none
Enable DNS aging and scavenging

    Question

  • Hi,

    I have 5 DC with DNS in different site connect with WAN LInk, main site have 2 DC and rest of the 3 site as additional DC, infobox serve as DHCP with lease time 9 hours for DHCP client.

    All DC server running windows 208 R2 SP1 and Running DNS Active Directory Integrated Zone with Dynamic update.

    My plan is enable it  on 2 main DC in main site and the interval is default 7 days. As i read some article suggest it must equal or not less than DHCP lease time?

    I have forward and reserve lookup zone configure under domain name XXXX.local

    Any advice on enable DNS aging and scavenging? Do i need to enable it on all the DC in all site under XXXX.local or i just only enable it on 2 DC in main site only?


    Monday, September 17, 2012 11:05 AM

Answers

All replies

  • Hi,

    Thank you for the post.

    1. You just need to enable DNS scavenging on one DC in main site.  The results will be replicated to other DCs
    2. The scavenging refresh and No refresh interval must be equal or less than DHCP lease time. The lowest scavenging interval is 1 day.
    3. The scavenging total time formula is : NoRefresh + Refresh * 2 + scavenge period. You could use default 7 days or other value you like.
    4. If you want to force age all DNS record including static records, run command "dnscmd /AgeAllRecords" on your server.

    http://msmvps.com/blogs/acefekay/archive/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group.aspx

    If there are more inquiries on this issue, please feel free to let us know.

    Regards


    Rick Tan

    TechNet Community Support

    Wednesday, September 19, 2012 3:21 AM
    Moderator
  • Hi Ricky,

    Thank for the explanation. What IS NoRefresh + Refresh * 2 + scavenge period. Can you give me an example and explain on this?

    I have increase the lease time to 3 days.

    Wednesday, September 19, 2012 3:13 PM
  • Hi,

    There is example in my posted article.

    .Zone is set to a 3 day Refresh and a 3 day No-Refresh interval
    .Server Scavenging period is set to 3 days
    .The total time is 3 day No-Refresh + 3 day Refresh + 3 day No-Refresh + Scavenging period (1 day--3 day)= anytime in (10 day-- 12 day)

    http://blogs.technet.com/b/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx

    Regards


    Rick Tan

    TechNet Community Support

    Thursday, September 20, 2012 3:32 AM
    Moderator
  • Hi XMELMEKX,

    My blog that Rick posted, shows how those two settings are related with a chart from a Technet Blog. Basically once a record is eligible for scavenging (past its timestamp), it goes through two cycles, refresh and no-refresh, then it's scavenged at the next cycle. For your convenience, here's the chart, which shows 3-Day Refresh, and a 3-Day NoRefresh.

    image

    .

    Here's an additional reference:

    Optimizing your network to keep your DNS squeaky clean
    http://blogs.technet.com/b/networking/archive/2009/02/09/optimizing-your-network-to-keep-your-dns-squeaky-clean.aspx

    .


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Thursday, September 20, 2012 3:38 AM
  • I also suggest since you're asking a question for assistance, and a discussion, to please change this thread type to "Question." This way you can mark posts as "Answer" that you felt were helpful!

    Thank you!


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Thursday, September 20, 2012 3:39 AM
  • Hi,

    i have one more question is after check on my DNS server, i found those domain controller will have static record but for other server it not show static record . Rest of the server have timestamp on the record. All the servers are fix IP address. If i enable DNS scavenging mean it will delete server DNS record? or the server will keep update the DNS refresh timestamp record so it will not scavenging server DNS record?

    Tuesday, September 25, 2012 2:04 PM
  • Static records will only be made eligible to scavenge if you age them forcibly by doing one of the following:

    • run command "dnscmd /AgeAllRecords" on your server  (from Rick's #4 in his previous post)
    • In DNS console, Right-click Age All Records

    .

    Even if y ou were to do this on your zone with the DC's static records, it will make them eligible for scavenging, but it won't do delete them since their TTLs haven't expired, and because DCs refresh their records every 60 minutes, it doesn't matter - their records will ALWAYS be fresh.

    What you DO have to worry about if you do one of those things above, are all the other statics you've manually created for various apps and services, which it WILL make them eligible.

    Inventory your records for all static non-DC records you've created so you know what to expect. If it were me, I would just enable scavenging and let it do its own thing automatically without forcibly aging them.

    .


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Wednesday, September 26, 2012 12:09 AM
  • Hi Ace,

    Understood static DNS Host A record won't be deleted when enable aging, my concern is those server like (eg. WSUS, Citrix, Application) server, those server are configure with fix IP but it have timestamp on their Host A record. Will it be automatically delete?

    Sunday, September 30, 2012 6:01 AM
  • Hi Ace,

    Understood static DNS Host A record won't be deleted when enable aging, my concern is those server like (eg. WSUS, Citrix, Application) server, those server are configure with fix IP but it have timestamp on their Host A record. Will it be automatically delete?

    That's what I meant about static records - ones you created manually with fixed IPs. If you forcibly age the zone, they will be eligible for scavenging.

    My suggestion is to just enable scavenging without forcibly aging anything, and the static entries won't get touched.


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Sunday, September 30, 2012 5:45 PM
  • Hi,

    What you mean those server configure with static IP address it's static records?

    When i join to domain and check inside DNS record it not state down is static.

    Wednesday, October 3, 2012 3:45 PM

  • 3. The scavenging total time formula is : NoRefresh + Refresh * 2 + scavenge period. 

    Hi,

    Sorry for necroposting. But I really want to understand why there is "2" in the formula. 

    I have tried to google it and most sources say that formula is: NoRefresh + Refresh + Scavenge period

    This article also hasn not "*2"

    https://blogs.technet.microsoft.com/networking/2008/03/19/dont-be-afraid-of-dns-scavenging-just-be-patient/

    Thursday, November 15, 2018 9:35 PM