DNS Scavenging - is my configuration OK?

Hi all,

We have been having random issues with users getting stuck whilst logging on and my gut feeling is that it is a DNS issue.  (After powering off/on their PC, logging in as local admin and doing an ipconfig /release /renew they can log on as normal).

I was looking at our DNS scavenging settings and noticed that it seems to be configured a bit differently to how I normally see it configured in instruction guides etc:

Our scavenging/ageing settings for 'all zones' is configured as below:

Scavenging/ageing settings for all zones
I am a bit concerned that no-refresh interval is set as 5 days and refresh interval is set as 4 days.  I wonder if the problem is occurring on the cross over 1 day of these two periods?

Normally when I see this configured in instruction guides, they seem to both be set as 7 days.

Could this be causing an issue?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
Your settings aren't an issue. And from what you describe, DNS itself is likely not an issue. DHCP, on the other hand, might be.
fieldjAuthor Commented:
What would you advise I check in DHCP?
Cliff GaliherCommented:
Lease times perhaps. Seeing an ipconfig and nslookup results from a client when it stops working would be enlightening as well.
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

fieldjAuthor Commented:
Lease time is set to 4 days.

Its difficult to get an ipconfig/nslookup etc from a client when the problem occurs as its stuck during the logon process.  I am going to try and experiment with psexec to remotely run these commands if possible
Cliff GaliherCommented:
A lease time shorter than your no-refresh interval can be a problem. I'd start there. As for long login times, if you wait, it'll complete, probably around the 60-minit timeout mark.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
fieldjAuthor Commented:
Meanwhile the end user has killed me for making them wait 60 minutes!  To be honest its not a major issue, we just force a power off, power on, log on as Administrator, ipconfig release /renew and then they can log on as normal.

Its very infrequent, we probably average one pc with this problem every two days (approx 200 users).

What you said about the DHCP lease time being shorter than no-refresh interval is interesting, but goes against what I have read elsewhere.

Are you able to explain why this would be a problem as I am struggling to get my head around the DNS refresh / no-refresh thing?
Cliff GaliherCommented:
Because the lease is going to expire and attempt to renew when the DNS record is still in the no refresh window. That could, in theory, cause the system go hang at the point that the DHCP client is attempting to refresh the DNS record and is being given an access denied message. It should handle that gracefully, but there mah be a big that is causing it to fail. In most environments the lease time is longer than the no-refresh window so by the time DHCP renews the lease, it is also allowed to refresh the DNS record, hence avoiding the problem. I can't honestly think of a reason why you'd have a no-refresh shorter than the lease time.
fieldjAuthor Commented:
OK great, thanks for explaining.

I have just been scanning (by eye) through DNS and noticed a couple of clients with the same Ip address listed which I found interesting.

I have changed our DHCP lease time to 7 days.  We will monitor things over the coming days to see if this helps fix the issue.
Here's a good article that helps to explain how DHCP lease time and DNS scavenging relate.
Parts of it take a little thought to grasp.  One thing I don't think it mentions is that clients will try to renew their DHCP lease halfway through the lease period, and if successful, refresh their DNS record.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.