none
DNS scavenging zone, but leaving old non static records

    Question

  • Three years ago we setup scavenging on one of our Win 2003 Domain COntrollers that included DNS servers after following the following article. WE enabled scavenging on only 1 DNS Server, as recommended by this article.

    http://blogs.technet.com/b/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx

    Last year we decommissioned this Win 2003 Domain Controller that included DNS, and added a new Win 2008 DC with DNS to take its place. Unfortunately we forgot we had enabled scavenging only on this decommissioned server, and did not realized it until 7 months later, and now we are having duplicate ip address entries in some of our Forward Zones.

    Here is our setup

    3 Win 2003 DCs all with DNS

    1 Win 2008 DC with DNS

    We setup Scavenging on the WIn 2008 DNS server, as Scavenging was enabled on all Zones, with default of no-refresh 7 days and refresh 7 days. We have 7 zones, but only one zone is the zone that has the majority of our resource records, as the other 6 zones only have a few entries, and all are static. There are 64 reverse lookup zones.

    Scavenging is enabled on Win 2008 server in both places, taking the default for both, no refresh 7 days and refresh 7 days

    Scavenging does work as I have received 2501 events in the DNS Event logs dating back to 1/25/2012

    Here are the results from the 2501 scavenging logs.

    1/25/12         visited zones 55    visited nodes 3562    scavenged nodes 24    scavenged records   17 

    2/1/12           visited zones 68    visited nodes 3716    scavenged nodes 121  scavenged records   142 

    2/8/12           visited zones 69    visited nodes 3937    scavenged nodes 24    scavenged records   17 

    2/15/12         visited zones 69    visited nodes 3903    scavenged nodes 19    scavenged records   12

    2/23/12         visited zones 69    visited nodes 3706    scavenged nodes 23    scavenged records   16

    One of the zones still has 900 non-static resource records that are timestamped from 6/1/2011 until 12/31/2011. I checked on 20 of these records and the Delete this record when it becomes stale checkbox is enabled, so I am assuming that all records have the Delete... stale checkbox enabled. The reverse records are fine, with all records timestamped 2/1/12-2/23/12 with the exception of static records. This zone has scavenging enabled non-refresh 7 days, refresh 7 days.

    Why arent these 900 non-static records not being scavenged. I have tried manually scavenging the records, and still no luck

    The DHCP server is in another forest, so I cant make changes to the DHCP server. For the record, before we decommissioned the Win 2003 DC, scavenging was working properly

    Sunday, February 26, 2012 4:26 PM

Answers

  • Hi,

    Thank you for the post.

    Please try steps below to resolve your issue:

    1. Reset all DNS scavenging intervals for all zones
    DNS Scavenging Intervals are Not Propagating to Existing or New Zones
    2. Assume your DHCP lease time =8 days, change DNS scavenging No refresh interval, refresh interval to 5 days
    3. Set Dynamic updates= Secure and non-secure

    If there are more inquiries on this issue, please feel free to let us know.

    Regards


    Rick Tan

    TechNet Community Support

    Tuesday, February 28, 2012 6:43 AM
    Moderator

All replies

  • Are there any static entries in that zone that's not being scavenged? If not, you can use dnscmd /ageallrecords to force it. Ofcousre, you need administrative rights to do this, if it's in another forest.

    However, if there are any static records, this switch will timestamp them and become scavenged. If this is the case, I would suggest to inventory all the static entries, and recreate them after you use the switch.

    There more on this in the link you posted. In addition, there's more on this topic in the following blog:

    DHCP Service Configuration, Dynamic DNS Updates, Scavenging, Static Entries, Timestamps, DnsUpdateProxy Group, DHCP Credentials, prevent duplicate DNS records, DHCP has a "pen" icon, and more...
    Published by Ace Fekay, MCT, MVP DS on Aug 20, 2009 at 10:36 AM  3758  2 
    http://msmvps.com/blogs/acefekay/archive/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group.aspx  

    .

    Ace

    .


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBookTwitterLinkedIn


    • Edited by Ace Fekay [MCT] Tuesday, February 28, 2012 5:47 AM - clarified required rights to run dnscmd
    Tuesday, February 28, 2012 5:47 AM
  • Hi,

    Thank you for the post.

    Please try steps below to resolve your issue:

    1. Reset all DNS scavenging intervals for all zones
    DNS Scavenging Intervals are Not Propagating to Existing or New Zones
    2. Assume your DHCP lease time =8 days, change DNS scavenging No refresh interval, refresh interval to 5 days
    3. Set Dynamic updates= Secure and non-secure

    If there are more inquiries on this issue, please feel free to let us know.

    Regards


    Rick Tan

    TechNet Community Support

    Tuesday, February 28, 2012 6:43 AM
    Moderator
  • Ace, there over 400 static entries, and to my knowledge none have been removed

    I ended up changing the non-refresh and refresh days to 5

    Guess I will see what happens the next time the 2501 error message occurs

    Tuesday, February 28, 2012 9:37 PM
  • I was asking if the static entries were scavenged or removed.

    Just to be clear and there are no misunderstandings, my suggestion was based on using the DNSCMD comman using the /ageallrecords switch, such as:
    dnsmcd /ageallrecords

    However, if one were to use that command and that switch, the main drawback or caveat, is it would timestamp all static records making them eligible for scavenging and removal.

    Therefore, since you have over 400 static records, that may not be a viable suggestion, unlesss you were to have a list of all static records, then run the dnscmd command to change the timestamp on only those records to infinity, making them static again.

    .

    I would try Rick's suggestion, which involved removing the scavenging settings completely off the zone, then renable them to 5 days. I'm not sure if you did the first part, since you just posted that you changed the settings to 5 days.

    .

    Ace


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBookTwitterLinkedIn


    Tuesday, February 28, 2012 10:34 PM
  • hi,

    i have enabled scavenging on 3 of my zones... i have 9 of them in all. do i have an option where i can force scavenging to run on only of the zones where scavenging is enabled. 

    Wednesday, July 4, 2012 9:33 AM
  • That appears to be a server option only. Even the DNSCMD command only has a server option to force start scavenging on all zones, as shown here:

    Dnscmd startscavenging
    http://technet.microsoft.com/en-us/library/cc756116(v=ws.10).aspx#BKMK_18

    .

    Keep in mind, and as an FYI, if you force start scavenging, if you have any static records, it will place a timestamp on them and will get scavenged. You may want to check your static entries. I usually just set it, and forget it, and allow the automatic process handle it so I don't lose static entries.


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Thursday, July 5, 2012 5:11 AM
  • hi,

    i have enabled scavenging on 3 of my zones... i have 9 of them in all. do i have an option where i can force scavenging to run on only of the zones where scavenging is enabled. 

    Hi 

    three following preconditions is necessary for scavenging to complete 

    • Scavenging is enabled for both the server and the zone. 
    • The zone is started. 
    • The resource records have a time stamp.

    So, If You don't enable  Scavenging  on other Zone or have different time stamp    , Scavenging not happen  . you can Use 

    "dnscmd [<ServerName>] /startscavenging" to force only of the zones that  scavenging is enabled.

    http://technet.microsoft.com/en-us/library/cc772069(v=ws.10).aspx#BKMK_18



    • Edited by kamandi Tuesday, November 6, 2012 7:39 PM
    • Proposed as answer by kwkincer Monday, November 26, 2012 7:45 PM
    • Unproposed as answer by kwkincer Monday, November 26, 2012 7:45 PM
    Tuesday, November 6, 2012 7:37 PM
  • Not sure if you have this fixed or not, but I ran into the same issue recently.  My particular zone in question had the IP address of the old scavenging DNS server specified, which wasn't allowing my new scavenging server to scavenge the records.  Running the following command cleared the old scavenging server's IP and allowed the scavenging of the zone

    To see if a DNS server has been specifically assigned to scavenge a zone:

    dnscmd /zoneinfo <zonename>

    -- you will see something like "Scavenge Servers  Addr Count = 1   Server[0] => <IP>

    dnscmd /zoneresetscavengeservers <zonename>

    --This will clear that IP from above, allowing any/all scavenging servers to scavenge this zone.

    Monday, November 26, 2012 7:54 PM