We help IT Professionals succeed at work.

DHCP Lease and DNS Scavenge

CHI-LTD
CHI-LTD asked
on
943 Views
Last Modified: 2014-05-29
I am stuck.

I have issues with my remote users that connect in over VPN and get an IP address from the firewall.  So i am confident that the changes i have made to my DHCP lease (4 days) and DNS servers scavenge (7 days for both) locally have nothing to do with the problems i have with regard to routing over the site-to-site VPNs on different networks.

So i would like to change the DNS and DHCP settings back to defaults or a recommended setting.  Suggestions?

Then i will tackle the routing issue again... :(

Thanks
Comment
Watch Question

some oneNetwork Architect
CERTIFIED EXPERT
Top Expert 2014

Commented:
DHCP lease time depends on a few things, but generally the standard lease time is 8 days (depending on the DHCP server OS).

DNS scavenging defaults to 1 day in Windows IIRC.

Author

Commented:
would you use the defaults?
Network Architect
CERTIFIED EXPERT
Top Expert 2014
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
should the scavenge settings be less or more than dhcp?
Jamie McKillopIT Director
CERTIFIED EXPERT

Commented:
Your scavenge settings should be less than your DHCP lease time, otherwise, your systems could change IPs and be unable to update DNS. If your lease is 4 days, I would set both scavenge setting to 3 days.

-JJ

Author

Commented:
okay, DHCP = 7days.
scavenge set to 4 days.#

will see what happens.

Author

Commented:
SHould scavenging be setup on all zones in forward and reverse?
Jamie McKillopIT Director
CERTIFIED EXPERT

Commented:
I would setup scavenging on all zones.

-JJ

Author

Commented:
even the .com zone i had to create manually post setup of SSL certs?
Jamie McKillopIT Director
CERTIFIED EXPERT

Commented:
It is really up to you whether or not you want to enable scavenging on a zone. Only records that have been dynamically created will be scavenged. If your .com zone contains all manually created records, don't bother.

-JJ
CERTIFIED EXPERT
Top Expert 2014

Commented:
No need for points for this, but you may want to take a look at this article.  It gives some recommendations on setting your scavenge periods along with DCHP lease duration.
http://blogs.technet.com/b/askpfe/archive/2011/06/03/how-dns-scavenging-and-the-dhcp-lease-duration-relate.aspx
If you want the records to be deleted when a lease runs out, then you have to configure your DHCP options appropriately so that the DHCP server registers all the records.

Author

Commented:
thanks.

you can see from attached the problem i have.

scavenging is set to 4 days (for .local zone)
the 2x zones 10.255.255 and 10.255.254 are set to 4days.

dhcp lease for the local ranges 172.*.*.* are 7 days.

i think the two 10.25* ranges were added manually to DNS...
.local-zone-DNS.jpg
10.255.255...JPG
CERTIFIED EXPERT
Top Expert 2014

Commented:
I see no problem with the info in the screenshots.
Perhaps you'd be better served by opening a question specifically to deal with any problem you're seeing.  You may want to be a little more precise when you say "scavenging is set to 4 days" - do you mean the no-refresh and refresh intervals? Separately? Combined? Or the scavenging period (the interval at which the server actually tries to scavenge stale records)?

Author

Commented:
where is the no-refresh and refresh?

i have noticed on the servers that:
server - properties - advanced = 7 day scavenge,.   Its the zones that are 4 hours or 4 days.

windows logs showing last scavenge:
14-5-14
30-4-14
23-4-14

Author

Commented:
you can see from the screenshots clients with a 10 and a 172 ip.

also i have just disconnected form lan 172 and connected to vpn 10.255.255 and client still showing in DNS with 172, thus unable to talk to client over vpn by name, only IP

Author

Commented:
found no-refresh and refresh.  all servers are the same i.e. 7 days.  only the zones are lower, but i don't think the zones are scavenging..

Author

Commented:
the client has now updated in dns and pingable, but still has its old DNS/IP still in DNS 255.255.10 zone... 10.255.255.6 (old) 10.255.255.5 (new).  Its also updated this in .local zone.
CERTIFIED EXPERT
Top Expert 2014
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
i agree, my issue now seems slightly different.  new question here:
https://www.experts-exchange.com/Networking/Protocols/DNS/Q_28436673.html

i suppose the main problem is the duplicate records in DNS, and how best to remove them (automatically) as scavenge seems not to remove old records in this reverse zone...

i have dynamic update enabled on DNS.

Author

Commented:
if i were to delete the reverse lookup zones for the two sites remote connections (10.255 and 254) will that stop machines from registering in the forward .zone?
CERTIFIED EXPERT
Top Expert 2014

Commented:
There's nothing more that needs to be checked on that screen.  If records aren't being removed from a specific zone, then check the aging settings for that zone and make sure the box is checked for "Scavenge stale resource records".

No, the reverse zones are not necessary for any function of the forward zones.

Author

Commented:
so changed DHCP to dynamic.
changed scavenge to run on all servers every day, the LAN zones daily, the remote/VPN zone hourly.

Seems better.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.