We're having some Active Directory/Internet Slowness and I've taken a look at our DNS. It is set to scavenge stale records every 3 days and allow dynamic updates is set to secure only. The forward lookup zones contain lots of multiple entries (existing and non existing) for systems and there are systems that haven't been attached to the network for months that show up.
Am I wrong in thinking that scavenging every three days should clear these old entries out? What does "secure only" updates mean?
Thanks in advance.