DNS Scavenging not working properly

Discussion in 'DNS Server' started by Pete Jones, Mar 25, 2010.

  1. Pete Jones

    Pete Jones Guest

    I have used Scavenging in several environments before. I know about the
    common gotchas (Needs to be set on server AND zone, takes longer than you
    think) but I am still coming up short. Worse part, there are three of us
    scratching our heads over this.

    The zones are all AD-Integrated. The times are all set for 1 hour. We have
    isolated one DC in our lab (two actually, one parent.net one
    child.parent.net) and grabbed all the FSMO roles just in case the problem is
    somehow related to the AD part.

    DNS is logging Event 2502 every hour. Each zone is way past the "safety
    valve" time. I cannot get a 2501 to show on any zone. This has been tried on
    the three zones in the child domain and two zones in the parent. No records
    are being scavenged.

    Where should I be looking?
    --
    Pete Jones
     
    Pete Jones, Mar 25, 2010
    #1
    1. Advertising

  2. "Pete Jones" <> wrote in message news:...
    >I have used Scavenging in several environments before. I know about the
    > common gotchas (Needs to be set on server AND zone, takes longer than you
    > think) but I am still coming up short. Worse part, there are three of us
    > scratching our heads over this.
    >
    > The zones are all AD-Integrated. The times are all set for 1 hour. We have
    > isolated one DC in our lab (two actually, one parent.net one
    > child.parent.net) and grabbed all the FSMO roles just in case the problem is
    > somehow related to the AD part.
    >
    > DNS is logging Event 2502 every hour. Each zone is way past the "safety
    > valve" time. I cannot get a 2501 to show on any zone. This has been tried on
    > the three zones in the child domain and two zones in the parent. No records
    > are being scavenged.
    >
    > Where should I be looking?
    > --
    > Pete Jones
    >



    That depends on how soon you are were clicking on Scavenge Now. Check this link out:
    http://eventid.net/display.asp?eventid=2502&eventno=4171&source=DNS&phase=1


    Also, there's more to it, too, especially if using DHCP and possibly seeing dupe workstation/laptop records. I have a blog on scavenging that explains this and more. I hope you find it helpful.

    DHCP, Dynamic DNS Updates, Scavenging, static entries & timestamps, and the DnsProxyUpdate Group (How to remove duplicate DNS host records)
    http://msmvps.com/blogs/acefekay/ar...timestamps-and-the-dnsproxyupdate-group..aspx

    --
    Ace

    This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

    Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution.

    Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    If you feel this is an urgent issue and require immediate assistance, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.
     
    Ace Fekay [MVP-DS, MCT], Mar 27, 2010
    #2
    1. Advertising

  3. Pete Jones

    Pete Jones Guest

    The time is not an issue. This is squirly behaviour.

    On Friday before I left, I created 4 new zones. 2 on the parent.net and 2 on
    the child.parent.net All zones were Aging and Scavenging set, 1 hour times.
    The servers were set to scavenging on, 1 hour time.

    pritest.local
    aditest.local

    pritest.child.local
    aditest.child.local

    Each had two A records added. The records were called "scav" and "noscav".
    Scav had the timestamp set to 26/3 11:00 for all four zones.

    This morning 10:32am 29/3, I checked both servers. Only one zone is missing
    the Scav record. Pritest.local scavenged the record, 26/3 at 15:51. Two
    previous 2501 events did not remove the record.

    The two parent zones are now showing the "The zone can be scavenged after"
    times as 29/3 11:00. The two child zones show 26/3 12:00 (aditest.child.net)
    and 1/1/1601 00:00 (pritest.child.net)
    --
    Pete Jones



    "Ace Fekay [MVP-DS, MCT]" wrote:

    > "Pete Jones" <> wrote in message news:...
    > >I have used Scavenging in several environments before. I know about the
    > > common gotchas (Needs to be set on server AND zone, takes longer than you
    > > think) but I am still coming up short. Worse part, there are three of us
    > > scratching our heads over this.
    > >
    > > The zones are all AD-Integrated. The times are all set for 1 hour. We have
    > > isolated one DC in our lab (two actually, one parent.net one
    > > child.parent.net) and grabbed all the FSMO roles just in case the problem is
    > > somehow related to the AD part.
    > >
    > > DNS is logging Event 2502 every hour. Each zone is way past the "safety
    > > valve" time. I cannot get a 2501 to show on any zone. This has been tried on
    > > the three zones in the child domain and two zones in the parent. No records
    > > are being scavenged.
    > >
    > > Where should I be looking?
    > > --
    > > Pete Jones
    > >

    >
    >
    > That depends on how soon you are were clicking on Scavenge Now. Check this link out:
    > http://eventid.net/display.asp?eventid=2502&eventno=4171&source=DNS&phase=1
    >
    >
    > Also, there's more to it, too, especially if using DHCP and possibly seeing dupe workstation/laptop records. I have a blog on scavenging that explains this and more. I hope you find it helpful.
    >
    > DHCP, Dynamic DNS Updates, Scavenging, static entries & timestamps, and the DnsProxyUpdate Group (How to remove duplicate DNS host records)
    > http://msmvps.com/blogs/acefekay/ar...timestamps-and-the-dnsproxyupdate-group..aspx
    >
    > --
    > Ace
    >
    > This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.
    >
    > Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution.
    >
    > Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    > Microsoft Certified Trainer
    > Microsoft MVP - Directory Services
    >
    > If you feel this is an urgent issue and require immediate assistance, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.
    > .
    >
     
    Pete Jones, Mar 29, 2010
    #3
  4. "Pete Jones" <> wrote in message news:...
    > The time is not an issue. This is squirly behaviour.
    >
    > On Friday before I left, I created 4 new zones. 2 on the parent.net and 2 on
    > the child.parent.net All zones were Aging and Scavenging set, 1 hour times.
    > The servers were set to scavenging on, 1 hour time.
    >
    > pritest.local
    > aditest.local
    >
    > pritest.child.local
    > aditest.child.local
    >
    > Each had two A records added. The records were called "scav" and "noscav".
    > Scav had the timestamp set to 26/3 11:00 for all four zones.
    >
    > This morning 10:32am 29/3, I checked both servers. Only one zone is missing
    > the Scav record. Pritest.local scavenged the record, 26/3 at 15:51. Two
    > previous 2501 events did not remove the record.
    >
    > The two parent zones are now showing the "The zone can be scavenged after"
    > times as 29/3 11:00. The two child zones show 26/3 12:00 (aditest.child.net)
    > and 1/1/1601 00:00 (pritest.child.net)
    > --
    > Pete Jones
    >


    I believe you are skewing 'child' and 'parent' definitions in relation to the zones. If pritest.local, in your example, is the parent domain, then 'child.pritest.local' would be the child, not what you posted. Otherwise they are separate namespaces. Even with a child-parent, if there is no delegation, they are separate namespaces. If you set scavenging at the parent level in your example, it won't work at the child level, based on how you posted it and would be set separately at the other namespaces.

    Nonetheless, scavenging is not an exact science or process. After you get past the initial hurdle of instantiating it, it will eventually work fine.

    Ace
     
    Ace Fekay [MVP-DS, MCT], Mar 29, 2010
    #4
  5. Pete Jones

    Pete Jones Guest

    You misunderstand. The child/parent names are simply to differentiate between
    the test zones on the servers.

    pritest.child.local is the name of the test zone on the child server. It has
    no relation to any of the other zones. It could be named broken.dns.test and
    come out with the same results.

    The AD namespaces are parent.net and child.parent.net
    One DC exists for each. RDC is for parent.net ADC is for child.parent.net

    New zones were created to test the problem.

    pritest.local is a non-AD-integrated zone on RDC
    aditest.local is an AD-I zone on RDC

    pritest.child.local is a non-AD-integrated zone on ADC
    aditest.child.local is an AD-I zone on ADC

    The dns namespaces are not linked, and they are not meant to be. They are
    test zones only.

    2 servers, with two zones each. Only one server successfully scavenges, and
    only on one zone.

    This is broken behaviour, and I can't see why. I thought that if it was an
    AD problem, then the AD-I zones would both fail to scavenge, but both pritest
    zones would work.

    Only one zone being scavenged makes it a bigger mystery as to what is going
    on.
    --
    Pete Jones



    "Ace Fekay [MVP-DS, MCT]" wrote:

    > "Pete Jones" <> wrote in message news:...
    > > The time is not an issue. This is squirly behaviour.
    > >
    > > On Friday before I left, I created 4 new zones. 2 on the parent.net and 2 on
    > > the child.parent.net All zones were Aging and Scavenging set, 1 hour times.
    > > The servers were set to scavenging on, 1 hour time.
    > >
    > > pritest.local
    > > aditest.local
    > >
    > > pritest.child.local
    > > aditest.child.local
    > >
    > > Each had two A records added. The records were called "scav" and "noscav".
    > > Scav had the timestamp set to 26/3 11:00 for all four zones.
    > >
    > > This morning 10:32am 29/3, I checked both servers. Only one zone is missing
    > > the Scav record. Pritest.local scavenged the record, 26/3 at 15:51. Two
    > > previous 2501 events did not remove the record.
    > >
    > > The two parent zones are now showing the "The zone can be scavenged after"
    > > times as 29/3 11:00. The two child zones show 26/3 12:00 (aditest.child.net)
    > > and 1/1/1601 00:00 (pritest.child.net)
    > > --
    > > Pete Jones
    > >

    >
    > I believe you are skewing 'child' and 'parent' definitions in relation to the zones. If pritest.local, in your example, is the parent domain, then 'child.pritest.local' would be the child, not what you posted. Otherwise they are separate namespaces. Even with a child-parent, if there is no delegation, they are separate namespaces. If you set scavenging at the parent level in your example, it won't work at the child level, based on how you posted it and would be set separately at the other namespaces.
    >
    > Nonetheless, scavenging is not an exact science or process. After you get past the initial hurdle of instantiating it, it will eventually work fine.
    >
    > Ace
    > .
    >
     
    Pete Jones, Mar 29, 2010
    #5
  6. "Pete Jones" <> wrote in message news:...
    > You misunderstand. The child/parent names are simply to differentiate between
    > the test zones on the servers.
    >
    > pritest.child.local is the name of the test zone on the child server. It has
    > no relation to any of the other zones. It could be named broken.dns.test and
    > come out with the same results.


    I understood. I was commenting on the hierarchal names, and I did also say it doesn't matter whether you did it either way since they are still different namespaces (zones).

    >
    > The AD namespaces are parent.net and child.parent.net
    > One DC exists for each. RDC is for parent.net ADC is for child.parent.net
    >
    > New zones were created to test the problem.
    >
    > pritest.local is a non-AD-integrated zone on RDC
    > aditest.local is an AD-I zone on RDC
    >
    > pritest.child.local is a non-AD-integrated zone on ADC
    > aditest.child.local is an AD-I zone on ADC
    >
    > The dns namespaces are not linked, and they are not meant to be. They are
    > test zones only.


    I understood that... Sometimes I just have to comment on the naming convention used by folks posting. Many times it's a typo, in error, or being obfiscated when trying to tech support an issue and they've transposed it. Hence my reply.


    >
    > 2 servers, with two zones each. Only one server successfully scavenges, and
    > only on one zone.
    >
    > This is broken behaviour, and I can't see why. I thought that if it was an
    > AD problem, then the AD-I zones would both fail to scavenge, but both pritest
    > zones would work.
    >
    > Only one zone being scavenged makes it a bigger mystery as to what is going
    > on.
    > --
    > Pete Jones


    I can't tell what's going on. The best to my knowledge, if it was configured, it should just work. There is at least a week or two waiting period for it to fully kick in, too.

    Ace
     
    Ace Fekay [MVP-DS, MCT], Mar 29, 2010
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. David
    Replies:
    0
    Views:
    276
    David
    Apr 17, 2008
  2. Jerry
    Replies:
    9
    Views:
    342
    Jerry
    Jul 5, 2005
  3. Todd J Heron

    Re: DNS Scavenging not working

    Todd J Heron, Sep 21, 2005, in forum: DNS Server
    Replies:
    2
    Views:
    390
    Kevin D. Goodknecht Sr. [MVP]
    Sep 21, 2005
  4. Troy F.

    DNS scavenging and DNS Event ID 2502

    Troy F., Sep 26, 2007, in forum: DNS Server
    Replies:
    3
    Views:
    717
    Jorge Silva
    Sep 30, 2007
  5. David
    Replies:
    4
    Views:
    284
    Kevin D. Goodknecht Sr. [MVP]
    Apr 25, 2008
Loading...

Share This Page