DNS ageing without scavenging
As a preliminary phase, prior to enabling scavenging, I want to start replicating the timestamps of Microsoft Active-Directory-Integrated zone.
All my DNS servers are Global Catalog & Domain Controllers.
From my research, the way to replicate the timestamps on records is to enable Ageing/Scavenging on the targeted Zone, but NOT enable scavenging on the Servers.
Is this correct?
Also, are secure dynamic updates a requirement? I currently have "allow non secure dynamic updates" set at the zone.
Once all my timestamps are coordinated I will enable the scavenging on the "PDC" domain controller only.
Thanks in advance.
My servers are 2008, 2012 and 2016