DNS Scavenging not working properly

Discussion in 'DNS Server' started by Pete Jones, Mar 25, 2010.

  1. Pete Jones

    Pete Jones Guest

    I have used Scavenging in several environments before. I know about the
    common gotchas (Needs to be set on server AND zone, takes longer than you
    think) but I am still coming up short. Worse part, there are three of us
    scratching our heads over this.

    The zones are all AD-Integrated. The times are all set for 1 hour. We have
    isolated one DC in our lab (two actually, one parent.net one
    child.parent.net) and grabbed all the FSMO roles just in case the problem is
    somehow related to the AD part.

    DNS is logging Event 2502 every hour. Each zone is way past the "safety
    valve" time. I cannot get a 2501 to show on any zone. This has been tried on
    the three zones in the child domain and two zones in the parent. No records
    are being scavenged.

    Where should I be looking?
    Pete Jones, Mar 25, 2010
    1. Advertisements

  2. That depends on how soon you are were clicking on Scavenge Now. Check this link out:

    Also, there's more to it, too, especially if using DHCP and possibly seeing dupe workstation/laptop records. I have a blog on scavenging that explains this and more. I hope you find it helpful.

    DHCP, Dynamic DNS Updates, Scavenging, static entries & timestamps, and the DnsProxyUpdate Group (How to remove duplicate DNS host records)


    This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

    Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution.

    Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    If you feel this is an urgent issue and require immediate assistance, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.
    Ace Fekay [MVP-DS, MCT], Mar 27, 2010
    1. Advertisements

  3. Pete Jones

    Pete Jones Guest

    The time is not an issue. This is squirly behaviour.

    On Friday before I left, I created 4 new zones. 2 on the parent.net and 2 on
    the child.parent.net All zones were Aging and Scavenging set, 1 hour times.
    The servers were set to scavenging on, 1 hour time.



    Each had two A records added. The records were called "scav" and "noscav".
    Scav had the timestamp set to 26/3 11:00 for all four zones.

    This morning 10:32am 29/3, I checked both servers. Only one zone is missing
    the Scav record. Pritest.local scavenged the record, 26/3 at 15:51. Two
    previous 2501 events did not remove the record.

    The two parent zones are now showing the "The zone can be scavenged after"
    times as 29/3 11:00. The two child zones show 26/3 12:00 (aditest.child.net)
    and 1/1/1601 00:00 (pritest.child.net)
    Pete Jones, Mar 29, 2010
  4. I believe you are skewing 'child' and 'parent' definitions in relation to the zones. If pritest.local, in your example, is the parent domain, then 'child.pritest.local' would be the child, not what you posted. Otherwise they are separate namespaces. Even with a child-parent, if there is no delegation, they are separate namespaces. If you set scavenging at the parent level in your example, it won't work at the child level, based on how you posted it and would be set separately at the other namespaces.

    Nonetheless, scavenging is not an exact science or process. After you get past the initial hurdle of instantiating it, it will eventually work fine.

    Ace Fekay [MVP-DS, MCT], Mar 29, 2010
  5. Pete Jones

    Pete Jones Guest

    You misunderstand. The child/parent names are simply to differentiate between
    the test zones on the servers.

    pritest.child.local is the name of the test zone on the child server. It has
    no relation to any of the other zones. It could be named broken.dns.test and
    come out with the same results.

    The AD namespaces are parent.net and child.parent.net
    One DC exists for each. RDC is for parent.net ADC is for child.parent.net

    New zones were created to test the problem.

    pritest.local is a non-AD-integrated zone on RDC
    aditest.local is an AD-I zone on RDC

    pritest.child.local is a non-AD-integrated zone on ADC
    aditest.child.local is an AD-I zone on ADC

    The dns namespaces are not linked, and they are not meant to be. They are
    test zones only.

    2 servers, with two zones each. Only one server successfully scavenges, and
    only on one zone.

    This is broken behaviour, and I can't see why. I thought that if it was an
    AD problem, then the AD-I zones would both fail to scavenge, but both pritest
    zones would work.

    Only one zone being scavenged makes it a bigger mystery as to what is going
    Pete Jones, Mar 29, 2010
  6. I understood. I was commenting on the hierarchal names, and I did also say it doesn't matter whether you did it either way since they are still different namespaces (zones).
    I understood that... Sometimes I just have to comment on the naming convention used by folks posting. Many times it's a typo, in error, or being obfiscated when trying to tech support an issue and they've transposed it. Hence my reply.

    I can't tell what's going on. The best to my knowledge, if it was configured, it should just work. There is at least a week or two waiting period for it to fully kick in, too.

    Ace Fekay [MVP-DS, MCT], Mar 29, 2010
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.