DNS, DHCP, and DNS aging and scavenging

Discussion in 'DNS Server' started by Jerry, Jun 22, 2005.

  1. Jerry

    Jerry Guest

    Something seems amiss with my DNS servers.

    First of all, DHCP does not seem to be properly updating DNS records. The
    PTR records in the reverse lookup zone are correct, but the A records are
    not. I have a couple of laptops that travel between WAN sites (each has
    DHCP and DNS running on a single DC server). My most recent example
    occurred last week when one of the laptops went to Site B. The DHCP server
    assigned it an address, and the PTR record exists for the address and
    machine name, but there is no A record created. I have a feeling that it
    may have been working in the past. But I added DNS dynamic update
    credentials to my DHCP setup because I was getting Event ID 1056 and
    followed MS KB article 282001, and I wonder if this may be causing my new
    problem.

    Secondly, although I have turned on aging and scavenging, I must have done
    something incorrectly because I have several old (6 months and greater)
    records that were automatically created, are no longer used, but have not
    been removed. I have tried manually running "Scavenge stale resource
    records," but no records are removed.

    Thank you for any assistance,
    Jerry
     
    Jerry, Jun 22, 2005
    #1
    1. Advertisements

  2. In
    Probably one or both of these:
    If DHCP is not registering the forward records, you may not have configured
    option 015 with the domain name. Usually if this is the case, the DHCP
    registered PTR records have only the machinename instead of
    machinename.domain.com.
    The 1056 event tells me you have not configured a Win2k3 DHCP server with a
    dedicated user account for which to authenticate with DNS to register a
    secure update.
    Event ID 1056 Is Logged After Installing DHCP
    http://support.microsoft.com/default.aspx?scid=kb;en-us;Q282001

    If DHCP has not removed the PTR records it is likely caused by unplugging
    the network from the machine or doing an ungracful shutdown, without first
    releasing the address.


    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht Sr. [MVP], Jun 22, 2005
    #2
    1. Advertisements

  3. Jerry

    Jerry Guest

    Kevin,

    Thanks for your reply.
    The 015 option has been configured ever since I setup the DHCP server. The
    PTR records do have the domain.com appended to the name.
    The point I was making about event 1056 is that I did configure DHCP with a
    dedicated user account following the KB article you reference. I was
    speculating that may be part of the problem. It doesn't sound like it
    should be, though.
    In a previous post (6/16/05) by a writer named Linx about the same topic,
    you replied, "It is likely a permissions issue, does the zone only allow
    secure updates and is this Win2k or Win2k3? Is DHCP on a DC or member
    server?" However, there is no resolution in the thread. Where were you
    going with this line of questioning?
    The PTR records appear to be correct. The problem I'm having with records
    not being removed is in the A records, and Aging and Scavenging doesn't
    appear to be doing anything.

    Thanks again,
    Jerry
     
    Jerry, Jun 22, 2005
    #3
  4. In
    Give The user permission to create / delete child objects on the zone
    security tab.


    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht Sr. [MVP], Jun 22, 2005
    #4
  5. Jerry

    Jerry Guest

    Kevin,

    I haven't made this change yet. I've done some more reading, and I think
    there is a setting I missed. Because the date and time before scavenging
    can occur was moved back after my last attempt, I think I'll have to wait
    until the next date passes because I don't know how to reset it. I'll
    update the post then.

    Thanks again for your help,
    Jerry
     
    Jerry, Jun 29, 2005
    #5
  6. Hi Jerry,

    Do you mean you have set the time and date back to cause this issue? This
    really interesting. Please obseve it and post back if there is any founds.

    Thank you for your time!

    Best regards,

    Rebecca Chen

    MCSE2000 MCDBA CCNA


    Microsoft Online Partner Support
    Get Secure! - www.microsoft.com/security

    =====================================================

    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.

    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.

    --------------------
    <#>
     
    Rebecca Chen [MSFT], Jun 30, 2005
    #6
  7. Jerry

    Jerry Guest

    Rebecca,

    What I mean is that when I last tried to do a manual scavenge, the DNS
    server updates the date/time before the next scavenge can occur on the zone.
    I don't know how to change this time so I can attempt another scavenge.
    Certainly there must be a way. Any ideas?

    Thanks,
    Jerry

     
    Jerry, Jul 1, 2005
    #7
  8. Hi Jerry,

    Do you mean you have performed the following steps:

    On the DNS server, right click the DNS server and choose Scavenge stale
    resource records on July 4th, you then found all the record time stamps
    have changed to July 4th. Is it true?

    This is uncommon, technically speaking, the time stamp will not be changed
    after click Scavenge stale resource records as the following article has
    addressed, please pay attention to "Time stamping, based on the current
    date and time set at the server computer":

    Understanding aging and scavenging
    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Serve
    rHelp/92d228d2-4fe2-40b9-88a7-2a5a2bee8508.mspx

    In addition, as Herb has stated in another thread, enabling debug log will
    help to trace the issue. please refer to the initial reply of mine in
    thread "DNS Poisoning, pharming, pollution" to gather all the information
    and send it to for research.

    Thank you for your time!

    Best regards,

    Rebecca Chen

    MCSE2000 MCDBA CCNA


    Microsoft Online Partner Support
    Get Secure! - www.microsoft.com/security

    =====================================================

    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.

    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.

    --------------------
    <#>
    <>
    <#>
     
    Rebecca Chen [MSFT], Jul 4, 2005
    #8
  9. Jerry

    Jerry Guest

    Rebecca,

    After I ran a manual scavenge, I went to the properties of the zone and
    pressed the Aging button. In the window that opens, there is a box
    displaying the Date and Time for which "The zone can be scavenged after."
    This is the time that gets updated when I run a manual scavenge and is the
    time I don't know how to change if I want to try to run another scavenge
    soon.

    Also, please be aware that my other thread concerning DNS pollution is a
    seperate thread and not meant to be linked to this one at all.

    Regards,
    Jerry


     
    Jerry, Jul 5, 2005
    #9
  10. Jerry

    Jerry Guest

    After I wrote this, I ran another manual scavenge, and it worked. I still
    may have a problem with the DHCP clients not having A records added, though.
    I'll post back or start a new thread if that's the case.

    Jerry

     
    Jerry, Jul 5, 2005
    #10
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.