DNS/DHCP change related to DNS Scavenging

As I was working on DNS, and LANDesk agent pushes, I noticed that a lot of failure is happening, as I’m sure other failures are happening in other areas, like LANDesk Remote Control, and Mac reverse DNS lookups.

As I looked a bit further into the issue, I found that the DNS scavenging of stale records is not working correctly, which is leaving multiple forward and reverse lookup entries in DNS with the same IP assigned to multiple hosts.

The expiration of the records had been long gone, and yet these records wouldn’t get deleted.

After a lot of research, I resorted to calling Microsoft to get more information regarding DNS scavenging. I found out a few interesting facts about DNS, which triggered some changes that need to be made on our servers.

Scavenging in and of itself is a low priority thread, as designed by Microsoft. This means that if Scavenging is turned on, and is run on a server that is busy, or during business hours, it won’t run if there is another process that has higher priority, which is very likely on a production server. Unfortunately, Microsoft does not have a scheduling component for triggering scavenging of stale records, and the time by which this scavenging is determined is set by the time, scavenging it setup, and the DNS services restarted. For this reason, the changes that are in this article will need to be made off hours, maybe 10:00 or 11:00pm, when the server responsible for scavenging is not busy.

Some facts about scavenging:

In a nutshell, scavenging processes and DHCP lease time are directly interdependent. when a certain threshold is met which would cause an overlap between the two timeout, scavenging will plain stop doing anything it’s supposed to do. So without going  into extreme detail. Here’s how scavenging should be setup.

Currently, the DHCP lease time is setup to 8 days, we will be changing this to 4 days, as we have mobile users, and it doesn’t make sense to keep the lease for long all the time
 

 

There are options for the refresh and no refresh interval in the DNS server settings, as well as on each zone. If not setup on the DNS server level, then each zone needs to be configured individually for the scavenging of stale records. This setting does not trigger any deletion, it is merely a method that DNS uses to check the time stamp of the records, to determine whether to mark them as stale or not. The values of the  refresh and the no-refresh interval, added together should be greater than the DHCP lease level.

In addition, there is a setting that will actually trigger the deletion of stale records, which were marked by the running process  of scavenging for stale records. That process can be set for anytime that is greater than 24 hours.

 

 

 

Action items:

The settings that will be made are as follows:

• DHCP Lease time will be changed from 8 days to 4 days on all DHCP servers in the district
• No Refresh Interval will be set to 3
• Refresh Interval will be set to 2
• Automatic scavenging will be set to 1 day.

These DNS related changes will all be made on one main DNS server on each of the domains. Changes will replicate through AD integration.

In addition, a DNS hotfix will have to be installed on the DNS server: WindowsServer2003-KB970176-x86-ENU.exe. This will update dns.exe to the latest version which will help with some of the issues we are having.

Once this is installer, changes made, and server restarted, DNS should start removing stale entries as records hit their expiration dates.