Avatar of CHI-LTD
CHI-LTD
Flag for United Kingdom of Great Britain and Northern Ireland asked on

DHCP Lease and DNS Scavenge

I am stuck.

I have issues with my remote users that connect in over VPN and get an IP address from the firewall.  So i am confident that the changes i have made to my DHCP lease (4 days) and DNS servers scavenge (7 days for both) locally have nothing to do with the problems i have with regard to routing over the site-to-site VPNs on different networks.

So i would like to change the DNS and DHCP settings back to defaults or a recommended setting.  Suggestions?

Then i will tackle the routing issue again... :(

Thanks
DNSDHCPCisco

Avatar of undefined
Last Comment
CHI-LTD

8/22/2022 - Mon
Craig Beck

DHCP lease time depends on a few things, but generally the standard lease time is 8 days (depending on the DHCP server OS).

DNS scavenging defaults to 1 day in Windows IIRC.
CHI-LTD

ASKER
would you use the defaults?
ASKER CERTIFIED SOLUTION
Craig Beck

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
CHI-LTD

ASKER
should the scavenge settings be less or more than dhcp?
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
Jamie McKillop

Your scavenge settings should be less than your DHCP lease time, otherwise, your systems could change IPs and be unable to update DNS. If your lease is 4 days, I would set both scavenge setting to 3 days.

-JJ
CHI-LTD

ASKER
okay, DHCP = 7days.
scavenge set to 4 days.#

will see what happens.
CHI-LTD

ASKER
SHould scavenging be setup on all zones in forward and reverse?
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Jamie McKillop

I would setup scavenging on all zones.

-JJ
CHI-LTD

ASKER
even the .com zone i had to create manually post setup of SSL certs?
Jamie McKillop

It is really up to you whether or not you want to enable scavenging on a zone. Only records that have been dynamically created will be scavenged. If your .com zone contains all manually created records, don't bother.

-JJ
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
footech

No need for points for this, but you may want to take a look at this article.  It gives some recommendations on setting your scavenge periods along with DCHP lease duration.
http://blogs.technet.com/b/askpfe/archive/2011/06/03/how-dns-scavenging-and-the-dhcp-lease-duration-relate.aspx
If you want the records to be deleted when a lease runs out, then you have to configure your DHCP options appropriately so that the DHCP server registers all the records.
CHI-LTD

ASKER
thanks.

you can see from attached the problem i have.

scavenging is set to 4 days (for .local zone)
the 2x zones 10.255.255 and 10.255.254 are set to 4days.

dhcp lease for the local ranges 172.*.*.* are 7 days.

i think the two 10.25* ranges were added manually to DNS...
.local-zone-DNS.jpg
10.255.255...JPG
footech

I see no problem with the info in the screenshots.
Perhaps you'd be better served by opening a question specifically to deal with any problem you're seeing.  You may want to be a little more precise when you say "scavenging is set to 4 days" - do you mean the no-refresh and refresh intervals? Separately? Combined? Or the scavenging period (the interval at which the server actually tries to scavenge stale records)?
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
CHI-LTD

ASKER
where is the no-refresh and refresh?

i have noticed on the servers that:
server - properties - advanced = 7 day scavenge,.   Its the zones that are 4 hours or 4 days.

windows logs showing last scavenge:
14-5-14
30-4-14
23-4-14
CHI-LTD

ASKER
you can see from the screenshots clients with a 10 and a 172 ip.

also i have just disconnected form lan 172 and connected to vpn 10.255.255 and client still showing in DNS with 172, thus unable to talk to client over vpn by name, only IP
CHI-LTD

ASKER
found no-refresh and refresh.  all servers are the same i.e. 7 days.  only the zones are lower, but i don't think the zones are scavenging..
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
CHI-LTD

ASKER
the client has now updated in dns and pingable, but still has its old DNS/IP still in DNS 255.255.10 zone... 10.255.255.6 (old) 10.255.255.5 (new).  Its also updated this in .local zone.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
CHI-LTD

ASKER
i agree, my issue now seems slightly different.  new question here:
https://www.experts-exchange.com/Networking/Protocols/DNS/Q_28436673.html

i suppose the main problem is the duplicate records in DNS, and how best to remove them (automatically) as scavenge seems not to remove old records in this reverse zone...

i have dynamic update enabled on DNS.
CHI-LTD

ASKER
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
CHI-LTD

ASKER
if i were to delete the reverse lookup zones for the two sites remote connections (10.255 and 254) will that stop machines from registering in the forward .zone?
footech

There's nothing more that needs to be checked on that screen.  If records aren't being removed from a specific zone, then check the aging settings for that zone and make sure the box is checked for "Scavenge stale resource records".

No, the reverse zones are not necessary for any function of the forward zones.
CHI-LTD

ASKER
so changed DHCP to dynamic.
changed scavenge to run on all servers every day, the LAN zones daily, the remote/VPN zone hourly.

Seems better.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck