Solved

DNS Aging and Scavenging

Posted on 2014-04-24
9
263 Views
Last Modified: 2014-05-01
We have just upgraded the workstations for one of our clients.  All the attorneys at this site chose to go with Windows Surface Pros for their hardware.  They have docking stations in their offices, but of course the Surfaces also have wireless so that they can move into a conference room and still be on the network.

My concern is about IP addressing issues and conflicts, so I want to be sure that the DNS aging and scavenging settings are optimized for this type of environment.  I was thinking about reducing the aging/scavenging period (now set at 7 days) to something like 1 or 2 days, so that the IP addresses used by the wireless cards will not hang around for long periods of time without being used.  However, I'm a little concerned about how/whether this would negatively impact network traffic or cause some other unforeseen issue.

Any sage advice based on actual real-world experience would be appreciated!
0
Comment
Question by:Hypercat (Deb)
  • 4
  • 3
  • 2
9 Comments
 
LVL 2

Expert Comment

by:Puspharaj Selvaraj
ID: 40022059
As long as the router or firewall supports the DNS addressing, then there is no issue.

I would use VLAN's for this device and set DNS expiry for 5days week.

I worked on a large environment were 50~70 laptops and desktops connection and mobile and ipad connections, ideally expiry date will force the device to look up after every week.

Then there will be little network congestion on the firewall or router, but it should be fine.
0
 
LVL 38

Author Comment

by:Hypercat (Deb)
ID: 40022802
The issue I'm facing is that the wireless network for internal devices (which is secured of course) is on the same subnet as the wired network.  So, IOW, the devices will end up with two different IP addresses on the same subnet, so I'm trying to make sure we don't run into any issues with running out of addresses on that subnet.  Also it can create issues for the support team when they're trying to diagnose problems on one of these workstations.

If I use a 5-day aging period, then the DNS records still would remain on the server for 10 days before being scavenged, right? What I'm trying to do is reduce this time frame (now 14 days which is the default) to something closer to 2 or 3 days.
0
 
LVL 2

Expert Comment

by:Puspharaj Selvaraj
ID: 40022936
I used to split the subnet for those two.

One subnet for wireless and one for wired. Your device doesn't support such things?..

I believe your talking about internal DHCP services on the router or firewall.

Would you please explain your setup bit more.

Thanks!
0
 
LVL 38

Author Comment

by:Hypercat (Deb)
ID: 40023005
DHCP for the internal subnet is handled by one of the Windows 2008 servers on the domain.  There is a separate VLAN for a guest wireless network which is on a different subnet from the internal network. So it looks something like this:

Internal wired              |
                                      |--------Switch VLAN1-------Perimeter router VLAN1 (DHCP on server)
Internal wireless  APs |

Guest wireless APs|-------Switch VLAN100-----Perimeter router VLAN100 (DHCP on router)
0
Why do Marketing keep bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

 
LVL 39

Expert Comment

by:footech
ID: 40023108
Two articles that I reference over and over whenever thinking about scavenging are
http://blogs.technet.com/b/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx
http://blogs.technet.com/b/networking/archive/2009/02/09/optimizing-your-network-to-keep-your-dns-squeaky-clean.aspx

You'll need to adjust your no-refresh and refresh intervals along with the scavenging period.  Then you'll probably also want to reduce the DHCP lease period.
0
 
LVL 39

Expert Comment

by:footech
ID: 40023231
Also, are you more concerned with the DNS records or with available IP addresses?
0
 
LVL 38

Author Comment

by:Hypercat (Deb)
ID: 40023284
I guess in the end I'm more concerned about DNS.  I know I could enlarge the DHCP scope if I ran out of IP addresses, but if DNS gets flummoxed it could be a PITA.  And the issue is not how to configure DNS scavenging, I already have it configured.  The issue is that I've always left the aging and scavenging periods set to the defaults, but I'm pondering making the periods shorter and am concerned about the potential effect on network traffic and loads on the server side in general.  This is a small network - 2DCs, one of which is also the Exchange server and the other is also a file server and DHCP server. Maybe that means I needn't be concerned, but maybe it's the opposite...
0
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
ID: 40023398
I wouldn't be concerned with any traffic increase if you were to set the no-refresh, refresh, and scavenging period all to 2 days.  It would be pretty minimal.
0
 
LVL 38

Author Closing Comment

by:Hypercat (Deb)
ID: 40035483
Thanks - your answer confirms what I thought and made me feel more comfortable with making this change.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

If you migrate a Terminal Server licenses server inside the 2008 server family, you can takte advantage of the build-in migration tool. If you like to migrate an older 2003 Server (and the installed client CALs) to a 2008 R2 server for example, you …
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now