Hi, A quote: ########## The refresh interval must be long enough to allow all servers that maintain resource records to update their timestamps. Because the Dynamic Host Configuration Protocol (DHCP) server is usually the last server to update its records, you can monitor DHCP records to make sure you have scheduled enough time for updates. If records are being scavenged too soon, use the DNS console to set this value back to the default value of one week (168 hours). ########## The "rule": At zone level AGING is default configured to prevent dynamic refreshes of resource records the first 7 days of their existance. This prevents unnecessary replication traffic because clients/servers update their records all the time. The no-refresh interval by default is configured to the same value of the refresh interval. It is best to keep these two values the same. De second 7 days dynamic refreshes are allowed. The refresh interval preferably has a value that is the same as the maximum time possible, in normal circumstances, to refresh/update a record. The latter applies to DHCP clients clients (see quote above). The DHCP lease duration is by default the longest period, and the period within the lease duration a client tries to update its lease is 87,5% of it. In short: no-refresh value = refresh value refresh value = 87,5% DHCP lease duration Cheers, #JORGE#
________________________________ From: Wright, T. MR NSSB [mailto:[EMAIL PROTECTED] Sent: Tue 6/28/2005 4:42 AM To: [email protected]; [email protected] Subject: RE: [ActiveDir] DNS Scavenging Thanks for your response. I have one more question, is the recommended settings still one hour for no-refresh and 7 days for refresh? This is what I initially had it set to but since it didn't appear to be working I lowered the intervals. I think I will start by dumping the zone and sorting out the static entries, I don't think there are too many so it shouldn't be too difficult, I just wanted to be sure that I didn't miss any. The zones that I am concerned with are all AD integrated, but scavenging was turned on after the fact. Thanks, -Tim ________________________________ From: [EMAIL PROTECTED] on behalf of David Adner Sent: Mon 6/27/2005 7:40 PM To: [email protected] Subject: Re: [ActiveDir] DNS Scavenging First off, you need to be careful with such low no refresh/refresh intervals since, for example, 2003 computers only refresh their records every 24 hours (it initially refreshes faster, but it uses ever-widening intervals until it reaches 24 hours). For your primary concern, you can enable Advanced in the DNS console and view the properties of your "old" records. If you don't see a timestamp then they won't fall under the scavenging rules. You can also use dnscmd.exe /zoneexport to dump the entire zone(s) to a file. You'll see an [Age:#######] (Or maybe it's Aging:) value for records with timestamps. If your zone used to be a standard primary zone and you never had scavenging enabled on it then any dynamically registered records into that zone would have not received a timestamp. An AD integrated zone with scavenging disabled will cause an initial timestamp to be recorded for dynamically registered records but won't cause them to be refreshed until scavenging is enabled. As for easier ways to address your issue, I'm unaware of a solution that doesn't require some leg work. You could dump the zone via dnscmd.exe /zoneexport and see which don't have timestamps and from there figure out which ones are supposed to be static and which ones aren't. This will be simplified if you have a standard naming convention... --- "Wright, T. MR NSSB" <[EMAIL PROTECTED]> wrote: > All, > I am not 100% sure, but it appears that I may be > having some issues > with scavenging old records. I have a Win2003 > domain with 5 DC's > running 2003 functional level. All of the DC's run > DNS and on one of > them I enabled scavening at the server level and > configured all zones to > have a no-refresh interval of 1 hour and a refresh > interval of 8 hours. > I did this a few weeks ago and many of the records > still exist in DNS. > I know for a fact that I have a few thousand > workstations which have > been off the network for more than 30 days. > I think what I am seeing is the issue where the > records that existed > prior to me enabling scavenging won't get > scaveneged. That said, I know > I can manually age all of the records using the > dnscmd, but this will > take all of my statically created records with it. > Are there any ways > around this so that my static records don't get > touched? > > Thanks, > > -Tim > > > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
