DNS Scavenging Best Practice

Can someone please share their insights on DNS scavenging and best practice around it.
We have about 120 desktops (DHCP) and 30 servers (STATIC IP).
FFL and DFL are both 2008 R2 and both DC are 2008 R2
I know the default setting is 7 days and 7 days, but I have read that some people who set up the DNS scavenging managed to cause huge issue even with static records.
Appreciate any/all insights re. what not to do or what is best.
Laszlo DenesAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Peter HutchisonSenior Network Systems SpecialistCommented:
We have scavanging enabled on our DNS server on our PDC.
In the DNS console enabled Advanced mode and for any static records, make sure 'Do not scavenge' is enabled to avoid them getting deleted.
Other than that it should be fine to ensure old dynamic records are removed automatically
0
DrDave242Commented:
I have read that some people who set up the DNS scavenging managed to cause huge issue even with static records.

DNS scavenging shouldn't touch static records at all unless someone goes in and converts them to dynamic records. This can be done with the dnscmd /ageallrecords command, which should generally be avoided.

The best article I've seen regarding DNS scavenging is here:

https://blogs.technet.microsoft.com/networking/2008/03/19/dont-be-afraid-of-dns-scavenging-just-be-patient/

That article is rather old, but nothing's really changed in terms of DNS scavenging since it was written. Since you've got a lot of DHCP clients in your environment, you may also want to take a look at this, which talks about how the scavenging intervals and DHCP lease duration relate to one another:

https://blogs.technet.microsoft.com/askpfe/2011/06/03/how-dns-scavenging-and-the-dhcp-lease-duration-relate/

Both of those together should give you a good starting point. Please feel free to ask any specific questions you have.
1
MaheshArchitectCommented:
Its not create issues as long as it setup correctly

Avoid setting up very short scavenging period, else there is possibility of getting deleted domain controller dynamic records
by default domain controller records are getting updated (time stamp) every 24 hours, so avoid setting up scavenging period less than 24 hours
another thing is if your DHCP scope duration is 8 days, scavenging period should be 50 % of dhcp scope
https://blogs.technet.microsoft.com/askpfe/2011/06/03/how-dns-scavenging-and-the-dhcp-lease-duration-relate/

Further, scavenging is by default enabled on domain dns zone, however it won't effective unless you enable it on server level you should set it on only one DC (which is also DNS role installed and preferably PDC) so that whatever deletion of stale records will get replicated from that DC
Also if DHCP is there, you need to configure DNS dhcp integration correctly so that records will get updated in time
https://blogs.msmvps.com/acefekay/2016/08/13/dynamic-dns-updates-how-to-get-it-to-work-with-dhcp-scavenging-static-entries-their-timestamps-the-dnsupdateproxy-group-and-dhcp-name-protection/
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

Laszlo DenesAuthor Commented:
wow thank you everyone for all the awesome information... will review this weekend and expedite...
0
Adam Andersoninfrastructure consultantCommented:
Don't do it. ;)
0
Laszlo DenesAuthor Commented:
both solutions could have been best but system demands I pick one.... equal points and equal thanks though....
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.