DNS Scavenges valid RRs in AD-integrated Zone?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I'm running a DNS server with an AD-integrated zone, configured with secure
dynamic updates (on Windows Server 2003 DC). When browsing
the records in the zone, I see that there are records whose machines are
valid and still active but when you look at their time stamp, the date is a
few months old. We plan to enable scavenging (with the default parameters)
and are very concerned that once the scavenging starts, it sees these
records as
old and will start removing those valid records with old time stamp.

Could anyone address this concern? These valid records were NOT manually
added or modified. Theory says that these records should re-register (hence
updates the time stamp) every 24 hours, among other conditions. For some
reason, it does not appear to do so. Did I miss something?

Thanks for any reply on this ...
smo
 
Hi SMO,

Was the server updated from windows 2000 or has there been a change to the
dynamic update policy? While very short scavenging times can kill valid
records, it is uncommon for these not to be updating.

I am wondering if these were there before secure updates were enforced.

I would suggest identifying these and doing spot testing to verify behavior
before implementing scavenging.
 
Hi Ryan,
Thanks for the reply. The DNS server (also a DC) was upgraded from Windows
2000 to Windows Server 2003. It's possible that the records were there
before secure updates were enforced (I inherited the systems). There are
thousands of records on our DNS with multiple zones, and there is no easy way
to get the time stamp out of each record to determine the age of each records
I used dnscmd command (with /EnumRecords option) to get this time stamp
information, but still it's a huge undertaking to get the one to one map of
each host name, IP address, and its corresponding time stamp.

BTW, I believe the scavenging would remove both A record and its
corresponding PTR record?

smo
 
BTW, I believe the scavenging would remove both A record and its
corresponding PTR record?
Click to expand...

This'll depend on the TTL and the no refresh/ refresh intervals, and who is
updating what, e.g. DHCP server doing the PTR and the client doing the A.
 
Back
Top