Re: DHCP/DNS questions.. couple weeks before going live and want to clear up a few concerns..
- From: "Ace Fekay [MVP]" <PleaseAskMe@xxxxxxxxxxxxxx>
- Date: Thu, 8 May 2008 23:27:01 -0400
In news:1CB02C5D-62CC-4D9F-80D6-DB82D5FAC3DB@xxxxxxxxxxxxx,
infinitiguy <derek@xxxxxxxx> typed:
Well, not exactly. Try 14 days. This is why you for DHCP clients,Right.. at 14 days a record would be able to be scavenged, but in
you need to add the DHCP server to the DnsUpdateProxy group.
DNS aging and scavenging simplified
http://searchwincomputing.techtarget.com/tip/0,289483,sid68_gci1040355,00.html
DNS when you set the "Enable automatic svaenging of stale records"
under the advanced tab of the server properties, that Scavenging
period of 7 days would mean that every 7 days scavenging would run
and clean out records that are 14 days old. Correct?
If ionaglobal.com isn't currently using aging and scavenging, I
should be able to turn it on, and age all records as of the day I
turned it on.. correct?
That is correct.
ok.. so I think I understand this now. The "Discard A and PTR record
No, because DHCP owns the record, or well, at least it should.
That's where the DnsUpdateProxy thing comes in play, along with
scavenging, as well as with FORCING DHCP to update both A and PTR
records. Normally the client will update the A record, and DHCP
will update the PTR. Forcing it will force DHCP to update both, and
adding it to the DnsProxyUpdate group will force DHCP to take
ownership of the record, and not the client.
when lease is deleted" option would be for when a client loses its
lease.. the client would effectively say "hey, im all done, go delete
me.." but since it's owned by DHCP.. and DHCP is a member of the
DnsProxyUpdate group.. scavenging should be able to grab it instead
of the DHCP server deleting the entry as a result of the lease being
deleted.. (or maybe it's the exact opposite)..
That's close enough. Because now DHCP owns both records, it will update it
with the new info.
I guess what this part boils down to is.. I'll just want to ensure
my DHCP servers are in the DnsProxyUpdate group because that'll force
all records to always be owned by the DHCP server and therefore, both
records should be able to be scavenged and I'll have a squeaky clean
DNS.
Yep!
ahh.. so option 081 is the whole dns tab.. tricky..
Option 081 is actually the DNS tab in DHCP properties.
Not really. It was the best place to put it because of all the configurable
options. Imagine this option in the options list. Too much to fit!
I was thinking about that.. I've used DNSCMD and netsh for my dhcp
You can use and batch a DNSCMD batch file for this task.
server for alot of the scope and test zone creations.. I guess the
reason why I felt compelled to do the removal of an ADI zone and do
the copy/paste was just it seemed safer.. I could see everything
that happened as opposed to just clicking go on a script and let it
run crazy.. with proper testing it should be fine... but there's
always those fears... I'll test that a little bit... maybe that
may be a better way to go then to mess with the already existing ADI
ionaglobal.com zone...
Well, possibly. If you make it a non AD integrated zone, I believe
DHCP cannot own the record, since there is no security ACL on the
zone with a Primary (non-AD Integrated) zone. When you put it back
in AD, I think it will reset the ACL to default. Never tried this.
You will need to test it.
When it resets the ACL to default.. who owns it? Would it
necesarrily matter if all I'm adding in are static entries? Once the
zone is ADI again.. clients will start to register with them via
DHCP. The zone ionaglobal.com already has a bunch of entries for
machines that registered due to their domain membership.. that are
dhcp clients.. but those already aren't owned by DHCP because our
DHCP server isn't a MSDHCP server, nor is it using the MSDNS
environment we have in place.
I don't believe, if I remember correctly, anyone owns it. So the record
sits.
The whole thing about record ownership only applies to MS DHCP.
You have to wait for replication if more than one DC, and
especially if using AD Sites (which most AD setups should be
using), which is default 3 hours, or 15 minutes at the lowest. If
not using Sites, then I can see why it did it in 5 minutes.
We are using sites.. most replication takes about 15 minutes. We
have 4 DC's here and 2 in Dublin.
I've been overly cautious and anal about this.. it's my first
As long as the zones don't have data in them, and follow how to
force DHCP to own all the records it puts in, you should be ok.
Just test it further so YOU are comfortable with it.
largescale project I've ever done within my organization that has
touched the entire organization... one of those things where if
something goes wrong.. everyone will notice :) eeek.
Sounds like you're doing good so far...
Ace
.
- References:
- DHCP/DNS questions.. couple weeks before going live and want to clear up a few concerns..
- From: infinitiguy
- Re: DHCP/DNS questions.. couple weeks before going live and want to clear up a few concerns..
- From: Ace Fekay [MVP]
- Re: DHCP/DNS questions.. couple weeks before going live and want to clear up a few concerns..
- From: infinitiguy
- Re: DHCP/DNS questions.. couple weeks before going live and want to clear up a few concerns..
- From: Ace Fekay [MVP]
- Re: DHCP/DNS questions.. couple weeks before going live and want to clear up a few concerns..
- From: infinitiguy
- DHCP/DNS questions.. couple weeks before going live and want to clear up a few concerns..
- Prev by Date: Re: Unexpected forwarded DNS query
- Next by Date: Re: Internal/External DNS
- Previous by thread: Re: DHCP/DNS questions.. couple weeks before going live and want to clear up a few concerns..
- Next by thread: resolve to the right address
- Index(es):
Relevant Pages
|
