• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 46
  • Last Modified:

DNS Scavenging Best Practice

Can someone please share their insights on DNS scavenging and best practice around it.
We have about 120 desktops (DHCP) and 30 servers (STATIC IP).
FFL and DFL are both 2008 R2 and both DC are 2008 R2
I know the default setting is 7 days and 7 days, but I have read that some people who set up the DNS scavenging managed to cause huge issue even with static records.
Appreciate any/all insights re. what not to do or what is best.
0
Laszlo Denes
Asked:
Laszlo Denes
2 Solutions
 
Peter HutchisonSenior Network Systems SpecialistCommented:
We have scavanging enabled on our DNS server on our PDC.
In the DNS console enabled Advanced mode and for any static records, make sure 'Do not scavenge' is enabled to avoid them getting deleted.
Other than that it should be fine to ensure old dynamic records are removed automatically
0
 
DrDave242Commented:
I have read that some people who set up the DNS scavenging managed to cause huge issue even with static records.

DNS scavenging shouldn't touch static records at all unless someone goes in and converts them to dynamic records. This can be done with the dnscmd /ageallrecords command, which should generally be avoided.

The best article I've seen regarding DNS scavenging is here:

https://blogs.technet.microsoft.com/networking/2008/03/19/dont-be-afraid-of-dns-scavenging-just-be-patient/

That article is rather old, but nothing's really changed in terms of DNS scavenging since it was written. Since you've got a lot of DHCP clients in your environment, you may also want to take a look at this, which talks about how the scavenging intervals and DHCP lease duration relate to one another:

https://blogs.technet.microsoft.com/askpfe/2011/06/03/how-dns-scavenging-and-the-dhcp-lease-duration-relate/

Both of those together should give you a good starting point. Please feel free to ask any specific questions you have.
0
 
MaheshArchitectCommented:
Its not create issues as long as it setup correctly

Avoid setting up very short scavenging period, else there is possibility of getting deleted domain controller dynamic records
by default domain controller records are getting updated (time stamp) every 24 hours, so avoid setting up scavenging period less than 24 hours
another thing is if your DHCP scope duration is 8 days, scavenging period should be 50 % of dhcp scope
https://blogs.technet.microsoft.com/askpfe/2011/06/03/how-dns-scavenging-and-the-dhcp-lease-duration-relate/

Further, scavenging is by default enabled on domain dns zone, however it won't effective unless you enable it on server level you should set it on only one DC (which is also DNS role installed and preferably PDC) so that whatever deletion of stale records will get replicated from that DC
Also if DHCP is there, you need to configure DNS dhcp integration correctly so that records will get updated in time
https://blogs.msmvps.com/acefekay/2016/08/13/dynamic-dns-updates-how-to-get-it-to-work-with-dhcp-scavenging-static-entries-their-timestamps-the-dnsupdateproxy-group-and-dhcp-name-protection/
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Laszlo DenesAuthor Commented:
wow thank you everyone for all the awesome information... will review this weekend and expedite...
0
 
Adam Andersoninfrastructure consultantCommented:
Don't do it. ;)
0
 
Laszlo DenesAuthor Commented:
both solutions could have been best but system demands I pick one.... equal points and equal thanks though....
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Tackle projects and never again get stuck behind a technical roadblock.
Join Now