4

I have 2 Server 2008 R2 domain controllers with a AD integrated DNS zone for the domain. Previously, scavenging was not enabled. I enabled scavenging a week ago and now that I am seeing old stale records go away, I am also noticing that about 80% of my DNS record timestamps arent updating properly.

From what I understand, the servers should update their own DNS records every 24 hours, but like I said, I have many that are over 24 hours old. If I log on to the server and reboot, or run ipconfig /registerdns, it will update the timestamp just fine. The computer account has full control in the security settings of its respective record.

One domain controller is also a DHCP server. I tried configuring it to update DNS, which is working for workstations that have DHCP addresses, but I do not think tha these updates work for servers that have static IPs. Any idea why these timestamps arent updating?

TonyD
  • 261
  • 3
  • 6
  • 15
  • Have you disabled the DHCP client service, by chance? – Shane Madden May 01 '12 at 17:22
  • No, the DHCP client service is still running on these servers despite the fact that they have static IPs. – TonyD May 01 '12 at 17:30
  • What's the no-refresh interval set to in your scavenging settings? And are the `modifyTimeStamp` or `whenChanged` attributes of the `dnsNode` objects getting updated (use ADSIEdit to check). – Shane Madden May 01 '12 at 18:02
  • Refresh and NoRefresh are both set to 7 days. I know how to use adsiedit, but where are the modifyTimeStamp and whenChanged objects? How do I check those? – TonyD May 01 '12 at 19:02
  • The objects for the DNS records are stored in either the normal directory partition (if the zone's in 2000-compatible replication mode), the DomainDNSZones partition (if the zone is set to replicate to all DNS servers in the domain), or the ForestDNSZones partition (if the zone is set to replicate to all DNS servers in the forest) -- you probably need to have ADSIEdit connect to the DNS partition. But since the no-refresh interval is set where it is, the lack of updates should be expected - see my answer. – Shane Madden May 01 '12 at 19:12

1 Answers1

3

Having a "No-refresh" interval configured to 7 days is intentionally blocking the periodic (24 hour) refresh by the client systems, until their record is at least 7 days old.

That configuration should be just fine - it just means that you shouldn't be worrying about a system failing to update until the timestamp on its record is over 8 days old.

In other words, don't stress about those timestamps; only stress about the refresh failing if scavenging actually kills a record for a system that's running.

Shane Madden
  • 114,520
  • 13
  • 181
  • 251