AXISHK
asked on
Window DNS & DHCP setting
Under DNS setting, should I click "Scavenge stale resource records" ?
What's the no-refresh interval and refresh interval ? What is their value if their DHCP is set to 9 hours ? Will that DHCP value be too much ?
Under DHCP setting, which value is recommended, "Dynamically update DNS A and PTR records only if requested by the DHCP clients", or "Always dynamically update DNS A and PTR records".
Tks
DHCP.png
DNS.png
What's the no-refresh interval and refresh interval ? What is their value if their DHCP is set to 9 hours ? Will that DHCP value be too much ?
Under DHCP setting, which value is recommended, "Dynamically update DNS A and PTR records only if requested by the DHCP clients", or "Always dynamically update DNS A and PTR records".
Tks
DHCP.png
DNS.png
ASKER
The DHCP lease is end, the DNS record will be removed automatically. So, what' s the purpose of "Scavenge stale resource records" ?
Scavenging is effective only on DYnamically updated AD integrated zones.
These terms are very confusing:
For simplicity I personally just remember below.
Refresh Interval:
If you set refresh interval for 1 day, DNS server will accept any attempts to refresh the record time stamp during 24 HRS
Non Refresh Interval:
If you set Non refresh interval for 1 Day, After the record time stamp is written, the DNS server does not accept refreshes for this record for the duration of the zone no-refresh interval. It can, however, accept updates before that time. For example, if the IP address changes, the DNS server can accept the update. In this case, the server also updates (resets) the record time stamp.
Scavenging start - Current server time + Refresh interval = Start scavenging time
Scavenging period - time frame between two "Scavenging Start"
The minimum allowed value for this period is 1 HRS
How to deside if record can be scavenged (Removed) at the time of scavenging start:
Each record is compared to current server time on the basis of the following sum to determine whether the record should be removed:
Record time stamp + No-refresh interval for zone + Refresh interval for zone
If the value of this sum is greater than current server time, no action is taken
If the value of this sum is less than current server time, the record is deleted from AD integrated zone.
Example:
on sunday 8.00 AM new record is created in DNS with 8.00 am as time stamp.
Now immediately record no-refresh interval starts by default (1 day non refresh interval)
during this perid dns will not accept any time stamp update unless IP change.
after one day (monday 8.00am) dns start accepting time stamp updates for 1 day (1 day refresh interval) this includes, time stamp refresh from computer
The record now get updated to monday (8.00am) by dns client service for say.
now my scavenging period is set to 1 day in dns scavenging properties.It means
record time stamp will compared against 2 days (time stamp + 1 No refresh + 1 refresh)
say on tuesday 8.00PM scavenging runs, in that case my record has monday 8.00am time stamp + 2 days = wednesday 8.00 AM which is greater than server current time stamp (tuesday 8.00pm), hence record will not get deleted.
Those dynamic records not complying to this maths will get deleted.
default scavenging period is 7 days recommended.
below is just suggestion.
you need to set refresh interval at least twice of DHCP lease period.
your have 9 HRS DHCP leases,
In the scavenging period on DNS server,
You can have 9 HRS non-refresh interval
You can have 27 HRS refresh interval
because your domain controllers also having dynamic records under AD integrated zones and most probably they will also updates within 24 HRS.Hence for safer side...
So your effective scavenging comparing period for record will be record time stamp + 27 HRS + 9 HRS at the time of scavenging.
In other words record time stamp should not be older than 36 HRS at the time of scavenging.
Ensure that your Domain controllers are updating their records on daily basis otherwise you will be come in big trouble one day.
may be you can increase refresh interval in that case.
Also you need to enable scavenging on DNS server and zone level both
Also enable only on one DNS server
"Always dynamically update DNS A and PTR records" - Which mean we are asking DHCP to register DNS records on behalf of client machines. If you run DHCP on DC, DHCP will not register records in DNS unless we set credentials (standard user credentials). You can create one user and use his credentials for DNS registration, you don't need to use Admin accounts.credential tab will befound under IPv4 properties\Advanced tab
instead of above option you can use another option "Dynamically update A and PTR records only if requested by DHCP client machines". If we select this option, client will register A records and DHCP will register PTR records. We need to set credentials here as well for registering PTR records
Check below articles for more info
http://social.technet.microsoft.com/Forums/windowsserver/en-US/1515eca4-8716-4360-9d40-383145c528ff/dhcp-best-practices-and-dc?forum=winserverNIS
http://technet.microsoft.com/en-us/library/cc771677.aspx
http://241931348f64b1d1.wordpress.com/2010/11/08/how-to-configure-dns-scavenging-stale-record/
Mahesh
These terms are very confusing:
For simplicity I personally just remember below.
Refresh Interval:
If you set refresh interval for 1 day, DNS server will accept any attempts to refresh the record time stamp during 24 HRS
Non Refresh Interval:
If you set Non refresh interval for 1 Day, After the record time stamp is written, the DNS server does not accept refreshes for this record for the duration of the zone no-refresh interval. It can, however, accept updates before that time. For example, if the IP address changes, the DNS server can accept the update. In this case, the server also updates (resets) the record time stamp.
Scavenging start - Current server time + Refresh interval = Start scavenging time
Scavenging period - time frame between two "Scavenging Start"
The minimum allowed value for this period is 1 HRS
How to deside if record can be scavenged (Removed) at the time of scavenging start:
Each record is compared to current server time on the basis of the following sum to determine whether the record should be removed:
Record time stamp + No-refresh interval for zone + Refresh interval for zone
If the value of this sum is greater than current server time, no action is taken
If the value of this sum is less than current server time, the record is deleted from AD integrated zone.
Example:
on sunday 8.00 AM new record is created in DNS with 8.00 am as time stamp.
Now immediately record no-refresh interval starts by default (1 day non refresh interval)
during this perid dns will not accept any time stamp update unless IP change.
after one day (monday 8.00am) dns start accepting time stamp updates for 1 day (1 day refresh interval) this includes, time stamp refresh from computer
The record now get updated to monday (8.00am) by dns client service for say.
now my scavenging period is set to 1 day in dns scavenging properties.It means
record time stamp will compared against 2 days (time stamp + 1 No refresh + 1 refresh)
say on tuesday 8.00PM scavenging runs, in that case my record has monday 8.00am time stamp + 2 days = wednesday 8.00 AM which is greater than server current time stamp (tuesday 8.00pm), hence record will not get deleted.
Those dynamic records not complying to this maths will get deleted.
default scavenging period is 7 days recommended.
below is just suggestion.
you need to set refresh interval at least twice of DHCP lease period.
your have 9 HRS DHCP leases,
In the scavenging period on DNS server,
You can have 9 HRS non-refresh interval
You can have 27 HRS refresh interval
because your domain controllers also having dynamic records under AD integrated zones and most probably they will also updates within 24 HRS.Hence for safer side...
So your effective scavenging comparing period for record will be record time stamp + 27 HRS + 9 HRS at the time of scavenging.
In other words record time stamp should not be older than 36 HRS at the time of scavenging.
Ensure that your Domain controllers are updating their records on daily basis otherwise you will be come in big trouble one day.
may be you can increase refresh interval in that case.
Also you need to enable scavenging on DNS server and zone level both
Also enable only on one DNS server
"Always dynamically update DNS A and PTR records" - Which mean we are asking DHCP to register DNS records on behalf of client machines. If you run DHCP on DC, DHCP will not register records in DNS unless we set credentials (standard user credentials). You can create one user and use his credentials for DNS registration, you don't need to use Admin accounts.credential tab will befound under IPv4 properties\Advanced tab
instead of above option you can use another option "Dynamically update A and PTR records only if requested by DHCP client machines". If we select this option, client will register A records and DHCP will register PTR records. We need to set credentials here as well for registering PTR records
Check below articles for more info
http://social.technet.microsoft.com/Forums/windowsserver/en-US/1515eca4-8716-4360-9d40-383145c528ff/dhcp-best-practices-and-dc?forum=winserverNIS
http://technet.microsoft.com/en-us/library/cc771677.aspx
http://241931348f64b1d1.wordpress.com/2010/11/08/how-to-configure-dns-scavenging-stale-record/
Mahesh
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Tks
Regarding DHCP>>the correct setting is tick "Enable DNS dynamic updates accordingly to the settings below" then "Dynamically update DNS A and PTR records only if requested by the DHCP clients.
Also, select "Discard A and PTR records when lease is deleted"
Regarding DNS - Yes, you need to select "Scavenge stale resource records" and the default No refresh interval and Refresh interval set as 7 days. The purpose of these 2 you can find there itself as description.