Glad to hear it. Thanks! :)
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Wright, T. MR
NSSB
Sent: Tuesday, June 28, 2005 2:17 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DNS Scavenging
Marcus,
That article is spot on. It cleared up all of my confusion.
Great Job!
Thanks,
-Tim
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Tuesday, June 28, 2005 12:37 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DNS Scavenging
Hey Tim, I wrote this a while back when I was trying to understand the
whole process. Might help you...
http://myitforum.techtarget.com/articles/16/view.asp?id=6287
:m:dsm:cci:mvp
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Wright, T. MR
NSSB
Sent: Tuesday, June 28, 2005 9:12 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DNS Scavenging
Ok, so if using the default DHCP lease time of 8 days, I should have
both the refresh and no-refresh set to 7 days. Once I identify my
static records and I manually age all of the records, I am still going
to have to wait at least 7 days for them to clean themselves up even if
I force scavenging correct?
Thanks,
-Tim
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge de
Sent: Tuesday, June 28, 2005 3:33 AM
To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org;
ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DNS Scavenging
Hi,
A quote:
##########
The refresh interval must be long enough to allow all servers that
maintain resource records to update their timestamps. Because the
Dynamic Host Configuration Protocol (DHCP) server is usually the last
server to update its records, you can monitor DHCP records to make sure
you have scheduled enough time for updates. If records are being
scavenged too soon, use the DNS console to set this value back to the
default value of one week (168 hours).
##########
The "rule":
At zone level AGING is default configured to prevent dynamic refreshes
of resource records the first 7 days of their existance. This prevents
unnecessary replication traffic because clients/servers update their
records all the time. The no-refresh interval by default is configured
to the same value of the refresh interval. It is best to keep these two
values the same. De second 7 days dynamic refreshes are allowed. The
refresh interval preferably has a value that is the same as the maximum
time possible, in normal circumstances, to refresh/update a record. The
latter applies to DHCP clients clients (see quote above). The DHCP lease
duration is by default the longest period, and the period within the
lease duration a client tries to update its lease is 87,5% of it.
In short:
no-refresh value = refresh value
refresh value = 87,5% DHCP lease duration
Cheers,
#JORGE#
________________________________
From: Wright, T. MR NSSB [mailto:[EMAIL PROTECTED]
Sent: Tue 6/28/2005 4:42 AM
To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DNS Scavenging
Thanks for your response. I have one more question, is the recommended
settings still one hour for no-refresh and 7 days for refresh? This is
what I initially had it set to but since it didn't appear to be working
I lowered the intervals. I think I will start by dumping the zone and
sorting out the static entries, I don't think there are too many so it
shouldn't be too difficult, I just wanted to be sure that I didn't miss
any. The zones that I am concerned with are all AD integrated, but
scavenging was turned on after the fact.
Thanks,
-Tim
________________________________
From: [EMAIL PROTECTED] on behalf of David Adner
Sent: Mon 6/27/2005 7:40 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] DNS Scavenging
First off, you need to be careful with such low no refresh/refresh
intervals since, for example, 2003 computers only refresh their records
every 24 hours (it initially refreshes faster, but it uses ever-widening
intervals until it reaches 24 hours).
For your primary concern, you can enable Advanced in the DNS console and
view the properties of your "old"
records. If you don't see a timestamp then they won't fall under the
scavenging rules. You can also use dnscmd.exe /zoneexport to dump the
entire zone(s) to a file. You'll see an [Age:#######] (Or maybe it's
Aging:) value for records with timestamps.
If your zone used to be a standard primary zone and you never had
scavenging enabled on it then any dynamically registered records into
that zone would have not received a timestamp. An AD integrated zone
with scavenging disabled will cause an initial timestamp to be recorded
for dynamically registered records but won't cause them to be refreshed
until scavenging is enabled.
As for easier ways to address your issue, I'm unaware of a solution that
doesn't require some leg work. You could dump the zone via dnscmd.exe
/zoneexport and see which don't have timestamps and from there figure
out which ones are supposed to be static and which ones aren't. This
will be simplified if you have a standard naming convention...
--- "Wright, T. MR NSSB" <[EMAIL PROTECTED]>
wrote:
> All,
> I am not 100% sure, but it appears that I may be having some
> issues with scavenging old records. I have a Win2003 domain with 5
> DC's running 2003 functional level. All of the DC's run DNS and on
> one of them I enabled scavening at the server level and configured all
> zones to have a no-refresh interval of 1 hour and a refresh interval
> of 8 hours.
> I did this a few weeks ago and many of the records still exist in DNS.
> I know for a fact that I have a few thousand workstations which have
> been off the network for more than 30 days.
> I think what I am seeing is the issue where the records that
> existed prior to me enabling scavenging won't get scaveneged. That
> said, I know I can manually age all of the records using the dnscmd,
> but this will take all of my statically created records with it.
> Are there any ways
> around this so that my static records don't get touched?
>
> Thanks,
>
> -Tim
>
>
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
This e-mail and any attachment is for authorised use by the intended
recipient(s) only. It may contain proprietary material, confidential
information and/or be subject to legal privilege. It should not be
copied, disclosed to, retained or used by, any other party. If you are
not an intended recipient then please promptly delete this e-mail and
any attachment and all copies and inform the sender. Thank you.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
