Solved

DNS Aging and Scavenging

Posted on 2014-04-24
9
270 Views
Last Modified: 2014-05-01
We have just upgraded the workstations for one of our clients.  All the attorneys at this site chose to go with Windows Surface Pros for their hardware.  They have docking stations in their offices, but of course the Surfaces also have wireless so that they can move into a conference room and still be on the network.

My concern is about IP addressing issues and conflicts, so I want to be sure that the DNS aging and scavenging settings are optimized for this type of environment.  I was thinking about reducing the aging/scavenging period (now set at 7 days) to something like 1 or 2 days, so that the IP addresses used by the wireless cards will not hang around for long periods of time without being used.  However, I'm a little concerned about how/whether this would negatively impact network traffic or cause some other unforeseen issue.

Any sage advice based on actual real-world experience would be appreciated!
0
Comment
Question by:Hypercat (Deb)
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 2

Expert Comment

by:Puspharaj Selvaraj
ID: 40022059
As long as the router or firewall supports the DNS addressing, then there is no issue.

I would use VLAN's for this device and set DNS expiry for 5days week.

I worked on a large environment were 50~70 laptops and desktops connection and mobile and ipad connections, ideally expiry date will force the device to look up after every week.

Then there will be little network congestion on the firewall or router, but it should be fine.
0
 
LVL 38

Author Comment

by:Hypercat (Deb)
ID: 40022802
The issue I'm facing is that the wireless network for internal devices (which is secured of course) is on the same subnet as the wired network.  So, IOW, the devices will end up with two different IP addresses on the same subnet, so I'm trying to make sure we don't run into any issues with running out of addresses on that subnet.  Also it can create issues for the support team when they're trying to diagnose problems on one of these workstations.

If I use a 5-day aging period, then the DNS records still would remain on the server for 10 days before being scavenged, right? What I'm trying to do is reduce this time frame (now 14 days which is the default) to something closer to 2 or 3 days.
0
 
LVL 2

Expert Comment

by:Puspharaj Selvaraj
ID: 40022936
I used to split the subnet for those two.

One subnet for wireless and one for wired. Your device doesn't support such things?..

I believe your talking about internal DHCP services on the router or firewall.

Would you please explain your setup bit more.

Thanks!
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 38

Author Comment

by:Hypercat (Deb)
ID: 40023005
DHCP for the internal subnet is handled by one of the Windows 2008 servers on the domain.  There is a separate VLAN for a guest wireless network which is on a different subnet from the internal network. So it looks something like this:

Internal wired              |
                                      |--------Switch VLAN1-------Perimeter router VLAN1 (DHCP on server)
Internal wireless  APs |

Guest wireless APs|-------Switch VLAN100-----Perimeter router VLAN100 (DHCP on router)
0
 
LVL 40

Expert Comment

by:footech
ID: 40023108
Two articles that I reference over and over whenever thinking about scavenging are
http://blogs.technet.com/b/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx
http://blogs.technet.com/b/networking/archive/2009/02/09/optimizing-your-network-to-keep-your-dns-squeaky-clean.aspx

You'll need to adjust your no-refresh and refresh intervals along with the scavenging period.  Then you'll probably also want to reduce the DHCP lease period.
0
 
LVL 40

Expert Comment

by:footech
ID: 40023231
Also, are you more concerned with the DNS records or with available IP addresses?
0
 
LVL 38

Author Comment

by:Hypercat (Deb)
ID: 40023284
I guess in the end I'm more concerned about DNS.  I know I could enlarge the DHCP scope if I ran out of IP addresses, but if DNS gets flummoxed it could be a PITA.  And the issue is not how to configure DNS scavenging, I already have it configured.  The issue is that I've always left the aging and scavenging periods set to the defaults, but I'm pondering making the periods shorter and am concerned about the potential effect on network traffic and loads on the server side in general.  This is a small network - 2DCs, one of which is also the Exchange server and the other is also a file server and DHCP server. Maybe that means I needn't be concerned, but maybe it's the opposite...
0
 
LVL 40

Accepted Solution

by:
footech earned 500 total points
ID: 40023398
I wouldn't be concerned with any traffic increase if you were to set the no-refresh, refresh, and scavenging period all to 2 days.  It would be pretty minimal.
0
 
LVL 38

Author Closing Comment

by:Hypercat (Deb)
ID: 40035483
Thanks - your answer confirms what I thought and made me feel more comfortable with making this change.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To effectively work with Diskpart on a Server Core, it is necessary to write some small batch script's, because you can't execute diskpart in a remote powershell session. To get startet, place the Diskpart batch script's into a share on your loca…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question