DNS Scavenging [Archive] - Glock Talk
PDA

View Full Version : DNS Scavenging

MavsX
06-09-2010, 06:40
Anybody know anything about DNS Scavenging? We are having some real problems here at work with DNS being wrong. I've heard that if you botch it, it can really funk up active directory. So I'm hesitant to do anything. Any ideas?
Linux3
06-09-2010, 08:20
Did you see:
http://blogs.technet.com/b/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx

By the way the problem that MS refers to in RFC 2136 is only a problem with Windows servers. Kind of like they are asking for thanks for fixing their own problems.
MavsX
06-09-2010, 09:26
thanks L3 for the link. I'm going to start reviewing this and seeing what i can get done.
KevinFACE
06-10-2010, 10:43
AD and Exchange are HEAVILY reliant on DNS, if you screw it up.. you WILL have problems, flat out.. no ifs ands or buts.

I highly suggest you plan before acting.
KharToon
06-15-2010, 21:35
What are the symptoms of the problem?
MavsX
06-16-2010, 11:35
dns remembers everything. can't remote in to workstations sometimes because dns thinks the machines are in the wrong subnet, etc.
KharToon
06-16-2010, 12:58
dns remembers everything. can't remote in to workstations sometimes because dns thinks the machines are in the wrong subnet, etc.

Are you the windows admin? Is this happening from every workstation?

First thing I would check is that the dc is pointed to itself for DNS in tcp/ip

Then make sure that all networks that are in use are tied to an ad site.

Then clear the dns cache on the dns server

Then clear the cache on the workstations
RTmarc
06-16-2010, 13:16
Enable scavenging and set to 7 days. It's not as big of a deal as some people are trying to make it. Just make sure that your DCs and Exchange servers are using static IPs. If you feel so inclined, add static DNS entries for sensitive servers.
MavsX
06-16-2010, 13:24
for the most part our workstations stay put where they are supposed to be. all servers are statics. Sometimes i have to bring a computer into the tech bench which is in a different subnet that the workstation subnets. dns remembers all. Which, once i throw the new computer or whatever back into the original subnet then i have 2 entries for the same machine, and then i can't do anything remote wise to it.

i has helped to go into the dns lookup zones and manually delete the objects. But, it;s just a pain in the ass.

luckily most of our machines don;t move too much.