Solved

Why DNS scavenging doesn't work?

Posted on 2014-09-24
13
328 Views
Last Modified: 2014-09-28
This is using MS Windows 2003 AD domain. There are 2 DCs, and 2 DHCP servers. I want to do the dns object ageing and scavenging so as old objects must be automatically purged. I read some articles in which they suggest that all 3 levels - server, zone and the A/PTR object have to be enabled for scavenging. The scavenging settings that I set were, in zone - both forward and reverse zones of the ad domain, set with 2-day and 1-day, for no-refresh and refresh, respectively. In server, I enabled the scavenging and set 1-day;

As for the 2 DHCP servers, I also ticked settings in the DNS tab; Besides this, I also run "netsh dhcp set server dnscredentials" with correct user name and password. This DHCP servers also joined as members of UpdateDNSProxy group. However, I check that the 2502 events are reported meaning none of the stale object is scavenged.

Any settings I miss out? How to troubleshoot and get the scavenging work?

Thanks,
0
Comment
Question by:MichaelBalack
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 5
13 Comments
 
LVL 40

Expert Comment

by:footech
ID: 40341241
Here's a link to the "go-to" guide for scavenging.
http://blogs.technet.com/b/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx

To limit some of your troubleshooting, do you have a record with a timestamp that is older than 4 days, that is in a zone that has scavenging enabled?
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 40341260
Hi Footech,

Got a lot of records for past few years.
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 40341263
Hi Footech,

As for the dnscmd command, i was typed "dnscmd /zone scavengeservers abc.local 192.168.1.8". Does this command same as the command - dnscmd . (with "dot") as shown in the article?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 40

Expert Comment

by:footech
ID: 40341320
Yes, the dot means the local machine.  You could also substitute the name of another DNS server.

Could you provide a screenshots of the following?
- record that should be scavenged showing the timestamp
- scavenging settings for the zone containing that record
- Advanced tab of the server properties where you want scavenging to occur
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 40342169
Hi Footech,

Please see attached.
EE-DNS3.bmp
EE-DNS1.bmp
EE-DNS2.bmp
0
 
LVL 40

Expert Comment

by:footech
ID: 40342330
Are the timestamps for other records in the zone being updated properly?

I wouldn't set the no-refresh and refresh intervals so low, or you could end up with clients that are statically configured (but still perform dynamic updates of their DNS records) having their DNS record deleted.

On my servers even when no records are scavenged I get a 2501 event, never a 2502.  Looking up some info for that event shows possible causes of:
-no zones configured for scavenging
-manually running scavenging immediately after enabling it for a zone
I would just wait until the next scavenge cycle is scheduled and then check the event afterwards to see what is reported.
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 40343587
Hi Footech,

The scavenge cycle is reach and what I saw is still 2502 event.

Manually run it also get the same event - 2502.
0
 
LVL 40

Accepted Solution

by:
footech earned 500 total points
ID: 40343634
Have you run the command
dnscmd . /ZoneResetScavengeServers yourzone.com <xx.xx.xx.xx>
where <xx.xx.xx.xx> is the IP of the server you want to scavenge the zone?

And again, are the timestamps for other records in the zone being updated properly?
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 40343638
Hi Footech,

Yes i did for dnscmd. The timestamp for others are updated.
0
 
LVL 40

Expert Comment

by:footech
ID: 40343656
At this point I would just set both of the intervals to 4 days (a good rule is to set the intervals to half the amount of your DHCP lease period), and the scavenge cycle to something like 2 days.  Then look at it again after 11 days.  Make sure the zones aren't reloaded in that period (i.e. the DNS service or the machine isn't restarted).

The event is saying that no zones are eligible.  So all I can suggest after the above is to take a detailed look at the output of runing dnscmd (probably with the /info or /zoneinfo switches) and looking at the scavenge info.  If all is as expected I've got nothing else to suggest.
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 40345567
Hi Footech,

Please see the result of dnscmd /zoneinfo xxx.com
dnscmd-2.bmp
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 40349181
Hi Footech,

The scavenging is finally works. I saw the event - 2501
0
 
LVL 1

Author Closing Comment

by:MichaelBalack
ID: 40349182
Finally, it works
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn about cloud computing and its benefits for small business owners.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question