISCARD does not mean DELETE), then what does the setting  "Discard A and PTR records when lease is deleted" REALLY do? What does DISCARD actually mean? What is the consequence of not ticking this option on the DHCP scope?


    Monday, June 4, 2012 5:20 AM
  • 1. From http://support.microsoft.com/kb/816592 "Click to select the Discard A and PTR records when lease is deleted check box to have the DHCP server delete the record for a client when its DHCP lease expires and is not renewed."

    2. From http://support.microsoft.com/?id=932464 The Registry parameter DatabaseCleanupInterval (set to 60 mins), informs the DHCP Server service to cleanup its database every 60 minutes.

    3. From http://technet.microsoft.com/en-us/library/cc780476(v=ws.10).aspx Leases are retained in the DHCP server database four hours after expiration.

    If you do not select select the Discard A and PTR records when lease is deleted check box, when the database cleanup routine runs (every 60 minutes), then once the record is over 4 hours past the expired date, the DHCP Server service will not delete DNS records. If it is ticked, then it should delete the DNS records. However, in my instance, this process is not working.

    From http://support.microsoft.com/?id=837061 One explaination for this is that DHCP queue limit is being hit. This can be extended using the value DynamicDNSQueueLength.DynamicDNSQueueLength. This value is not set, but can be.

    Additionally, as the DHCP Server service is running on a DC, the DHCP service should be configured with service credentials to use Secure Dynamic DNS registrations initiated by the DHCP service. This is the recommended security configuration. As there is backup DHCP server, the DNSProxyUpdate group should also be used.


    Tuesday, June 5, 2012 12:52 AM