Why DNS Scavenging is not working?

Scavenging feature in DNS is one of the tricky features of DNS console. Although it is quite easy to understand the concepts and configuration of scavenging feature, I have seen many cases where stale records are not being scavenged due to a misconfiguration. 

In order to scavenge your records automatically, you must prepare the environment and configure the appropriate settings. These settings reside in both DNS and DHCP console. Firstly you need to make sure that you have configured the DHCP lease time properly. The default value for DHCP lease time is 8 days. You can configure it to your desired value but you need to keep this in mind that when you are configuring the DHCP lease time, you must configure the Refresh-interval and Non_Refresh interval based on the value of DHCP lease time. Let’s clarify this with an example.

Suppose that I have 12 days configured for my DHCP lease time, In that case if I seek to have scavenging configured properly, the sum of the Refresh Interval and No-Refresh Interval must be equal or less that DHCP lease time. Following configuration is a sample configuration:

  • DHCP lease time: 12 days
  • No Refresh Interval: 6 days
  • Refresh Interval : 6 days

After that make sure that the DHCP is properly configure to update DNS records in your DNS server. Something to keep in mind is that when you have Integrated Zones there is no need to configure DNS scavenging on ALL the domain controllers. You only enable on one of your servers and automatically all the stale records will be deleted. Thanks to our friend replication. 

So far we have configured the scavenging but it is not done yet! Yes, although you have enabled the DNS scavenging in one of your domain controllers, it is not enabled yet! Microsoft should have presented a separate tab or menu in order to configure all the settings related to DNS scavenging but unfortunately they must work on this aspect otherwise people will be lost messing around to find a single configuration. Anyways, for the final part enable the feature and wait for the scavenge period.

 

 

About Mahdi

Post Archive

Limit Active Directory user login to 1 session

Written By Mahdi Tehrani on Wednesday, 02 August 2017 10:21

The auditor of auditors: 'LepideAuditor Suite'

Written By Mahdi Tehrani on Tuesday, 23 May 2017 10:56

Protect your domain against WannaCry malware

Written By Mahdi Tehrani on Sunday, 14 May 2017 09:42

‘List Object Mode’ in Active Directory, a myth or future settings?

Written By Mahdi Tehrani on Thursday, 13 April 2017 08:47

Fix Group Policy error 1058

Written By Mahdi Tehrani on Saturday, 30 April 2016 09:32

Statistics

Map