DNS Server not flushing Stale Records

-

i have 3  dc's active directory intergrated dns on them. have issues both forward , reverse lookup zones on both dns's server's.

i have security section complaining due poor name resolution because scavenging not happening. have set-up microsoft says open call them on year ago. ideas why have many records time stamp older month not scavenging.

i had microsoft ticket open year , half ago had me make these changes did not fix anything.  this had me change

scavenge setting made dns server

 

1.  scavenging should set 1 server (dc03 x.x.10.50). scavenging should turned off on second dns server (dc02 x.x.9.41). scavenging need turned on 31 days should 1 day longer dhcp lease.

 

2.  the following need done on dc03, x.x.10.50:

 

  a.  right click on server , click set aging , savaging on zones. make sure scavenge stale resource records checked. make sure no-refresh interval 15 days , refresh interval 16 days. (see below pic)

 

 

  b.  right click on server , click properties. make sure enable automatic scavenging of stale records checked. making scavenging period 1 days. (see below pic)

 

 

  c.  next right click on zone jtfb.local , click properties. click button aging , make sure no-refresh interval 15 days , refresh interval 16 days. (see 2 pics above).

 

 

  d.  now go second dns server (jtfb-dc02 172.17.9.41) , make sure these settings turned off.

 

the reasoning behind making sure turned off need scavenged on 1 server , replicate other server.

 

3.  scavenging must turned on reverse dns lookup zones. should done on (jtfb-dc03 172.17.10.50) also.  it must turned on every single zone.

 

  b. right click on first zone , click properties.

 

 

  c. click aging button on general tab. make sure scavenge stale resource records checked. make sure no-refresh interval 15 days , refresh interval 16 days. (see 1st pic)

hi defense backups,

thank posting in windows forum,

the design valid , suggestion provided microsoft valid, many customers forget turn on scavenging on zones , run problems. need set scavenging on both zone , server level taken care in scenario.

can test below command scavenge records

dnscmdservername/startscavenging

sainath !analyze


Windows Server  >  Platform Networking



Comments

Post a Comment

Popular posts from this blog

Motherboard replacement

-
running windows 10 technical preview, need replace motherboard can run the  sysprep  command restoring pc ? or there easier  or more preferred way ? thanks if replace motherboard within same family of chipsets (i.e. intel > intel or amd > amd), should okay restarting pc twice. carey frisch Windows 10 Insider Preview  >  Windows 10 Insider Preview General
Read more

Cannot create Full Text Search catalog after upgrading to V12 - Database is not fully started up or it is not in an ONLINE state

-
in order access new full text search capiblities of sql azure, upgraded our azure sql v12. (a day later), when try create new catalog: create fulltext catalog mycatalog default i following message: msg 9972, level 16, state 100, line 1 database not started or not in online state. try full-text ddl command again after database started , becomes online. hi scott, apologies inconvenience caused you. known issue on service side , fix going included in next update. specific case mitigated, should able use full-text search syntax now. thanks, mihaela Microsoft Azure  >  Azure SQL Database
Read more

Remote Desktop App - Error 0x207 or 0x607

-
hi all, i manage windows 2012 r2 network, including connection broker, session hosts , remote apps virtual servers.  i've used remote desktop app on own android phone, no issues @ - connects published gateway url , can login , access network. we looking move business onto nokia handsets ms operating system (currently on blackberry), not able connect via remote desktop app on nokia lumia handset. setup, per android config , brings remote apps , remote desktop screen, know can connect.  when select remote desktop, shows following process: initiating remote connection securing remote connection certificate can't verified - choose connect it digitally signed cert (digicert sha2), pc name different physical connection broker name (inherited domain name old gov project - can't publish publicly) initiating establishing securing connection error have been 0x207 getting 0x607 a bit baffled, work on android (and ipad @ home using app). assume ms use d...
Read more