Solved

Window DNS & DHCP setting

Posted on 2013-11-29
5
778 Views
Last Modified: 2013-12-04
Under DNS setting, should I click "Scavenge stale resource records" ?
What's the no-refresh interval and refresh interval ? What is their value if their DHCP is set to 9 hours ? Will that DHCP value be too much ?

Under DHCP setting, which value is recommended, "Dynamically update DNS A and PTR records only if requested by the DHCP clients", or "Always dynamically update DNS A and PTR records".

Tks
DHCP.png
DNS.png
0
Comment
Question by:AXISHK
  • 2
  • 2
5 Comments
 
LVL 21

Expert Comment

by:RK
ID: 39685493
Hi,

Regarding DHCP>>the correct setting is tick "Enable DNS dynamic updates accordingly to the settings below" then "Dynamically update DNS A and PTR records only if requested by the DHCP clients.

Also, select "Discard A and PTR records when lease is deleted"

Regarding DNS - Yes, you need to select "Scavenge stale resource records" and the default No refresh interval and Refresh interval set as 7 days. The purpose of these 2 you can find there itself as description.
0
 

Author Comment

by:AXISHK
ID: 39685530
The DHCP lease is end, the DNS record will be removed automatically. So, what' s the purpose of "Scavenge stale resource records"  ?
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39685729
Scavenging is effective only on DYnamically updated AD integrated zones.
These terms are very confusing:
For simplicity I personally just remember below.
Refresh Interval:
If you set refresh interval for 1 day, DNS server will accept any attempts to refresh the record time stamp during 24 HRS
Non Refresh Interval:
If you set Non refresh interval for 1 Day, After the record time stamp is written, the DNS server does not accept refreshes for this record for the duration of the zone no-refresh interval. It can, however, accept updates before that time. For example, if the IP address changes, the DNS server can accept the update. In this case, the server also updates (resets) the record time stamp.

Scavenging start - Current server time + Refresh interval = Start scavenging time

Scavenging period - time frame between two "Scavenging Start"
The minimum allowed value for this period is 1 HRS

How to deside if record can be scavenged (Removed) at the time of scavenging start:
Each record is compared to current server time on the basis of the following sum to determine whether the record should be removed:
Record time stamp + No-refresh interval for zone + Refresh interval for zone
If the value of this sum is greater than current server time, no action is taken
If the value of this sum is less than current server time, the record is deleted from AD integrated zone.

Example:
on sunday 8.00 AM new record is created in DNS with 8.00 am as time stamp.
Now immediately record no-refresh interval starts by default (1 day non refresh interval)
during this perid dns will not accept any time stamp update unless IP change.
after one day (monday 8.00am) dns start accepting time stamp updates for 1 day (1 day refresh interval) this includes, time stamp refresh from computer
The record now get updated to monday (8.00am) by dns client service for say.
now my scavenging period is set to 1 day in dns scavenging properties.It means
record time stamp will compared against 2 days (time stamp + 1 No refresh + 1 refresh)
say on tuesday 8.00PM scavenging runs, in that case my record has monday 8.00am time stamp + 2 days = wednesday 8.00 AM which is greater than server current time stamp (tuesday 8.00pm), hence record will not get deleted.
Those dynamic records not complying to this maths will get deleted.

default scavenging period is 7 days recommended.

below is just suggestion.

you need to set refresh interval at least twice of DHCP lease period.

your have 9 HRS DHCP leases,
In the scavenging period on DNS server,
You can have 9 HRS non-refresh interval
You can have 27 HRS refresh interval
because your domain controllers also having dynamic records under AD integrated zones and most probably they will also updates within 24 HRS.Hence for safer side...
So your effective scavenging comparing period for record will be record time stamp + 27 HRS + 9 HRS at the time of scavenging.
In other words record time stamp should not be older than 36 HRS at the time of scavenging.

Ensure that your Domain controllers are updating their records on daily basis otherwise you will be come in big trouble one day.
may be you can increase refresh interval in that case.


Also you need to enable scavenging on DNS server and zone level both
Also enable only on one DNS server


"Always dynamically update DNS A and PTR records" - Which mean we are asking DHCP to register DNS records on behalf of client machines. If you run DHCP on DC, DHCP will not register records in DNS unless we set credentials (standard user credentials). You can create one user and use his credentials for DNS registration, you don't need to use Admin accounts.credential tab will befound under IPv4 properties\Advanced tab

instead of above option you can use another option "Dynamically update A and PTR records only if requested by DHCP client machines". If we select this option, client will register A records  and DHCP will register PTR records. We need to set credentials here as well for registering PTR records

Check below articles for more info
http://social.technet.microsoft.com/Forums/windowsserver/en-US/1515eca4-8716-4360-9d40-383145c528ff/dhcp-best-practices-and-dc?forum=winserverNIS
http://technet.microsoft.com/en-us/library/cc771677.aspx
http://241931348f64b1d1.wordpress.com/2010/11/08/how-to-configure-dns-scavenging-stale-record/

Mahesh
0
 
LVL 36

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39685743
Your Comment
The DHCP lease is end, the DNS record will be removed automatically. So, what' s the purpose of "Scavenge stale resource records"  ?

please check below article for Answer

http://social.technet.microsoft.com/Forums/windowsserver/en-US/8d4b5f8e-3290-4a9b-8f9d-68fafdd895a2/dhcp-service-not-siscarding-a-and-ptr-records-in-dns-when-lease-is-deleted

Mahesh
0
 

Author Closing Comment

by:AXISHK
ID: 39694880
Tks
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question