Why DNS scavenging doesn't work?
This is using MS Windows 2003 AD domain. There are 2 DCs, and 2 DHCP servers. I want to do the dns object ageing and scavenging so as old objects must be automatically purged. I read some articles in which they suggest that all 3 levels - server, zone and the A/PTR object have to be enabled for scavenging. The scavenging settings that I set were, in zone - both forward and reverse zones of the ad domain, set with 2-day and 1-day, for no-refresh and refresh, respectively. In server, I enabled the scavenging and set 1-day;
As for the 2 DHCP servers, I also ticked settings in the DNS tab; Besides this, I also run "netsh dhcp set server dnscredentials" with correct user name and password. This DHCP servers also joined as members of UpdateDNSProxy group. However, I check that the 2502 events are reported meaning none of the stale object is scavenged.
Any settings I miss out? How to troubleshoot and get the scavenging work?
Thanks,
As for the 2 DHCP servers, I also ticked settings in the DNS tab; Besides this, I also run "netsh dhcp set server dnscredentials" with correct user name and password. This DHCP servers also joined as members of UpdateDNSProxy group. However, I check that the 2502 events are reported meaning none of the stale object is scavenged.
Any settings I miss out? How to troubleshoot and get the scavenging work?
Thanks,
ASKER
Hi Footech,
Got a lot of records for past few years.
Got a lot of records for past few years.
ASKER
Hi Footech,
As for the dnscmd command, i was typed "dnscmd /zone scavengeservers abc.local 192.168.1.8". Does this command same as the command - dnscmd . (with "dot") as shown in the article?
As for the dnscmd command, i was typed "dnscmd /zone scavengeservers abc.local 192.168.1.8". Does this command same as the command - dnscmd . (with "dot") as shown in the article?
Yes, the dot means the local machine. You could also substitute the name of another DNS server.
Could you provide a screenshots of the following?
- record that should be scavenged showing the timestamp
- scavenging settings for the zone containing that record
- Advanced tab of the server properties where you want scavenging to occur
Could you provide a screenshots of the following?
- record that should be scavenged showing the timestamp
- scavenging settings for the zone containing that record
- Advanced tab of the server properties where you want scavenging to occur
ASKER
Are the timestamps for other records in the zone being updated properly?
I wouldn't set the no-refresh and refresh intervals so low, or you could end up with clients that are statically configured (but still perform dynamic updates of their DNS records) having their DNS record deleted.
On my servers even when no records are scavenged I get a 2501 event, never a 2502. Looking up some info for that event shows possible causes of:
-no zones configured for scavenging
-manually running scavenging immediately after enabling it for a zone
I would just wait until the next scavenge cycle is scheduled and then check the event afterwards to see what is reported.
I wouldn't set the no-refresh and refresh intervals so low, or you could end up with clients that are statically configured (but still perform dynamic updates of their DNS records) having their DNS record deleted.
On my servers even when no records are scavenged I get a 2501 event, never a 2502. Looking up some info for that event shows possible causes of:
-no zones configured for scavenging
-manually running scavenging immediately after enabling it for a zone
I would just wait until the next scavenge cycle is scheduled and then check the event afterwards to see what is reported.
ASKER
Hi Footech,
The scavenge cycle is reach and what I saw is still 2502 event.
Manually run it also get the same event - 2502.
The scavenge cycle is reach and what I saw is still 2502 event.
Manually run it also get the same event - 2502.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Footech,
Yes i did for dnscmd. The timestamp for others are updated.
Yes i did for dnscmd. The timestamp for others are updated.
At this point I would just set both of the intervals to 4 days (a good rule is to set the intervals to half the amount of your DHCP lease period), and the scavenge cycle to something like 2 days. Then look at it again after 11 days. Make sure the zones aren't reloaded in that period (i.e. the DNS service or the machine isn't restarted).
The event is saying that no zones are eligible. So all I can suggest after the above is to take a detailed look at the output of runing dnscmd (probably with the /info or /zoneinfo switches) and looking at the scavenge info. If all is as expected I've got nothing else to suggest.
The event is saying that no zones are eligible. So all I can suggest after the above is to take a detailed look at the output of runing dnscmd (probably with the /info or /zoneinfo switches) and looking at the scavenge info. If all is as expected I've got nothing else to suggest.
ASKER
ASKER
Hi Footech,
The scavenging is finally works. I saw the event - 2501
The scavenging is finally works. I saw the event - 2501
ASKER
Finally, it works
http://blogs.technet.com/b/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx
To limit some of your troubleshooting, do you have a record with a timestamp that is older than 4 days, that is in a zone that has scavenging enabled?