| Author | Messages | |
jfigueroa
Posts:16
 | | 09/30/2005 8:37 AM |
| I am seeing more duplicate PTR records in our DNS reverse zones than I'd
like. Our DHCP lease is 8 days, the zones are AD integrated. I've been
down the DNSUpdateProxy group road, etc. So I believe the records are
duplicates because they are not scavenged in time, not because of
security rights to update the record or delete it.
Our scavenging per zone is set to 7 days for the no-refresh interval and
7 days for the refresh interval. I went by the formula that the refresh
interval should be 87.5% of the lease time, I'm just not sure about the
"no-refresh" interval.
I found this paragraph in a support document that I don't understand:
"After the record is refreshed, it cannot be refreshed again for the
interval
specified by the no-refresh interval. The no-refresh interval, a zone
parameter, prevents unnecessary Active Directory replication traffic.
However, the record can still be updated during the no-refresh interval.
If
a dynamic update request requires modification to a record, the request
is
considered an update. If the request requires no modifications, it is
considered a refresh. Therefore, prerequisite-only updates, updates that
include a list of prerequisites but no zone changes, are also considered
refreshes. "
If the goal is to get rid of addresses as soon as they are truly stale,
then that would be right after the lease expires?
In my scenario, should the "no-refresh" interval be (1) and the refresh
(7)?. In a 2003 AD/DNS environment, how much replication traffic is this
going to be?
Thanks
Johnny Figueroa
Enterprise Network Consultant/Integrator
Network Services Banner Health Voice (602)
495-4195 Fax (602) 495-4406
WARNING: This message, and any attachments, are intended only for the
use of the individual or entity to which it is addressed and may contain
information that is privileged, confidential and exempt from disclosure
under applicable law. If the reader of this message is not the intended
recipient or employee/agent responsible for delivering the message to
the intended recipient, you are hereby notified that any dissemination,
distribution or copying of the communication is strictly prohibited. If
you receive this communication in error, please notify us immediately
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| jfigueroa
Posts:16
| | 09/30/2005 5:15 AM |
| Thank you, great article
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Almeida Pinto,
Jorge de
Sent: Friday, September 30, 2005 1:42 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] DNS Aging and Scavenging
Take a look at an article written by Marcus
http://myitforum.techtarget.com/articles/16/print_view.asp?id=6287
Cheers,
Jorge
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Figueroa,
Johnny
Sent: Friday, September 30, 2005 10:35
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] DNS Aging and Scavenging
I am seeing more duplicate PTR records in our DNS reverse zones than I'd
like. Our DHCP lease is 8 days, the zones are AD integrated. I've been
down the DNSUpdateProxy group road, etc. So I believe the records are
duplicates because they are not scavenged in time, not because of
security rights to update the record or delete it.
Our scavenging per zone is set to 7 days for the no-refresh interval and
7 days for the refresh interval. I went by the formula that the refresh
interval should be 87.5% of the lease time, I'm just not sure about the
"no-refresh" interval.
I found this paragraph in a support document that I don't understand:
"After the record is refreshed, it cannot be refreshed again for the
interval specified by the no-refresh interval. The no-refresh interval,
a zone parameter, prevents unnecessary Active Directory replication
traffic.
However, the record can still be updated during the no-refresh interval.
If
a dynamic update request requires modification to a record, the request
is considered an update. If the request requires no modifications, it is
considered a refresh. Therefore, prerequisite-only updates, updates that
include a list of prerequisites but no zone changes, are also considered
refreshes. "
If the goal is to get rid of addresses as soon as they are truly stale,
then that would be right after the lease expires?
In my scenario, should the "no-refresh" interval be (1) and the refresh
(7)?. In a 2003 AD/DNS environment, how much replication traffic is this
going to be?
Thanks
Johnny Figueroa
Enterprise Network Consultant/Integrator Network Services Banner Health
Voice (602)
495-4195 Fax (602) 495-4406
WARNING: This message, and any attachments, are intended only for the
use of the individual or entity to which it is addressed and may contain
information that is privileged, confidential and exempt from disclosure
under applicable law. If the reader of this message is not the intended
recipient or employee/agent responsible for delivering the message to
the intended recipient, you are hereby notified that any dissemination,
distribution or copying of the communication is strictly prohibited. If
you receive this communication in error, please notify us immediately
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
This e-mail and any attachment is for authorised use by the intended
recipient(s) only. It may contain proprietary material, confidential
information and/or be subject to legal privilege. It should not be
copied, disclosed to, retained or used by, any other party. If you are
not an intended recipient then please promptly delete this e-mail and
any attachment and all copies and inform the sender. Thank you.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| ZJORZ
Posts:389
| | 09/30/2005 8:44 AM |
| Take a look at an article written by Marcus
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Figueroa,
Johnny
Sent: Friday, September 30, 2005 10:35
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] DNS Aging and Scavenging
I am seeing more duplicate PTR records in our DNS reverse zones than I'd
like. Our DHCP lease is 8 days, the zones are AD integrated. I've been
down the DNSUpdateProxy group road, etc. So I believe the records are
duplicates because they are not scavenged in time, not because of
security rights to update the record or delete it.
Our scavenging per zone is set to 7 days for the no-refresh interval and
7 days for the refresh interval. I went by the formula that the refresh
interval should be 87.5% of the lease time, I'm just not sure about the
"no-refresh" interval.
I found this paragraph in a support document that I don't understand:
"After the record is refreshed, it cannot be refreshed again for the
interval specified by the no-refresh interval. The no-refresh interval,
a zone parameter, prevents unnecessary Active Directory replication
traffic.
However, the record can still be updated during the no-refresh interval.
If
a dynamic update request requires modification to a record, the request
is considered an update. If the request requires no modifications, it is
considered a refresh. Therefore, prerequisite-only updates, updates that
include a list of prerequisites but no zone changes, are also considered
refreshes. "
If the goal is to get rid of addresses as soon as they are truly stale,
then that would be right after the lease expires?
In my scenario, should the "no-refresh" interval be (1) and the refresh
(7)?. In a 2003 AD/DNS environment, how much replication traffic is this
going to be?
Thanks
Johnny Figueroa
Enterprise Network Consultant/Integrator Network Services Banner Health
Voice (602)
495-4195 Fax (602) 495-4406
WARNING: This message, and any attachments, are intended only for the
use of the individual or entity to which it is addressed and may contain
information that is privileged, confidential and exempt from disclosure
under applicable law. If the reader of this message is not the intended
recipient or employee/agent responsible for delivering the message to
the intended recipient, you are hereby notified that any dissemination,
distribution or copying of the communication is strictly prohibited. If
you receive this communication in error, please notify us immediately
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| ZJORZ
Posts:389
| | 09/30/2005 8:46 AM |
| Take a look at an article written by Marcus
http://myitforum.techtarget.com/articles/16/print_view.asp?id=6287
Cheers,
Jorge
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Figueroa,
Johnny
Sent: Friday, September 30, 2005 10:35
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] DNS Aging and Scavenging
I am seeing more duplicate PTR records in our DNS reverse zones than I'd
like. Our DHCP lease is 8 days, the zones are AD integrated. I've been
down the DNSUpdateProxy group road, etc. So I believe the records are
duplicates because they are not scavenged in time, not because of
security rights to update the record or delete it.
Our scavenging per zone is set to 7 days for the no-refresh interval and
7 days for the refresh interval. I went by the formula that the refresh
interval should be 87.5% of the lease time, I'm just not sure about the
"no-refresh" interval.
I found this paragraph in a support document that I don't understand:
"After the record is refreshed, it cannot be refreshed again for the
interval specified by the no-refresh interval. The no-refresh interval,
a zone parameter, prevents unnecessary Active Directory replication
traffic.
However, the record can still be updated during the no-refresh interval.
If
a dynamic update request requires modification to a record, the request
is considered an update. If the request requires no modifications, it is
considered a refresh. Therefore, prerequisite-only updates, updates that
include a list of prerequisites but no zone changes, are also considered
refreshes. "
If the goal is to get rid of addresses as soon as they are truly stale,
then that would be right after the lease expires?
In my scenario, should the "no-refresh" interval be (1) and the refresh
(7)?. In a 2003 AD/DNS environment, how much replication traffic is this
going to be?
Thanks
Johnny Figueroa
Enterprise Network Consultant/Integrator Network Services Banner Health
Voice (602)
495-4195 Fax (602) 495-4406
WARNING: This message, and any attachments, are intended only for the
use of the individual or entity to which it is addressed and may contain
information that is privileged, confidential and exempt from disclosure
under applicable law. If the reader of this message is not the intended
recipient or employee/agent responsible for delivering the message to
the intended recipient, you are hereby notified that any dissemination,
distribution or copying of the communication is strictly prohibited. If
you receive this communication in error, please notify us immediately
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
|
|