Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 388
  • Last Modified:

Windows 2003 servers not automatically updating their DNS in reverse lookup zone

Hi again guys.
More DNS fun, todays mindbender is as follows:

I have somewhere in the region of 100 Windows 2003 servers.

All are registering correctly into the forward lookup zone.

When I look at the reverse lookup zone, the time stamps for the DNS entries are dating back to December last year for most servers.

If I perform an ipconfig /registerDNS on a server with an old record, it does update the record succesfully, reflected in the time stamp to the DNS record.

I was about to enable scavenging for this subnet as it also hosts some DHCP clients for our IT dept.  Before I enabled it I thought it prudent to check the server records - I'm glad I did!

Does anybody have any suggestions as to why the time stamps would be so dated?  My understanding was that by default every 24 hours that a 2003 server with a static IP would re-register and update it's DNS record.

Thanks in anticipation.
0
Greencore
Asked:
Greencore
  • 4
  • 3
1 Solution
 
Chris DentPowerShell DeveloperCommented:

It will, but time-stamps don't fully replicate unless Aging is enabled. This is important if you have more than one DNS server accepting updates for the zone.

You might consider setting No-Refresh to 1 day and Refresh to 30 days (or so). That way you have a month to monitor the time stamps before any record can be considered stale.

Note that when enabling Aging on a zone for the first time a lock is placed on the zone to prevent it from being Scavenged until a full pass of the Refresh interval. You can see that lock by selecting View / Advanced then opening the Aging properties. Otherwise the change I suggest wouldn't help much ;)

HTH

Chris
0
 
GreencoreAuthor Commented:
Well, if it isn't my old friend Chris who helped me out with understanding scavenging in the first place!
Hi Chris, good to hear from you again - I know I'm in safe hands!

Aging is not configured for this reverse lookup zone.  This particular zone hosts most of our business critical Central servers along with the IT staffs' DHCP scope whome all share a common IP range.

The reverse lookup is so far divorced from the forward lookup as to be untrue.

So simply by enabling aging I should see the record time stamps updating within DNS, and then configure no refresh/refresh accordingly?

PS thanks for the last problem you solved for me - DNS is working fantastically since I reconfigured it under your advice.
0
 
Chris DentPowerShell DeveloperCommented:

I'm glad to hear it :)

If we set a large Refresh Interval it will lock the zone, preventing Scavenging taking place (on that zone), which is good for us.

After a few days you should find that the Time Stamps are consistent between all Domain Controllers. At which stage you can consider reducing the Refresh Interval to a reasonable level. I don't think that will make it re-evaluate the lock on the zone (never bothered testing that), but that's fine if you're willing to be patient.

The alternative is to disable the automatic Scavenging task, and enable Aging with the preferred intervals. Again it will need to be monitored to make sure it updates before re-enabling the Scavenging task.

Chris
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
GreencoreAuthor Commented:
There's another DNS server which perform a scavenging task daily for all zones including this one.  Its' not practical for me to disable the scavenging so best to leave it in place, and set the refresh to 30 days and wait for everything to drop into sync.

The other reverse lookup zones which have aging configured are behaving beautifully, so what you're saying makes sense.

I'll leave it configured as suggested and monitor.

Thanks Chris.

I'm about to put another post up with regards to our zone transfer configurations which you said before you were up for the challenge...Keep your eyes peeled for a new post from me - could really use your help on that one too!!!
0
 
Chris DentPowerShell DeveloperCommented:

Okay, no problem :)

Chris
0
 
GreencoreAuthor Commented:
Chris - points awarded - new query is under id:24172507
0
 
GreencoreAuthor Commented:
Chris is always extremely helpful, I'm delighted whenever he answers my queries.  Its better than having a MS technical helpline on speed dial.  Thanks again Chris.
0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now