DHCP and DNS Aging & Scavenging Configuration

34 views
Skip to first unread message

Max Coder

unread,
Aug 19, 2025, 10:16:50 AMAug 19
to ntsysadmin
Hi,

We have two DHCP servers.

e.g  DHCP01  : 200 Scope DHCP Lease : 8 days  , 1 Scope DHCP Lease infinite  4 Scope DHCP Lease 1 days , 3 Scope DHCP Lease 2 days , 3 Scope DHCP Lease 3 days , 2 Scope DHCP Lease 4 days

DHCP02 : 40 Scope DHCP Lease : 8 days

already setting DHCP Failover Hot-standby

DHCP DNS settings - Enable dns dynamic updates on if requested by dhcp clients
The servers  manually IP assigned have timestamps. (timestamp is not STATIC)
The clients auto IP assigned (via DHCP server) have timestamps. 



My questions are :


1 - what happens to all other dynamic records?

_msdsc, _services, _sites, _tcp, _udp, DomainDnsZones, ForestDnsZones etc.

Are these records deleted when scavenging is executed?


2 - i have multiple DHCP scopes with different lease periods? (ranging from 1 days to 8 days and one scope infinite lease)
What should my DNS scavenging – refresh – non-refresh times be set to?

3 - I have a lot of DCs (DNS servers) in different locations/AD sites.
should you only configure one server for scavenging? which server should I choose to perform scavenging?
Should DC/DNS have the FSMO role?

4 - Do I have to make all these A records static?  Some articles on the internet say to make them static. To be honest, I'm a bit confused here. Why is it necessary to make them static on the servers? What is the logic behind this? After all,  the servers already update their DNS every 24 hours.
Or do I have to make critical records such as exchange servers static?


5 - My main concern is how laptops will behave if they are offline (from the domain or physically off in a closet/at home) during the scavenging time.
 My work place has many remote hires and users with laptops traveling in many continents.
Essentially, many users are remote and VPN.

Wright, John M

unread,
Aug 19, 2025, 10:52:08 AMAug 19
to ntsys...@googlegroups.com

I can’t answer all those questions.  But I’ll tell you what we do in our shop.

 

DNS scavenging vs. DHCP leases:  When I came into my current role, I noticed a problem with machines appearing offline when they were online, because of mismatch between retention of DNS records vs. DHCP.  I currently have our leases set to 8 hours with scavenging at 3 days.  Not sure if this is the best but it works for our environment.

 

Static A records:  The only time I set static A records is for endpoints that have static IPs.

 

Endpoints offline during scavenging time:  My experience has been that if a PC has been offline for a while, it picks up an IP address and gets a new DNS record right away.  Mind, this is with our 8 hr vs. 3 day setup.  For example, I pull a PC and boot it up.  I ping it but it doesn’t respond.  I run ipconfig /flushdns and ping it again.  Then it responds.

 

As far as VPN users, I haven’t seen any issues, though we might have to compare notes on configuration to be sure it would be the same for you.  I can only tell you that resolution works without trouble for us.

 

DNS scavenging on multiple DNS servers:  I’ve only had to set it on one server for a site/domain.  It was replicated to the other.

 

--

John Wright

IT Support Specialist

1800 Old Bluegrass Avenue, Louisville, KY 40215

502.708.9953

Please submit IT requests to Hazelwoo...@bluegrass.org

24 Hour Helpline 1.800.928.8000

  

CONFIDENTIALITY NOTICE: This message contains confidential information and is intended only for the individual(s) addressed in the message. If you are not the named addressee, you should not disseminate, distribute, or copy this e-mail. If you are not the intended recipient, you are notified that disclosing, distributing, or copying this e-mail is strictly prohibited.

 

From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> On Behalf Of Max Coder
Sent: Tuesday, August 19, 2025 10:17 AM
To: ntsysadmin <ntsys...@googlegroups.com>
Subject: [ntsysadmin] DHCP and DNS Aging & Scavenging Configuration

 

EXTERNAL EMAIL - This email was sent by a person from outside your organization. Exercise caution when clicking links, opening attachments or taking further action, before validating its authenticity.

Secured by Check Point

--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/6fdcabf1-1ee6-4ff4-8556-299b22edfecfn%40googlegroups.com.

Kurt Buff

unread,
Aug 19, 2025, 11:31:13 AMAug 19
to ntsys...@googlegroups.com
This should answer some of your question:

This line from the article is really important:
"Make sure that only one DNS server has scavenging configured to avoid conflicts between servers."

This is another good article:

And this guy is the boss of DNS/DHCP - this is just one of his articles on this topic:

Two things to note:
- DCs always have static records - they set them up themselves.
- The only static A records you should use are for things that have manually configured addresses that don't self-register in ADDNS, that is, networking equipment such as switches, WAPs, routers, etc.

Windows machines will self-register their DNS addresses when joined to a domain. Even though you probably set the addresses of Windows servers manually, they will update DNS, and are the owner of their own DNS records.
Windows workstations will normally get their addresses via DHCP, and the DHCP server can (IMHO should) be configured to generate the DNS records, and it will be the service account that is used by the DHCP server to register the records that owns them.

For machines using the VPN that might be offline for a long time, your VPN solution should use DHCP to give them an address, if not directly then by communicating with a Windows DHCP server in your environment..

Kurt

--
Reply all
Reply to author
Forward
0 new messages