Solved

How to check out our DNS replication and clear the cache and stale records if they exist?

Posted on 2009-04-08
9
1,640 Views
Last Modified: 2012-05-06
We were told to look into our DNS replication and remove any stale records.
We are a small-medium sized business with 3 branch locations.
Please ask whatever questions you have and I will get back to you promptly.
There is 1 domain controller in 2 of the branches and 2 more domain controllers in the main branch (where I work).
Thanks in advance.
0
Comment
Question by:homerslmpson
  • 5
  • 4
9 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24136068

Active Directory?
Do you use DHCP? If so, how long is the Lease?
Does DHCP update DNS for you (this is the default setting, so if you haven't changed anything it will)?
If DHCP updates DNS, do you have more than one DHCP server?
Have you configured Aging / Scavenging at all?

Chris
0
 
LVL 1

Author Comment

by:homerslmpson
ID: 24136835
Active Directory? YES
Do you use DHCP? If so, how long is the Lease? YES, the lease is 8 days
Does DHCP update DNS for you (this is the default setting, so if you haven't changed anything it will)? All 4 DHCP servers are set to the following option:
"Dynamically update DNS A and PTR records only if requested by DHCP clients"
If DHCP updates DNS, do you have more than one DHCP server? There are 4 DHCP servers total (2 in the main branch and 1 in each of the 2 branch locations)
Have you configured Aging / Scavenging at all? I just checked all 4 servers and none of them seem to have that option enabled

Thanks in advance for your help.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24137184

Do your clients move between sites at all? If they do, we should configure DHCP to use specific credentials when updating DNS, otherwise each DHCP server won't be able to change records created by other DHCP servers.

Aging and Scavenging is our cleanup process, it'll take a while to configure, but you have nothing really unusual. I would enable 3 Days No-Refresh and 5 Days Refresh on each zone where records are being added (and tick the box at the top that enables the zone for Scavenging). That makes a total of 8 days before a record can become Stale (and be Scavenged), matches up nicely with the DHCP Lease Time.

Once the settings are in you need one of your DNS servers to run the Scavenging process, this is set in the DNS console, Properties for the server under the Advanced Tab. I recommend setting the Scavenging Interval to 1 day (so it runs the task once a day).

It's not quite as straight-forward as that, even then it won't clean out anything immediately. This article from the MS guys does a good job of explaining the settings and how they work together:

http://blogs.technet.com/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx

It's well worth reading. If it raises any questions about the process then I'll happily expand on it.

Chris
0
 
LVL 1

Author Comment

by:homerslmpson
ID: 24138393
OK I followed all of the steps you mentioned above.

I also right-clicked on each server and selected SCAVENGE STALE RESOURCE RECORDS on each server as well.

I don't know if that was beneficial or harmful.

Any final thoughts?

Thanks for your help, I really appreciate it.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 70

Expert Comment

by:Chris Dent
ID: 24138455

You only want to make these changes on one server.

Changes made to each zones Aging will automatically replicate to all other DNS servers.
Only one server should be running the Scavenging task (Server Properties / Advanced / Enable Automatic Scavenging of Stale Records)

Enabling it on a single server prevents confusion, changes made by that server are replicated to the others.

Chris
0
 
LVL 1

Author Comment

by:homerslmpson
ID: 24138625
OK. I have made only 1 server responsible for the scavenging task.
I also unchecked the aging box on the other 3 servers as well.

Was it OK that I did this:
"I also right-clicked on each server and selected SCAVENGE STALE RESOURCE RECORDS on each server as well."

When setting up the aging on the one server I also checked the box that says:
APPLY THESE SETTINGS TO THE EXISTING ACTIVE DIRECTORY-INTEGRATED ZONES.

Was this OK?

Thanks again!
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 24138774

You have a few options that are getting confused here:

1. Set Aging\Scavenging for all zones

You find this option by right clicking on the server in the DNS console. You can use this option to configure Aging for all zones on a server.

Aging can be deselected on individual zones after this has been used if required.

2. Zone Properties / Aging

Found by opening the Properties for an individual zone, then clicking the Aging button. If you have a mixture of zones and you only want to use Aging / Scavenging on a small number of them.

If you set these via 1 it will overwrite the settings here.

Clearing the setting from here on any DNS server will cause the change to replicate to all DNS server hosting the zone. That means if you cleared the setting on one of the three DCs it will replicate to the other two. Make sure yours is still set.

Check yours are still enabled because unticking it on the other two should replicate to the third DC.

3. Enable Scavenging / Scavenging Interval

Found in the Server Properties under the Advanced Tab. This sets up a server to perform the cleaning task, without this one the other settings are just aesthetic (look pretty).

This one should be set on a single server, only one needs to be running this task.

Chris
0
 
LVL 1

Author Comment

by:homerslmpson
ID: 24139007
OK so:

1. Set Aging\Scavenging for all zones I DID ON ALL SERVERS

I skipped 2.

3. Enable Scavenging / Scavenging Interval I DID ON ONLY 1 SERVER

Is this correct?


0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24139199

Great, that's absolutely fine :-D

Chris
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

This article is intended as an extension of a blog on Aging and Scavenging by the MS Enterprise Networking Team. In brief, Scavenging is used as follows: Each record in a zone which has been dynamically registered with an MS DNS Server will have…
One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now