CHI-LTD
asked on
DHCP Lease and DNS Scavenge
I am stuck.
I have issues with my remote users that connect in over VPN and get an IP address from the firewall. So i am confident that the changes i have made to my DHCP lease (4 days) and DNS servers scavenge (7 days for both) locally have nothing to do with the problems i have with regard to routing over the site-to-site VPNs on different networks.
So i would like to change the DNS and DHCP settings back to defaults or a recommended setting. Suggestions?
Then i will tackle the routing issue again... :(
Thanks
I have issues with my remote users that connect in over VPN and get an IP address from the firewall. So i am confident that the changes i have made to my DHCP lease (4 days) and DNS servers scavenge (7 days for both) locally have nothing to do with the problems i have with regard to routing over the site-to-site VPNs on different networks.
So i would like to change the DNS and DHCP settings back to defaults or a recommended setting. Suggestions?
Then i will tackle the routing issue again... :(
Thanks
ASKER
would you use the defaults?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
should the scavenge settings be less or more than dhcp?
Your scavenge settings should be less than your DHCP lease time, otherwise, your systems could change IPs and be unable to update DNS. If your lease is 4 days, I would set both scavenge setting to 3 days.
-JJ
-JJ
ASKER
okay, DHCP = 7days.
scavenge set to 4 days.#
will see what happens.
scavenge set to 4 days.#
will see what happens.
ASKER
SHould scavenging be setup on all zones in forward and reverse?
I would setup scavenging on all zones.
-JJ
-JJ
ASKER
even the .com zone i had to create manually post setup of SSL certs?
It is really up to you whether or not you want to enable scavenging on a zone. Only records that have been dynamically created will be scavenged. If your .com zone contains all manually created records, don't bother.
-JJ
-JJ
No need for points for this, but you may want to take a look at this article. It gives some recommendations on setting your scavenge periods along with DCHP lease duration.
http://blogs.technet.com/b/askpfe/archive/2011/06/03/how-dns-scavenging-and-the-dhcp-lease-duration-relate.aspx
If you want the records to be deleted when a lease runs out, then you have to configure your DHCP options appropriately so that the DHCP server registers all the records.
http://blogs.technet.com/b/askpfe/archive/2011/06/03/how-dns-scavenging-and-the-dhcp-lease-duration-relate.aspx
If you want the records to be deleted when a lease runs out, then you have to configure your DHCP options appropriately so that the DHCP server registers all the records.
ASKER
thanks.
you can see from attached the problem i have.
scavenging is set to 4 days (for .local zone)
the 2x zones 10.255.255 and 10.255.254 are set to 4days.
dhcp lease for the local ranges 172.*.*.* are 7 days.
i think the two 10.25* ranges were added manually to DNS...
.local-zone-DNS.jpg
10.255.255...JPG
you can see from attached the problem i have.
scavenging is set to 4 days (for .local zone)
the 2x zones 10.255.255 and 10.255.254 are set to 4days.
dhcp lease for the local ranges 172.*.*.* are 7 days.
i think the two 10.25* ranges were added manually to DNS...
.local-zone-DNS.jpg
10.255.255...JPG
I see no problem with the info in the screenshots.
Perhaps you'd be better served by opening a question specifically to deal with any problem you're seeing. You may want to be a little more precise when you say "scavenging is set to 4 days" - do you mean the no-refresh and refresh intervals? Separately? Combined? Or the scavenging period (the interval at which the server actually tries to scavenge stale records)?
Perhaps you'd be better served by opening a question specifically to deal with any problem you're seeing. You may want to be a little more precise when you say "scavenging is set to 4 days" - do you mean the no-refresh and refresh intervals? Separately? Combined? Or the scavenging period (the interval at which the server actually tries to scavenge stale records)?
ASKER
where is the no-refresh and refresh?
i have noticed on the servers that:
server - properties - advanced = 7 day scavenge,. Its the zones that are 4 hours or 4 days.
windows logs showing last scavenge:
14-5-14
30-4-14
23-4-14
i have noticed on the servers that:
server - properties - advanced = 7 day scavenge,. Its the zones that are 4 hours or 4 days.
windows logs showing last scavenge:
14-5-14
30-4-14
23-4-14
ASKER
you can see from the screenshots clients with a 10 and a 172 ip.
also i have just disconnected form lan 172 and connected to vpn 10.255.255 and client still showing in DNS with 172, thus unable to talk to client over vpn by name, only IP
also i have just disconnected form lan 172 and connected to vpn 10.255.255 and client still showing in DNS with 172, thus unable to talk to client over vpn by name, only IP
ASKER
found no-refresh and refresh. all servers are the same i.e. 7 days. only the zones are lower, but i don't think the zones are scavenging..
ASKER
the client has now updated in dns and pingable, but still has its old DNS/IP still in DNS 255.255.10 zone... 10.255.255.6 (old) 10.255.255.5 (new). Its also updated this in .local zone.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
i agree, my issue now seems slightly different. new question here:
https://www.experts-exchange.com/questions/28436673/DNS-Records-and-VPN-Clients.html
i suppose the main problem is the duplicate records in DNS, and how best to remove them (automatically) as scavenge seems not to remove old records in this reverse zone...
i have dynamic update enabled on DNS.
https://www.experts-exchange.com/questions/28436673/DNS-Records-and-VPN-Clients.html
i suppose the main problem is the duplicate records in DNS, and how best to remove them (automatically) as scavenge seems not to remove old records in this reverse zone...
i have dynamic update enabled on DNS.
ASKER
do i need to tick any boxes in here:
http://blogs.technet.com/blogfiles/networking/WindowsLiveWriter/DNSscavengingiseasy.Havingpatienceishar_C6E0/image_12.png
http://blogs.technet.com/blogfiles/networking/WindowsLiveWriter/DNSscavengingiseasy.Havingpatienceishar_C6E0/image_12.png
ASKER
if i were to delete the reverse lookup zones for the two sites remote connections (10.255 and 254) will that stop machines from registering in the forward .zone?
There's nothing more that needs to be checked on that screen. If records aren't being removed from a specific zone, then check the aging settings for that zone and make sure the box is checked for "Scavenge stale resource records".
No, the reverse zones are not necessary for any function of the forward zones.
No, the reverse zones are not necessary for any function of the forward zones.
ASKER
so changed DHCP to dynamic.
changed scavenge to run on all servers every day, the LAN zones daily, the remote/VPN zone hourly.
Seems better.
changed scavenge to run on all servers every day, the LAN zones daily, the remote/VPN zone hourly.
Seems better.
DNS scavenging defaults to 1 day in Windows IIRC.