Old A records in Microsoft DNS
I have 2 AD-Integrated DNS servers that have been running on the domain for about 5+ years. It's full of old A records and as a result, a single IP address (for example 192.168.0.205) may point to 3 or 4 different computers. I see lots of records with old timestamps (2017, 2016 for example). Although I am tempted, I don't want to assume they are stale (or incorrect) and blindly start deleting A records.
'Scavenge Stale Resource Records' is enabled. No-refresh interval is set to 7 days and the Refresh interval is also set to 7 days. I am assuming the servers are using the default security settings (I am not the one who set them up). Dynamic update is set to 'Secure only'. IPs are assigned using the Microsoft DHCP server on the same domain.
(I am only referring to DNS records added automatically, not static records). So if a computer was decommissioned 3 years ago (for example), why is the A record still there?
What would you recommend as the best way to clean up to non-static A records on this DNS server?
'Scavenge Stale Resource Records' is enabled. No-refresh interval is set to 7 days and the Refresh interval is also set to 7 days. I am assuming the servers are using the default security settings (I am not the one who set them up). Dynamic update is set to 'Secure only'. IPs are assigned using the Microsoft DHCP server on the same domain.
(I am only referring to DNS records added automatically, not static records). So if a computer was decommissioned 3 years ago (for example), why is the A record still there?
What would you recommend as the best way to clean up to non-static A records on this DNS server?
Have you run the salvage routine manually? Did you check the Event Logs for any errors. You should see a bunch of event id 2501 under Applications and Services Log | DNS Server
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
In AD dns, Scavenging is enabled by default on zone level but not on server level
Enable Scavenging on any one heathy dns server in ho site and check how it goes
Enable Scavenging on any one heathy dns server in ho site and check how it goes
ASKER
I did a manual audit of all of the DNS records; then read up on DNS Scavenging and then enabled it. In a few weeks either DNS will look like it should, or I'll have a lot of incoming support tickets from people who can't access old resources. In any case the scavenging setting will remain enabled and it should help going forward. Thanks everyone.
It may be the case that the DHCP server has invalid characters in option 15 "DNS Domain Name". If this is the case the DHCP Event log will be full of errors.
Hope this helps