How do I clear old DNS records automatic?

Hi

I have SBS running DNS & DHCP.

I have set the DHCP to update DNS records. I have set DNS to do aging & scavenging & set it to 8 hours. This has been running for a few weeks now & I can still see records from last year of PCs that no longer exist.

My DNS zone still has may records that point back to the same IP for up 4 different PCs.

I just wondering how I can get the DNS so it is working correctly & not have 4 PCs with the same IP.

Any have any idea on what I am missing or how I should set this up?
LVL 7
hutnorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btdownloads7Commented:
It sounds like you did everything needed on the server, but you should look through this tutorial if you may have missed something:
http://support.microsoft.com/default.aspx?scid=kb;en-us;816592

The problem usually occurs when "Secure Dynamic Updates" aren't enabled in DNS, and there is a Group Policy setting on each machine that can counteract that. If you can force a GRO to the client machines, the setting is at Computer Configuration --> Administrative Templates --> Network --> DNS Client.
0
hutnorAuthor Commented:
I have secure enabled.

One of my records has a time stamp from 2006. how could it still be alive? The PC is no longer here.
0
btdownloads7Commented:
scavenging should have taken care of that, and the only thing I can think of is that it's either not runnig or erroring out. You should check the logs to see if any errors pop out at you. Also did you enable scavenging for the whole server, or just a specific zone? I know this is probably an insulting question, but could you please go to the DNS snap in, right-click on your server, click on "Set Aging/Scavenging for All Zones", and tell me exactly what it says ther? Als, there may be a problem if you set both times in that window to 8 hours since the DHCP leases are by default 24 hours. I think the default times are 7 days each, and you should change it back to that just to see if it solves the problem.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Hey MSSPs! What's your total cost of ownership?

WEBINAR: Managed security service providers often deploy & manage products from a variety of solution vendors. But is this really the best approach when it comes to saving time AND money? Join us on Aug. 15th to learn how you can improve your total cost of ownership today!

hutnorAuthor Commented:
It was on 7 days. I changed it to 8 to speed things up so I could see if it is cleaned up tomorrow instead of waiting a week. I have change it all to 2 days now.

The option Set Aging/Scavenging for All Zones was not set. I have set it now. Before I had it set to just one zone & the server.
I will see if this makes any difference.

There is no errors in DNS event viewer.
I have changed my DHCP lease times from default to 8 hours. There are no leases that will be open longer then this.

I ran a scavenge stale RR 10mins ago before I set all above settings. It did not remove any of these RR. I will run it again in 20mins. It also ran without any error & generated log saying completed without errors.
0
btdownloads7Commented:
Well, the fact that the option "Set Aging/Scavenging for All Zones" was not set might have been the problem. I would still increase the refresh time to at least 2 days.
0
hutnorAuthor Commented:
it is all set to 2 days.

all my reverse lookup zones are fine. their records are all up to date

I will see how it has gone on monday. that will give it time to get passed the scavenging timer.

Is there somewhere to set a time when the server will run a scavenging scan?
0
btdownloads7Commented:
I don't think so
0
hutnorAuthor Commented:
I went over all the DNS logs & can not find any logs of a scavenging been done.

I only found one log of a scavenge & that was one I did manual 15mins ago.
0
btdownloads7Commented:
In that case, there is one more place where you probably are missing a checkmark. In the DNS snap-in, right-clik on the server, Click "properties", go to the "advanced" tab, and on the bottom, make sure that "enable automatic scavenging" is checked.
0
rvivek_2002Commented:
1. Have you restarted the DNs service after you set the aging and scavenging (otherwise it wont work)
2. Select "Delete this record when it becomes stale" (requires restarting of DNS server service
0
hutnorAuthor Commented:
Click "properties", go to the "advanced" tab, and on the bottom, make sure that "enable automatic scavenging"
Ya I got that one. It is also set to 2 days.

Service has not been restarted with these configurations. I will restart it now.

It was restart last weekend & may times before that so all my scavenging setting should have been running.

All records that i want it to remove have the delete when stale ticked.
0
hutnorAuthor Commented:
I will leave it as is for now & look over it on monday. Will let you know if anything happened.
0
btdownloads7Commented:
Well, actually, before tonight, you didn't have the server-wide scavenging set up, so you'll see if setting that makes it work in a couple of days.
0
ctk003Commented:
I'm going with the simple answer here. Have you cleared the DNS cache on your DNS server? A scheduled task to execute a liittle batch file "ipconfig -flushdns" may be all you need.
0
hutnorAuthor Commented:
btdownloads
Yeh that is why I said I give it to Monday to see what happens.

ctk003
I am talking about the RR on the DNS server not the server has a DNS issue & can not find a host like microsoft.com or goes to the wrong location.
I flushed the cache anyway - no affect & it only had a few addresses in there & none of them are the RR that I want to get delete.
0
ctk003Commented:
In all fairness, I've been working for the last 46 hours straight, and now I'm a little drunk, so I didn't really read your question before answering it. Sorry. Looks like you're in good hands, though. I wish you the best of luck.
0
hutnorAuthor Commented:
Thats alright. I did not mind trying your suggestion. You never know what will work.
0
hutnorAuthor Commented:
RR are still there.
0
ctk003Commented:
Sorry to see that you haven't gotten a soltuion yet. This site is usually top-notch for finding a cure. I hope I didn't turn your question into some kind of joke because of my earlier respionse. I will offer this, and then hope that the commumity continues to provide feedback;

If you're hosting your own zone, as it appears you are, your records to your clients should update almost immediately when you make a change. Since that doesn't seem to be happening, though, you've got one of two problems.

Either your DHCP servers are pushing out the incorrect Name Server information to your clients, or you haven't set your DNS server to be the SOA of you domain.

Again, I apologize if my off-the-wall comments have deterred assistance for you, and truly do hope find a resolution quickly.
0
hutnorAuthor Commented:
>Either your DHCP servers are pushing out the incorrect Name Server information to your clients, or you haven't set your DNS server to be the SOA of you domain.

DHCP is working fine.

>If you're hosting your own zone, as it appears you are, your records to your clients should update almost immediately when you make a change. Since that doesn't seem to be happening, though, you've got one of two problems.

Current clients are updating there IP when it changes no problem. I can ping to all current desktop or laptops by names. However we might have found the problem now. The old records like desktops & laptops that are no longer here are still in the DNS server. I have noticed that the computer account for some of these are still in AD. Would the DNS RR be kept if the computer has not been remove/deleted from the domain???

Most computers when we remove them from the network are jsut shutdown & formated. They never get removed from the domain before the format so computer account stay in our AD.
I did remove one computer from AD last week & it has no RR sitting in AD.

I have delete one of the PCs that is no longer around & will see if its RR will disapear over the next few days.
0
hutnorAuthor Commented:
RR are still there even from PC i have delete out of AD.
0
hutnorAuthor Commented:
They are gone now. Do not know what worked one of these suggestions worked. I think it was this one.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.