Link to home
Start Free TrialLog in
Avatar of CHI-LTD
CHI-LTDFlag for United Kingdom of Great Britain and Northern Ireland

asked on

DHCP Lease and DNS Scavenge

I am stuck.

I have issues with my remote users that connect in over VPN and get an IP address from the firewall.  So i am confident that the changes i have made to my DHCP lease (4 days) and DNS servers scavenge (7 days for both) locally have nothing to do with the problems i have with regard to routing over the site-to-site VPNs on different networks.

So i would like to change the DNS and DHCP settings back to defaults or a recommended setting.  Suggestions?

Then i will tackle the routing issue again... :(

Thanks
Avatar of Craig Beck
Craig Beck
Flag of United Kingdom of Great Britain and Northern Ireland image

DHCP lease time depends on a few things, but generally the standard lease time is 8 days (depending on the DHCP server OS).

DNS scavenging defaults to 1 day in Windows IIRC.
Avatar of CHI-LTD

ASKER

would you use the defaults?
ASKER CERTIFIED SOLUTION
Avatar of Craig Beck
Craig Beck
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of CHI-LTD

ASKER

should the scavenge settings be less or more than dhcp?
Your scavenge settings should be less than your DHCP lease time, otherwise, your systems could change IPs and be unable to update DNS. If your lease is 4 days, I would set both scavenge setting to 3 days.

-JJ
Avatar of CHI-LTD

ASKER

okay, DHCP = 7days.
scavenge set to 4 days.#

will see what happens.
Avatar of CHI-LTD

ASKER

SHould scavenging be setup on all zones in forward and reverse?
I would setup scavenging on all zones.

-JJ
Avatar of CHI-LTD

ASKER

even the .com zone i had to create manually post setup of SSL certs?
It is really up to you whether or not you want to enable scavenging on a zone. Only records that have been dynamically created will be scavenged. If your .com zone contains all manually created records, don't bother.

-JJ
No need for points for this, but you may want to take a look at this article.  It gives some recommendations on setting your scavenge periods along with DCHP lease duration.
http://blogs.technet.com/b/askpfe/archive/2011/06/03/how-dns-scavenging-and-the-dhcp-lease-duration-relate.aspx
If you want the records to be deleted when a lease runs out, then you have to configure your DHCP options appropriately so that the DHCP server registers all the records.
Avatar of CHI-LTD

ASKER

thanks.

you can see from attached the problem i have.

scavenging is set to 4 days (for .local zone)
the 2x zones 10.255.255 and 10.255.254 are set to 4days.

dhcp lease for the local ranges 172.*.*.* are 7 days.

i think the two 10.25* ranges were added manually to DNS...
.local-zone-DNS.jpg
10.255.255...JPG
I see no problem with the info in the screenshots.
Perhaps you'd be better served by opening a question specifically to deal with any problem you're seeing.  You may want to be a little more precise when you say "scavenging is set to 4 days" - do you mean the no-refresh and refresh intervals? Separately? Combined? Or the scavenging period (the interval at which the server actually tries to scavenge stale records)?
Avatar of CHI-LTD

ASKER

where is the no-refresh and refresh?

i have noticed on the servers that:
server - properties - advanced = 7 day scavenge,.   Its the zones that are 4 hours or 4 days.

windows logs showing last scavenge:
14-5-14
30-4-14
23-4-14
Avatar of CHI-LTD

ASKER

you can see from the screenshots clients with a 10 and a 172 ip.

also i have just disconnected form lan 172 and connected to vpn 10.255.255 and client still showing in DNS with 172, thus unable to talk to client over vpn by name, only IP
Avatar of CHI-LTD

ASKER

found no-refresh and refresh.  all servers are the same i.e. 7 days.  only the zones are lower, but i don't think the zones are scavenging..
Avatar of CHI-LTD

ASKER

the client has now updated in dns and pingable, but still has its old DNS/IP still in DNS 255.255.10 zone... 10.255.255.6 (old) 10.255.255.5 (new).  Its also updated this in .local zone.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of CHI-LTD

ASKER

i agree, my issue now seems slightly different.  new question here:
https://www.experts-exchange.com/questions/28436673/DNS-Records-and-VPN-Clients.html

i suppose the main problem is the duplicate records in DNS, and how best to remove them (automatically) as scavenge seems not to remove old records in this reverse zone...

i have dynamic update enabled on DNS.
Avatar of CHI-LTD

ASKER

if i were to delete the reverse lookup zones for the two sites remote connections (10.255 and 254) will that stop machines from registering in the forward .zone?
There's nothing more that needs to be checked on that screen.  If records aren't being removed from a specific zone, then check the aging settings for that zone and make sure the box is checked for "Scavenge stale resource records".

No, the reverse zones are not necessary for any function of the forward zones.
Avatar of CHI-LTD

ASKER

so changed DHCP to dynamic.
changed scavenge to run on all servers every day, the LAN zones daily, the remote/VPN zone hourly.

Seems better.