?
Solved

Window DNS & DHCP setting

Posted on 2013-11-29
5
Medium Priority
?
832 Views
Last Modified: 2013-12-04
Under DNS setting, should I click "Scavenge stale resource records" ?
What's the no-refresh interval and refresh interval ? What is their value if their DHCP is set to 9 hours ? Will that DHCP value be too much ?

Under DHCP setting, which value is recommended, "Dynamically update DNS A and PTR records only if requested by the DHCP clients", or "Always dynamically update DNS A and PTR records".

Tks
DHCP.png
DNS.png
0
Comment
Question by:AXISHK
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 22

Expert Comment

by:Radhakrishnan R
ID: 39685493
Hi,

Regarding DHCP>>the correct setting is tick "Enable DNS dynamic updates accordingly to the settings below" then "Dynamically update DNS A and PTR records only if requested by the DHCP clients.

Also, select "Discard A and PTR records when lease is deleted"

Regarding DNS - Yes, you need to select "Scavenge stale resource records" and the default No refresh interval and Refresh interval set as 7 days. The purpose of these 2 you can find there itself as description.
0
 

Author Comment

by:AXISHK
ID: 39685530
The DHCP lease is end, the DNS record will be removed automatically. So, what' s the purpose of "Scavenge stale resource records"  ?
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39685729
Scavenging is effective only on DYnamically updated AD integrated zones.
These terms are very confusing:
For simplicity I personally just remember below.
Refresh Interval:
If you set refresh interval for 1 day, DNS server will accept any attempts to refresh the record time stamp during 24 HRS
Non Refresh Interval:
If you set Non refresh interval for 1 Day, After the record time stamp is written, the DNS server does not accept refreshes for this record for the duration of the zone no-refresh interval. It can, however, accept updates before that time. For example, if the IP address changes, the DNS server can accept the update. In this case, the server also updates (resets) the record time stamp.

Scavenging start - Current server time + Refresh interval = Start scavenging time

Scavenging period - time frame between two "Scavenging Start"
The minimum allowed value for this period is 1 HRS

How to deside if record can be scavenged (Removed) at the time of scavenging start:
Each record is compared to current server time on the basis of the following sum to determine whether the record should be removed:
Record time stamp + No-refresh interval for zone + Refresh interval for zone
If the value of this sum is greater than current server time, no action is taken
If the value of this sum is less than current server time, the record is deleted from AD integrated zone.

Example:
on sunday 8.00 AM new record is created in DNS with 8.00 am as time stamp.
Now immediately record no-refresh interval starts by default (1 day non refresh interval)
during this perid dns will not accept any time stamp update unless IP change.
after one day (monday 8.00am) dns start accepting time stamp updates for 1 day (1 day refresh interval) this includes, time stamp refresh from computer
The record now get updated to monday (8.00am) by dns client service for say.
now my scavenging period is set to 1 day in dns scavenging properties.It means
record time stamp will compared against 2 days (time stamp + 1 No refresh + 1 refresh)
say on tuesday 8.00PM scavenging runs, in that case my record has monday 8.00am time stamp + 2 days = wednesday 8.00 AM which is greater than server current time stamp (tuesday 8.00pm), hence record will not get deleted.
Those dynamic records not complying to this maths will get deleted.

default scavenging period is 7 days recommended.

below is just suggestion.

you need to set refresh interval at least twice of DHCP lease period.

your have 9 HRS DHCP leases,
In the scavenging period on DNS server,
You can have 9 HRS non-refresh interval
You can have 27 HRS refresh interval
because your domain controllers also having dynamic records under AD integrated zones and most probably they will also updates within 24 HRS.Hence for safer side...
So your effective scavenging comparing period for record will be record time stamp + 27 HRS + 9 HRS at the time of scavenging.
In other words record time stamp should not be older than 36 HRS at the time of scavenging.

Ensure that your Domain controllers are updating their records on daily basis otherwise you will be come in big trouble one day.
may be you can increase refresh interval in that case.


Also you need to enable scavenging on DNS server and zone level both
Also enable only on one DNS server


"Always dynamically update DNS A and PTR records" - Which mean we are asking DHCP to register DNS records on behalf of client machines. If you run DHCP on DC, DHCP will not register records in DNS unless we set credentials (standard user credentials). You can create one user and use his credentials for DNS registration, you don't need to use Admin accounts.credential tab will befound under IPv4 properties\Advanced tab

instead of above option you can use another option "Dynamically update A and PTR records only if requested by DHCP client machines". If we select this option, client will register A records  and DHCP will register PTR records. We need to set credentials here as well for registering PTR records

Check below articles for more info
http://social.technet.microsoft.com/Forums/windowsserver/en-US/1515eca4-8716-4360-9d40-383145c528ff/dhcp-best-practices-and-dc?forum=winserverNIS
http://technet.microsoft.com/en-us/library/cc771677.aspx
http://241931348f64b1d1.wordpress.com/2010/11/08/how-to-configure-dns-scavenging-stale-record/

Mahesh
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 39685743
Your Comment
The DHCP lease is end, the DNS record will be removed automatically. So, what' s the purpose of "Scavenge stale resource records"  ?

please check below article for Answer

http://social.technet.microsoft.com/Forums/windowsserver/en-US/8d4b5f8e-3290-4a9b-8f9d-68fafdd895a2/dhcp-service-not-siscarding-a-and-ptr-records-in-dns-when-lease-is-deleted

Mahesh
0
 

Author Closing Comment

by:AXISHK
ID: 39694880
Tks
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question