• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 562
  • Last Modified:

Overscavenged DNS, now I need to repopulate.

Our DNS had many records incorrect, as DHCP was and apparently is not updating records properly when IP addresses changed. I shortened the leases for DHCP and shortened the scavenge interval for DNS to clear out the records, but apparently went too far. I need a way to repopulate DNS from DHCP without having to touch all the workstations in my environment. I have a current list of computer names and IP addresses, and DHCP is also current. I would prefer not to maually update all the records individually. Also, if anyone has an idea on how to ensure that DHCP keeps up with workstation name/address links in the future I would appreciate it. DHCP and DNS are both running on the DCs (Win2k3 sp1). The DHCP lease interval is currently 5 days, and DNS is set to scavenge stale records, the no-refresh and refresh are 1 day, and the automatic scavenging is set to 10 days.
0
svivian
Asked:
svivian
  • 4
  • 4
  • 4
2 Solutions
 
Chris DentPowerShell DeveloperCommented:

I'm afraid I can't remember how frequently DHCP pushes records into DNS - or even if it does perform Refreshes. It's possible that it only occurs when the client gets a new lease (Update instead of Refresh). If that is the case you may be able to force a refresh by running ipconfig /release and ipconfig /renew on your machines. It would also be possible to put that in a batch file on an OU and let it run for a day or two.

But this bit is a problem and likely to be an ongoing one unless you change it:

> the no-refresh and refresh are 1 day

Set these to match your DHCP Scope - they happen one after the other for each dynamic record and they are used to determine when a record can be scavenged. i.e.:

2 Days No-Refresh
3 Days Refresh

What it means is that for 2 days after a record has been registered in DNS it doesn't get replicated to other AD Integrated DNS Servers each time the client says "hey I'm here" (it is still replicated on creation). If at any point during that time the client updates it's IP Address it's passed through as an Update not a Refresh and the whole process starts again.

After the Refresh Interval comes the No-Refresh, at this point the record starts getting replicated again, a successful Refresh from the client (or in your case DHCP Server) will start the timer all over again at the No-Refresh stage.

If it doesn't Refresh it the client gets those three days to reappear. If it doesn't reappear then it's up for Scavenging next time that runs.

If you set the Scavenging interval to a Day then every day your DNS server will go through and strip out any dynamic Records where the No-Refresh and Refresh intervals have expired (in the example above, any record that hasn't refreshed in 5 days - past the DHCP lease time).

Chris
0
 
TheCleanerCommented:
I agree with Chris on this...and would say that you need to really read over this KB article and make sure dynamic DNS updates is setup right:

http://support.microsoft.com/default.aspx?scid=kb;en-us;816592
0
 
svivianAuthor Commented:
Thanks for the info on the aging. I have reviewed that article, and so far (with the exception of the aging settings) everything is configured properly. We were having some problems with replication a few months ago, which I have since corrected, but as I noted, we were left with A records that were no longer correct (Machine 1 was listed with the IP of machine 2, machine 2 had machine 3's IP, some machines had no listing). I hae made the refresh/no-refresh changes you suggested, and now that I think about it they do make sense based on your explanation. Now all I need to do is repopulate. I have already tried doing /release - /renew and /registerdns from a test client, but the records don't ever appear on the server.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
TheCleanerCommented:
after the /registerdns

check the system event log on the client and see if it shows as successfully registering the A and PTR records or not...
0
 
Chris DentPowerShell DeveloperCommented:

How about a restart of the DHCP Service? You've probably tried already...

The other option is that you can stop DHCP registering on the clients behalf, and provided they're all Windows 2000 or above they'll start populating their records quite quickly (or whenever /registerdns is run).

Chris
0
 
Chris DentPowerShell DeveloperCommented:

For TheCleaner...

If DHCP is configured to register on the clients behalf then the client is not allowed to register their own records so /registerdns doesn't do anything useful. We kind of bumped into that problem at one point but just stopped DHCP handling registrations.

Chris
0
 
TheCleanerCommented:
true...unless he set the DNS server to allow unsecure updates...
0
 
svivianAuthor Commented:
We are running DNS as Active Directory-Integrated, so only secure updates are allowed.
0
 
svivianAuthor Commented:
I think I may have found part of the problem: the DHCP server was set to use a non-existant account as the account for updating DNS. I have since remedied that. However, I would still like a way to force repopulation of the DNS records.
0
 
svivianAuthor Commented:
Finding the incorrect credentials fixed the repopulation problem, but without the info you all supplied, I wouldn't have put it together. Thank you.
0
 
Chris DentPowerShell DeveloperCommented:

Glad I (we) could help :)

Chris
0
 
TheCleanerCommented:
Thanks for the points...happy to assist.
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

  • 4
  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now