Scavenging question...

Discussion in 'DNS Server' started by Linn Kubler, Apr 19, 2010.

  1. Linn Kubler

    Linn Kubler Guest


    Windows Server 2003, sp2. I noticed last week that I have several A Host
    records for the same IP address but different computers. I thought if I
    turned on scavenging that it would clear this up. So I configured it as
    best I could, having never done it before, and it said that records could be
    scavenged after 4pm today. Well it's after 4pm and nothing has changed and
    now it says they can be scavenged after 5pm.

    Ok, what did I miss?

    At the forward zone in properties I turned on "Scavenge stale resource
    records" and left the defaults, 7 days. I repeated the same settings for
    the reverse lookup and in the server properties I turned on "Enable
    automatic scavenging of stale records" and it is set for 7 days.

    Thanks in advance,
    Linn Kubler, Apr 19, 2010
    1. Advertisements

  2. Hello Lin,

    When setting this all up, you will also need to configure the DHCP
    server to "own" the records.

    By default, a Windows 2000 or newer machine set as a DHCP client will
    request DHCP to allow the machine itself to register its own A record,
    but DHCP will register its PTR (reverse entry) record.

    So what's going on here is DHCP doesn't own the record, the client
    does. However, the client won't update it.

    By setting DHCP to 'force update everything whether the client can or
    not' as well as setting DHCP to own the record, as well as scavenging,
    should keep everything clean. However, to speed up the process, I
    would delete the old records manually.

    Read my blog at the following link for more specifics and a better

    DHCP, Dynamic DNS Updates , Scavenging, static entries & timestamps,
    and the DnsProxyUpdate Group:


    This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

    Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution.

    Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    If you feel this is an urgent issue and require immediate assistance, please contact Microsoft PSS directly. Please check for regional support phone numbers.
    Ace Fekay [MVP - Directory Services], Apr 20, 2010
    1. Advertisements

  3. Linn Kubler

    Linn Kubler Guest


    Nice little blog there, very helpful. Think I have it setup correctly now
    and am already seeing improvement in my DNS mess. I am curious though, as
    Jeane asked in a post on your blog, what is different about Windows Server
    2008 DHCP and DNS? Do they configure the same 2003? We are contemplating
    upgrading our domain to 2008 this year.

    Thanks for the help,
    Linn Kubler, Apr 20, 2010
  4. Thanks for the plug, Linn. I haven't visited my blog to see Jeanne's
    question. I'll respond shortly. And yes, they are similar if not the
    same. Dynamic DNS registration works the same. Setting scavenging,
    credentials, etc. I have 2008 R2 running at one customer's as well as
    at home configured the same way. Works nicely. :)

    Ace Fekay [MVP - Directory Services, MCT], Apr 21, 2010
  5. Linn Kubler

    Linn Kubler Guest

    Ok, this seems to be working but not quite as I would expect, maybe I have
    something set wrong in my DHCP. I'm still seeing some IP addresses assigned
    to different computers in DNS.

    Looking at the DNS records I see the following on two computers with the
    same IP address:
    One is a test computer I haven't used in a week, maybe two. It's properties
    Update associated pointer(ptr) record = on
    Delete this record when it becomes stale = on
    Record time stamp = 4/08/2010 3:00PM
    Time to live (TTL) = 0:0:20:0

    The other computer with the same IP address, #433
    Update associated pointer(ptr) record = on
    Delete this record when it becomes stale = on
    Record time stamp = 4/21/2010 12:00PM
    Time to live (TTL) = 0:0:20:0

    And another pair: one #563 reads:
    Update associated pointer(ptr) record = on
    Delete this record when it becomes stale = on
    Record time stamp = 4/21/2010 12:00PM
    Time to live (TTL) = 0:0:20:0

    And #557 reads:
    Update associated pointer(ptr) record = on
    Delete this record when it becomes stale = on
    Record time stamp = 4/20/2010 9:00AM
    Time to live (TTL) = 0:0:20:0

    If I understand correctly the Record time stamp is the time and date when
    the computer received the IP address from DHCP or the time and date the A
    Record was created, right? That would suggest to me that I should probably
    extend the TTL.

    Any suggestions?

    Linn Kubler, Apr 22, 2010
  6. Linn Kubler

    Chris Dent Guest

    If you used the default values for No-Refresh and Refresh this record
    will be available for Scavenging on 22nd April (today) at 3pm. If a
    Scavenging cycle runs after that time the record will be removed.
    We can conclude from this that either:

    1. You have more than one DHCP server updating DNS
    2. You have a very short DHCP lease time
    The TTL is the Time To Live, it's how long a record is cached for when a
    system requests it. It has no impact on Aging / Scavenging at all.
    You need to consider your DHCP Lease time when setting the No-Refresh
    and Refresh intervals.

    Ideally you want the Refresh Interval to match up with the Renewal
    Interval (50% of the lease), and you want the total of No-Refresh and
    Refresh to match up to the DHCP lease duration.

    However, regardless of the lease you should never set Refresh less than
    24 hours. Doing so will make records created by clients with static IP
    addresses available to Scavenging.

    Chris Dent, Apr 22, 2010
  7. Chris, I couldn't have said it better!

    Linn, I usually just keep the Scavenging default of 7 days, and the
    DHCP default of 8 days. It works fine. Previous records have to be
    deleted manuall, unless you want to wait until the next scavenge

    There is a link in my blog that I think you should read a little
    closer. It shows a graphic on how Scavenging and the cycles work.
    Scroll down in the link towards the bottom. The graph is based on a 3
    day Scavenging setting. Extrapolate that for a 7 day cycle (the

    Ace Fekay [MVP - Directory Services, MCT], Apr 22, 2010
  8. Linn Kubler

    Linn Kubler Guest

    Hi Chris,

    You are correct, we do have two DHCP servers running, this is because we had
    a failure of a DHCP server one time and it caused a number of problems so
    management told me to make sure it didn't happen again. Best thing I could
    think of at the time was to run two servers and split the address range
    between them. Now that I compare them I see a couple of discrepencies that
    I didn't realized before, not sure why they aren't matching. Here are the
    settings of the two scopes.

    DHCP Server 1:
    Start IP: x.x.1.100
    End IP: x.x.1.169
    Lease duration limited to: 8 Days
    Enable DNS dynamic updates = enabled, Always dynamically update DNS A and
    PTR records.
    Discard A and PTR records when lease is deleted = enabled
    Dynamically update DNS A and PTR records for DHCP clients that do not
    request updates = enabled.

    DHCP Server 2:
    Start IP: x.x.1.170
    End IP: x.x.1.253
    Lease duration limited to: 5 Hours
    Enable DNS dynamic updates = enabled, Dynamically update DNS A and PTR
    records only if requested by the DHCP client.
    Discard A and PTR records when lease is deleted = enabled
    Dynamically update DNS A and PTR records for DHCP clients that do not
    request updates = disabled.

    My scavenge cycles are the defaults, 7 Days. Guess I'm a little confused
    right now as to which server is configured more correctly. But I'm pretty
    sure they should be configured the same.

    On the DNS serves:
    Refresh interval is 15 minutes
    Retry interval is 10 minutes
    Exipres after is 1 day
    Minimum (default) TTL is 1 hour

    I think I see what you mean, a number of my static IP address A records are
    now marked for deletion when stale when yesterday I disabled all of them.
    I'm re-reading Ace's blog but getting a lot of interuptions today so the
    self-training process is going slow.

    I welcome suggestions of anything I should change to make this system more
    efficient and precise.

    Linn Kubler, Apr 22, 2010
  9. Linn Kubler

    Chris Dent Guest

    If you can increase the lease time on the second DHCP server to match
    the first it would help a lot.

    At the moment a lease will be flushed and can be given to someone else,
    creating a duplicate in DNS. DNS will be holding onto the records it
    created for a minumum of 14 days (No-Refresh + Refresh) so the
    duplicates won't be removed for far too long.

    You'll get the same effect a little with an 8 day lease vs 14 day aging,
    but it won't be anywhere near as severe.

    If it were mine I, and if the network doesn't move around a lot I'd set:

    DHCP Lease: 16 days
    No-Refresh: 8 days
    Refresh: 8 days

    And I'd set the Automatic Scavenging Interval (DNS Server Properties /
    Advanced) to 1 day.
    You're looking at the Start of Authority there. Those have very
    different meanings to the values we're using for Scavenging. Stick to
    the contents of the Aging button at this stage, those values are the
    interesting ones.

    Ace already covered setting credentials for both your DHCP servers I think?

    Chris Dent, Apr 22, 2010

  10. Yes, I have, especially in my blog, however..... the problem with
    credentials and two DHCP servers, is if one registered the record, it
    will still update the DHCP client's record ONLY if the DHCP client
    gets an address from that DHCP server. If the DHCP client is offline
    past the lease period of that DHCP server, then it will send out a
    DORA for a fresh lease, and if it happens the other DHCP server
    responds first, and then registers the record, it can't update the
    record because the *other* DHCP servers owns that record.

    I've seen this happen before. Not much you can do about it.

    My suggestion is to stick to one DHCP, and all is well. :)

    Ace Fekay [MVP - Directory Services, MCT], Apr 23, 2010
  11. Linn Kubler

    Chris Dent Guest

    Hmm that's not fun at all.

    I've been letting clients update directly for the last few networks.
    Mainly because of a mixture including non-MS DHCP servers, but still,
    it's nice and reliable :)

    Chris Dent, Apr 23, 2010
  12. I know what you mean, but with scavenging and credentials, multiple
    DHCPs get to be a bit challenging.


    Ace Fekay [MVP - Directory Services, MCT], Apr 23, 2010
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.