?
Solved

DNS Scavenging - Stale records not deleted from forward lookup zone

Posted on 2014-07-24
2
Medium Priority
?
5,353 Views
Last Modified: 2014-07-24
Hello,

I am trying to implement DNS scavenging in my Active Directory integrated DNS environment, but I have a weird situation occurring.  All stale PTR records are being scavenged properly from the reverse lookup zones, but the stale A records in my primary forward lookup zone stubbornly remain.  My environment contains 3 DNS servers- 2 Windows Server 2003 Standard Edition SP2 DC's and a single Windows Server 2008 R2 SP1 DC.

Here is what I have done so far:

1.  Enabled aging/scavenging on all of the zones I wish to scavenge on the DNS servers
2.  I watched over the next several weeks to see how the timestamps were replicated around the DC's and made sure that all of my critical systems were updating as expected so that they would not be accidentally deleted.
3.  The zones in question were eligible to be scavenged several weeks ago according to DNS
4.  I proceeded to enable scavenging on the Windows Server 2008 R2 SP1 DC/DNS server and set it to scanvenge the stale resource at the default interval of 7 days
5.  In order to make an immediate scavenging pass, I manually initiated a scavenging operation on the DC mentioned in step 4 above.
6.  The results were that all of the stale records in the multiple reverse zones were immediately scavenged as expected.  However, all of the stale resource records in the forward lookup zone remain and will not be removed no matter where I run the manual scavenge from.
7. I checked the security tab on the records in both types of zones and everything is identical

My question here is - what am I missing? I followed this article as exactly as possible, but perhaps I have overlooked some nuance:

http://blogs.technet.com/b/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx

All of the stale A records are set to be scavenged when they become stale (checkbox on the record itself) and all of them are very VERY old 7/1/2009 for example.  Scavenging is enabled in all three places - the DNS server, the zone in question, and the individual A record.

Perhaps my best bet is just to manually delete all of the old A records from the forward lookup zone and then watch the behavior with all newly created dynamic A records moving forward?  Could it be something with the mix of 2003 and 2008 R2 DNS servers?

Any ideas? Please don't ask if I have enabled scavenging on the DNS server as well as the individual zones.  That is the canned answer that appears over and over on technet and google as a response to this problem.  I came to Experts Exchange with this issue for a reason! ;-)

Thanks in advance,

Jon
0
Comment
Question by:KPI1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 37

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 40217791
1st of scavenging needs to be set only on domain dns zones (ex: Contoso.com) and all ad integrated reverse lookup zones
Also I hope you have set scavenging on single server only.

You need to reset scavenging 1st by running below command in elevated command prompt
dnscmd /zoneresetscavengeservers contoso.com         ------ Replace Contoso.com with your domain name, this command will reset scavenging and clear if you have set different servers for scavenging in past

Then set the Scavenging server for a zone, run the command:
dnscmd /zoneresetscavengeservers contoso.com <Ip of the current DNS Server>

Check if scavenging settings are remain unchanged on zone level and server level

Then check if it works properly
Check below article for more details
http://support.microsoft.com/kb/2791165

One another workaround I can see is to delete all very old record manually from dns zones because sometimes I found that no matter what you try, scavenging process do not delete some old records, however once you deleted those very old records, the problem won't occur again specially when scavenging is now in place.
0
 

Author Comment

by:KPI1
ID: 40218127
Thanks Mahesh,

Yes I have it configured to scavenge on only a single server.  I will try the /zoneresetscavengerservers command and see if that fixes it, but I don't see any settings in /zoneinfo for the domain to indicate that an old server is configured for scavenging like the KB article referenced in you post mentions.

If that doesn't work, I will manually delete the old records since my zone is only a couple of hundred A records.  Then I will see if the problem persists.

Thank you for your assistance,

Jon
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question