DNS + Scavenging - Multiple DHCP Leases

DNS scavenge with multiple DHCP lease times

We have the following configuration. Also attached is our DHCP configuration @ the top level. We have the default Server 2012 R2 options, "Dynamically update DNS records only if requested by the DHCP clients" with " discard A and PTR records when lease is deleted" ticked. We have credentials set for DNS dynamic update & our DHCP servers are added into the DNSUpdateProxy group. Scopes & counts as follows:

9 DHCP scopes with 1 day lease
12 DHCP scopes with 2 day lease
11 DHCP scopes with 8 hour lease
105 DHCP scopes with 8 day lease

Have done a lot of reading about the refresh + no refresh ideally being the same as the DHCP lease time, but assumption being DHCP lease times are same for all scopes. Our scenario is they are not, & so not really sure on the impact of different scavenging options

Majority are 8 day lease, so reading many blogs it mentions this should ideally match the total refresh. So values of 4 & 4 for no refresh & refresh, but then what is the impact of this on our scopes with 1day, 2day & 8 hour leases? Suppose the risk is they end up with duplicates until the zone is scavenged?

This is where I am thinking we should maybe configure DHCP to "always dynamically update DNS records" but they don't know if this actually required. My thinking is that if address is assigned to another computer DHCP can update DNS & we shouldnt have duplicates, then configure 4 + 4 days for scavenging. Or is this not required?

Did a current check on DNS & we have approx 1300 duplicate records as it stands, so not sure the A & PRT is being removed when the lease expires, which it should with default settings
Nick McKayAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MaheshArchitectCommented:
"dynamically update records Only requested by dhcp client" setting is fine as well.
when you set 4 days scavenging, it is actually 4 + 4, then scavenging cycle runs after every 4 days and records older than 8 days would get scavenged
The problem happens only if records are not updating and if you don't configure scavenging..
Scavenging need to be setup on any one DC (PDC preferably) on zone and server level both
you need to setup dns  dhcp integration correctly
Run below command on dns server if DHCP is also installed on DNS server
dnscmd /config /OpenACLOnProxyUpdates 1

Instead of DHCP server accounts, the dhcp service (credentials) account should be added to dnsupdateproxy group
Adding dhcp server account to dnsupdate proxy group will allow any DHCP server to take ownership of any dns records which is not recommended

on the DHCP server you should configure below.
Enable DNS dynamic updates according to the settings below
Dynamically update DNS A and PTR records only if requested by the DHCP Clients - this is already set
Discard A and PTR records when lease is deleted - this is already set
Dynamically update DNS A and PTR records for DHCP clients that do not request updates (for example, clients running Windows NT 4.0) - need to set
Finally restart dhcp server and dns server service..

Now this is how it should work
when computers registers it's record in DNS it will be the owner of the record and "DHCP service" will not be able to overwrite this
when "DHCP service" registers the record it will be the owner of the record but it will add ACL to all DNS records created to allow changes by Authenticated Users so if the client changes its IP, it will take ownership of this ACL AND update record
0
Nick McKayAuthor Commented:
Thanks, yea understand all of this. Suppose question was more around DHCP leases. There are requirements as to why some DHCP scopes don't have 8 day lease (WiFi scopes etc.) & we aren't going to change these. Although 80% of our scopes are an 8 day lease

So was just wondering what the effect would be if I set 4 day no refresh, 4 day refresh & 1 day scavenging (on the DNS server) for scopes which are LESS than the 8 day lease as mentioned above. Risk of duplicate DNS records until scavenging runs?

As in, the docs I read assume your DHCP scopes are all the same lease time. Have read this document below, but option #3 "Allow the server DHCP to register the addresses on behalf of the clients" doesn't really mention if this changes your stance on no refresh, refresh & scavenging times etc. As in if you allow DHCP to perform the updates does it matter in regards to your scavenging settings?

https://blogs.technet.microsoft.com/askpfe/2011/06/03/how-dns-scavenging-and-the-dhcp-lease-duration-relate/

Cheers
0
MaheshArchitectCommented:
whatever duration you set for scavenging (refresh + no refresh), DNS will not scavenge records until record stamp is older than scavenging period (say 4 + 4 = 8 days). after day 8th whenever scavenging cycle will run, it will delete all dynamic records older than 8 days
Ultimately DHCP - DNS integration did not change scavenging process
DNS-DHCP integration will help you to update records dynamically (assuming dns zone is set for dynamic update)
Now if you want to set "always dynamically update A and PTR records" (dhcp to force registration), then you should run below command on DNS server:
dnscmd /config /OpenACLOnProxyUpdates 0
The command will ensure that DHCP can take ownership of records and update it as soon as lease expires and u don't need to wait for scavenging duration to be completed
rest of setting remains same

scavenging process would be applicable for all scopes regardless of scope duration

what you can do, decrease no-refresh period to 2 days, in this period record did not accept dynamic update.
Keep refresh interval to 4 days, during four days DHCP will renew records as and when available, this way you will get bit optimization on DHCP lease
now set scavenging period to 3 days (average of refresh + no-refresh), so dns will scavenge stale records older than 6 days with interval of 3 days

setup your environment and you observe the results, you can fine tune both intervals if required
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DHCP

From novice to tech pro — start learning today.