Solved

DNS Scavenging - is my configuration OK?

Posted on 2014-12-09
9
73 Views
Last Modified: 2015-01-22
Hi all,

We have been having random issues with users getting stuck whilst logging on and my gut feeling is that it is a DNS issue.  (After powering off/on their PC, logging in as local admin and doing an ipconfig /release /renew they can log on as normal).

I was looking at our DNS scavenging settings and noticed that it seems to be configured a bit differently to how I normally see it configured in instruction guides etc:

Our scavenging/ageing settings for 'all zones' is configured as below:

Scavenging/ageing settings for all zones
I am a bit concerned that no-refresh interval is set as 5 days and refresh interval is set as 4 days.  I wonder if the problem is occurring on the cross over 1 day of these two periods?

Normally when I see this configured in instruction guides, they seem to both be set as 7 days.

Could this be causing an issue?
0
Comment
Question by:fieldj
  • 4
  • 4
9 Comments
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40488642
Your settings aren't an issue. And from what you describe, DNS itself is likely not an issue. DHCP, on the other hand, might be.
0
 

Author Comment

by:fieldj
ID: 40488650
What would you advise I check in DHCP?
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40488655
Lease times perhaps. Seeing an ipconfig and nslookup results from a client when it stops working would be enlightening as well.
0
 

Author Comment

by:fieldj
ID: 40488661
Lease time is set to 4 days.

Its difficult to get an ipconfig/nslookup etc from a client when the problem occurs as its stuck during the logon process.  I am going to try and experiment with psexec to remotely run these commands if possible
0
Too many email signature updates to deal with?

Do you feel like you are taking up all of your time constantly visiting users’ desks to make changes to email signatures? Wish you could manage all signatures from one central location, easily design them and deploy them quickly to users? Well, there is an easy way!

 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 40488694
A lease time shorter than your no-refresh interval can be a problem. I'd start there. As for long login times, if you wait, it'll complete, probably around the 60-minit timeout mark.
0
 

Author Comment

by:fieldj
ID: 40488995
Meanwhile the end user has killed me for making them wait 60 minutes!  To be honest its not a major issue, we just force a power off, power on, log on as Administrator, ipconfig release /renew and then they can log on as normal.

Its very infrequent, we probably average one pc with this problem every two days (approx 200 users).

What you said about the DHCP lease time being shorter than no-refresh interval is interesting, but goes against what I have read elsewhere.

Are you able to explain why this would be a problem as I am struggling to get my head around the DNS refresh / no-refresh thing?
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40489032
Because the lease is going to expire and attempt to renew when the DNS record is still in the no refresh window. That could, in theory, cause the system go hang at the point that the DHCP client is attempting to refresh the DNS record and is being given an access denied message. It should handle that gracefully, but there mah be a big that is causing it to fail. In most environments the lease time is longer than the no-refresh window so by the time DHCP renews the lease, it is also allowed to refresh the DNS record, hence avoiding the problem. I can't honestly think of a reason why you'd have a no-refresh shorter than the lease time.
0
 

Author Comment

by:fieldj
ID: 40489107
OK great, thanks for explaining.

I have just been scanning (by eye) through DNS and noticed a couple of clients with the same Ip address listed which I found interesting.

I have changed our DHCP lease time to 7 days.  We will monitor things over the coming days to see if this helps fix the issue.
0
 
LVL 39

Expert Comment

by:footech
ID: 40489482
Here's a good article that helps to explain how DHCP lease time and DNS scavenging relate.
http://blogs.technet.com/b/askpfe/archive/2011/06/03/how-dns-scavenging-and-the-dhcp-lease-duration-relate.aspx
Parts of it take a little thought to grasp.  One thing I don't think it mentions is that clients will try to renew their DHCP lease halfway through the lease period, and if successful, refresh their DNS record.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Know what services you can and cannot, should and should not combine on your server.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now