Hello,
What actually this aging ang scavenging setting in AD integrated DNS do? I
have enabled it with default settings in our 2003 AD. In our network all
clients use DHCP to obtain ip settings. Now I have noticed that in the
reverse lookup zone there are duplicate entries for some clients/ip's which
might cause networking problems.
Thanks
William
Actually this happens in the forvard lookup zone as well. Also it seems that
old PC's long gone from network pop back up in the forward lookup zone.
Why??
"William Stokes" <will@operamail.com> kirjoitti
viestissä:eGWrzqllJHA.3876@TK2MSFTNGP02.phx.gbl...
> Hello,
>
> What actually this aging ang scavenging setting in AD integrated DNS do? I
> have enabled it with default settings in our 2003 AD. In our network all
> clients use DHCP to obtain ip settings. Now I have noticed that in the
> reverse lookup zone there are duplicate entries for some clients/ip's
> which might cause networking problems.
>
> Thanks
> William
>
In news:%23MNBBullJHA.4372@TK2MSFTNGP02.phx.gbl,
William Stokes <will@operamail.com>, posted the following:
> Actually this happens in the forvard lookup zone as well. Also it
> seems that old PC's long gone from network pop back up in the forward
> lookup zone. Why??
>
>
> "William Stokes" <will@operamail.com> kirjoitti
> viestissä:eGWrzqllJHA.3876@TK2MSFTNGP02.phx.gbl...
>> Hello,
>>
>> What actually this aging ang scavenging setting in AD integrated DNS
>> do? I have enabled it with default settings in our 2003 AD. In our
>> network all clients use DHCP to obtain ip settings. Now I have
>> noticed that in the reverse lookup zone there are duplicate entries
>> for some clients/ip's which might cause networking problems.
>>
>> Thanks
>> William
Hi William,
Here is some info on scavenging, how to set it and control it.
-------------------------------
DHCP on DNS, Scavenging and the DnsProxyUpdate Group:
--------------------------------------------
The entity that registers it owns the record. The nice thing about DHCP
owning the record is it will update it if DHCP gives the machine a new IP.
Otherwise you'll see multiples of the same in DNS whether scavenging is
enabled or not. I would force DHCP to own the record as well as enable
scavenging to keep it clean. To force DHCP to own the record, you will need
to do the following:
1. Add the DHCP server to the DnsUpdateProxy Group.
2. Force DHCP to register all records, Forward and PTR, (whether a client
machine can do it or not) in the Option 081 tab (DHCP properties, DNS tab).
3. Set Option 015 to the AD domain name (such as example.com).
4. Set Option 006 to only the internal DNS servers.
5. If the zone is set for Secure Updates Only, then DHCP cannot update
non-Microsoft clients and Microsoft clients that are not joined to the
domain. In this case, you will need to create and configure a user account
for use as credentials for DHCP to register such clients.
If your DHCP servers are Windows 2003 or WIndows 2008, Configure a
dedicated the user account you created as credentials in DHCP by going into
DHCP COnsole, DHCP server properties, and on the Advanced tab of the DHCP
Server
Properties sheet click the Credentials button, and provide this account
info.
The user account does not need any elevated rights, a normal user account
is fine, however I recommend using a Strong non-expiring password on the
account.
Once you implement scavenging, you will need to wait at least a week for it
to
take effect. You can quicken it up by manually deleting the incorrect
records to
get started.
But more importantly, if DHCP is on a DC, it will not overwrite the
original host record for a machine getting a new lease with an IP
formerly belonging to another. To overcome this, add the DHCP server
(the DC) to the DnsProxyUpdate group. This will force DHCP to own
all records it will create moving forward and will update an IP with
a new name in DNS.
If you set this, but when a record shows up in the DHCP Lease list with a
pen
(which means that a write is pending), it m ay mean it is trying to register
into a zone that does not exist on the DNS servers. This happens in cases
where
the client machine is not joined to the domain and has a missing or
different
suffix than the zone in DNS. It can only register into a zone that exists on
DNS and that zone updates have been configured to allow updates.
If this is the case, go into the client machine's IP properties, and
on the DNS tab in TCP/IP properties, clear the "Register this connection's
addresses in DNS" as well as the "Use this connection's DNS suffix in DNS
registration"
check boxes, the DHCP Server will fill these in for you and register using
the domain name in Option 015.
The following links provide additional information on how it all works.
How to configure DNS dynamic updates in Windows Server 2003.
http://support.microsoft.com/kb/816592
Using DNS Aging and ScavengingAging and scavenging of stale resource records
are features of Domain Name System (DNS) that are available when you deploy
your server with primary zones.
http://technet.microsoft.com/en-us/l.../cc757041.aspx
Microsoft Enterprise Networking Team : Don't be afraid of DNS ...Mar 19,
2008 ... DNS Scavenging is a great answer to a problem that has been nagging
everyone since RFC 2136 came out way back in 1997.
http://blogs.technet.com/networking/...e-patient.aspx
DHCP, DNS and the DNSUpdateProxy-Group - Directory Services/Active ...I had
a discussion in the Newsgroups lately about DHCP and the
DNSUpdateProxy-Group which is used to write unsecured DNS-Entries to a
DNS-Zone which only ...
http://msmvps.com/ulfbsimonweidner/a.../15/19325.aspx
And from Kevin Goodnecht:
Setting up DHCP for DNS registrations
http://support.wftx.us/setting_up_dh...s_registra.htm
--------------------------------------
I hope this helps.
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCT
Microsoft Certified Trainer
aceman@mvps.RemoveThisPart.org
For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Posting Permissions
Reply With Quote
Bookmarks