DHCP Lease & DNS Scavenaging Times - Advice required.

Posted on 2005-03-07
Medium Priority
Last Modified: 2008-01-09

We recently migrated to a new network a few months ago.

80 Windows 2003 servers (Static IP)
250+ Printers / Managed Switches / Routers etc. (Static IP)
1950 XP Desktops (DHCP)
30 XP Laptops (DHCP)

There are two servers acting as both DNS and DHCP servers.
DHCP servers have enough IP's available in their scopes to service many times this number of PC's.
Statistics show that there are only 10% of IP's in use overall and even the heaviest loaded scope is only using 25% of the available IP's (500 in each scope).

Unfortunatley the consultant who designed / configured the system is gone and no longer available.
A few issues have arrisen recently and I discovered that DHCP leases have been set to only 8 hours and scavenging in DNS has not been enabled.

Can someone advise the best practice for DHCP leases and DNS Scavenging periods on a network of this size.
8 hours lease seems very short when there are very few mobile users.
DNS is filling up with duplicate IP addresses for different hosts as the records are never scavenged!


HostA gets assigned IP and registers in DNS.
HostA is switched off for a day.
HostB gets assigned IP and registers in DNS.
(There are now two hosts in DNS with the same IP address)
Ping HostA replies with IP even though it's powered off.

Additional points given for explanation why you would use the lease period / scavenging period you suggest!!

Many Thanks!

Question by:livingan
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
LVL 35

Expert Comment

by:Nirmal Sharma
ID: 13475366
>>>Additional points given for explanation why you would use the lease period / scavenging period you suggest!!


And a Time to Scavenge
Let's assume that we boot mypc, which registers its A record with the primary DDNS server for the acme.com zone. Then, we shut down mypc and never turn it on again. A year later, that A record for mypc will still exist in the acme.com zone file because, by default, Win2K DDNS doesn't eliminate old records. But you can configure scavenging to change that behavior and direct Win2K's DDNS server to eliminate stale records of all types—not only A records.

To activate scavenging, you need to turn it on in several places. First, open the Microsoft Management Console (MMC) DNS snap-in and right-click the icon in the left-hand pane that represents your DNS server. Choose Set Aging/Scavenging for all zones, and select the Scavenge stale resource records check box in the Server Aging/Scavenging Properties dialog box. You'll see No-refresh interval and Refresh interval controls. I'll discuss these intervals later; for now, simply use the defaults. Click OK to clear the dialog box, then click OK again in the Server Aging/Scavenging Confirmation dialog box. Repeat these steps for each zone.

Assuming your DNS server is the primary DNS server for the acme.com domain, double-click the icon that represents the DNS server to see the Forward Lookup Zones folder. In that folder, you'll see another folder that represents the acme.com domain. Right-click the domain folder, choose Properties, and click Aging on the General tab. Again, select the Scavenge stale resource records check box and click OK, then click OK again.

Finally, right-click the icon that represents your DNS server, choose Properties, and click the Advanced tab on the resulting properties page. Select the Enable automatic scavenging of stale records check box, and you're finished.

***End Quote***

Ref: - http://www.windowsitpro.com/Article/ArticleID/19897/19897.html


Author Comment

ID: 13475736
Yip - I know scavenging needs to be enabled and I know how to do it...
Scavenging / aging is closely tied to the DHCP lease time.

My question is - given a network of approx 2000 devices (which hardly ever change) what is the best DHCP lease time to use and based on this what should we then set the scavenging / aging periods to??



Accepted Solution

averyb earned 750 total points
ID: 13479188
The number of available IP addresses available and the amount of network traffic you can handle will help determine an acceptable DHCP Lease.

Since you have gobs of IP addresses that aspect isnt' relevant here.   You could set the lease to be 100 years if you want.  There is no need to worry about releasing IP's to make the available for other hosts.  8 hours is very, very short.  I'd set it to 8-12 days.

After half of the lease period has expired the host will try to renew its IP address.  This is why the longer the IP address the less DHCP related network traffic.  Granted, the renewals are all directed to the specific DHCP server, so at least they aren't broadcasts.  

With a longer lease period, the IP address won't be returned to the DHCP pool; so it won't be assigned to other hosts.  That will go a long way to preventing the duplicate IP addresses in DNS.  Machine A will get its IP address and lease it for say 8 days.  No one else can get that IP for 8 days.  Each time the host checks in with the DHCP server it will renew its current IP address.

I would suggest making the lease long enough to cover the typical length of time that the laptops are not on the network and/or the majority of your machines are shut down.  It'll cut down on breoadcast traffic if those machines can renew their IP address when they return from being off the network instead of having to go through the entire DHCP Lease Acquisition Process.   Since I expect that the laptops are gone (and many desktops shut down) over the weekend, I would say the minimum would be 4 days.  It'll give you a day or two leeway.

With the longer DHCP leases you'll probably also see quicker boot times since the hosts avoid DHCP Denials when they try to renew their IP (since someone else has already been assigned it).  Renewing your current IP is a lot quicker than trying to renew, getting rejected, and then going through the entire DHCP Lease Acquisition process.

I would set the scavenging to at least twice your DHCP lease period.  That'll make sure (at least help prevent) valid registrations from being deleted.

Let me know how it goes.


Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.


Expert Comment

ID: 13480719
One more thing to add.  

The length of your DHCP lease determines how often your DHCP clients check in with the DHCP server to see if any of the parameters have changed.

Not really an issue currently, but if you want to roll out a new DNS server IP or default gateway, it may take a little while for everyone to get the word.  Of course you could just add an ipconfig /renew to a login script to force all clients to contact the DHCP server.


Author Comment

ID: 13484279
Cheers averyb - I was thinking along the lines of the standard 8 day lease for DHCP.

DNS on the other hand is something I do not have as much experience in.
Can someone advise as to the best practice for scavenging DNS based on the information given.

Many Thanks!


Author Comment

ID: 13534986
I'm closing this question with the points going to averyb for suggesting a DHCP lease time.

I'm also opening another question specifically to cover the DNS Scavenging side of things as it hasn't really been addressed here.

Many Thanks,


Author Comment

ID: 13535669

Featured Post

How Blockchain Is Impacting Every Industry

Blockchain expert Alex Tapscott talks to Acronis VP Frank Jablonski about this revolutionary technology and how it's making inroads into other industries and facets of everyday life.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question