We've got a couple of funny issues here so I would appreciate a pointers in the right direction...

3 DNS servers on the network (2003 Domain) and quite a lot of dumlicate IP entries.
1. Scavanging is not enabled on the DNS - so I guess it can greatly contribute to duplicate DNS entries by keeping the stale entries. (Am I right about it?)
2. Some times when I ping some ip addresses with -a switch DNS server returns the names that even dasn't exist on the network. (No idea why it happens)

Is there any checklist of thigns I should check on the DNS to make sure it works properly? (besides n\making sure DNS points to itself)
Any recomendations as to what should I do to rectify the issue?

Thank you.
Elijah

1) Yes, you should enable scavanging of DNS records.
2) The -a option uses the Reverse lookup zone and the PTR record to do the ip to DNS name translation.  You need to scavenge these zones as well.

Scavenging is enabled both on at the server and on each zone.  You should enable scavenging on all 3 DNS servers and all DNS zones.

http://technet.microsoft.com/en-us/library/cc755716(WS.10).aspx

• Marked as answer by Miles ZhangModerator Monday, March 29, 2010 2:37 AM

Hello,

in addition to aging/scavenging you can use the DHCP server also:
http://technet.microsoft.com/en-us/library/cc787034(WS.10).aspx

See also this article:
http://blogs.technet.com/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx

Thank, took me some time to dig through it and I'm still reading related articles.
I'm trying also to get an answer to the question "why did it start happening int he first place?" There is quie a lot of duplicate entries and enabling scavanging (I hope) can resolve the issue, but I still have no answer to the quesrtion as to why is it happening.
Documentation I've red so far mentiones that stale records can be created when computer is not properly disconnected from the network, but according to the number of duplicate records it is hard to beleive.
Do you know what are might have casued duplicate IP records? (they seem to appear and disappear sporadically)

(AD 2003 DHCP interated with DNS)

Thanks.
Elijah.

They didn't just appear, they have always been there....you are just now noticing because someone reported it.

1) You may have recently created a reverse lookup zone?  If so then you may now have noticed an issue because of this.  Its common for DNS servers not to have reverse lookup zones.

2) The "sparadic" nature of the issue is mostly likely caused by DNS round robin.

1. No new zone additions
2. Can you be a bit more specific the round-robin you mntioned - how can it contribute to duplicate IP addresses?

P.S> If you say rthat duplicate IP have always been there - do you meen that in the environment that is not scavanged it is unavoidable? (I used to think that dulicate IPs in DNS are "really evail" and can cause a lot of issues...

Thanks.
Elijah

By default Scavenging is not enabled in Windows 2000/2003 DNS.  By default Dynamic DNS is enabled.  Therefore its typical for subnets for that use DHCP to register mutiple names with the same IP address in DNS.

Round Robin in DNS is enabled by default.  Round robin is a simplistic load balacing technology where the responses returned by DNS are alternated between the records registered with the same name.

Example
test1 A 10.1..1.1
test1 A 10.1..1.2
test1 A 10.1..1.3

With round robin all three of the ip addresses will returned in a circular fashion....one at a time per request.  For more information see this.
http://www.wisegeek.com/what-is-round-robin-dns.htm

This also applies to the Reverse lookup zones and PTR records, in which the NAME returned is round robined.  As shown in the example below.

Example:
3.1.1.10 PTR Test1
3.1.1.10 PTR Test2
3.1.1.10 PTR Test3


Dupliate IP's are not "Evil" in DNS.  Frankly they don't matter, except in a reverse lookup scenario....which is very rarely used by applications.  The one exception tends to be backup applications that wish to verify target servers identity.

OK, now I'm getting a little bit confused :)
Why duplicate IP don't really matter? (I assume because nobody references workstations by dns names, hence it won't affect network) but I have to be sure.
If they don't really matter then what would be the reason for cleaning them up from DNS and the reason for enable scavaging?

Thanks.
Elijah,

DNS scavenging is mostly considered an administrative issue not a technological one. 

If duplicate IPs in DNS are an issue in your environment then you should implement it, if they don't affect anything and/or you don't care from and administive standpoint then you can safely ignore them.

OK, Guys, thanks a lot for the input. The only thing that I don't understand is why duplicate IP addresses a problem and why people would try to use scavanging (if in most of the cases dups are not an issue). I know it sounds like a silly question but I can't help it :)

If you are aware of the doc that gives a list of under which scenarios dups are created in DNS - it would be interesting to read.

Thanks
Elijah.

OK, Guys, thanks a lot for the input. The only thing that I don't understand is why duplicate IP addresses a problem and why people would try to use scavanging (if in most of the cases dups are not an issue). I know it sounds like a silly question but I can't help it :)

If you are aware of the doc that gives a list of under which scenarios dups are created in DNS - it would be interesting to read.

Thanks
Elijah.

Are you actually seeing duplicate IPs, or multiple hostname entries of the same name, such as:

workstation1   A   192.168.5.30
workstation2   A   192.168.5.22
workstation3   A   192.168.5.55

What I'm guessing at is that the duplicates you *may* be seeing are for hostname records, and if you have a reverse zone, you *may* also be seeing them in there, too.

My guess also is that these are only DHCP clients.

If my assumptions and guesses are correct, then what's going on is DHCP does not own the record. So when a client gets an IP from DHCP, the DHCP server will register that client, and the client will register the reverse PTR (if you have a reverse zone). But when the client goes away for a length of time longer than the lease and comes back, it gets a new IP, DHCP registers that entry into DNS, and the client registers into the reverse zone. But the problem is DHCP can't update the previous entry because it does not own the record, therefore, you will see dupes.

If my assumptions are correct so far, then you must configure DHCP to stop doing that and own the records.

Sure, as already noted in this thread, Scavenging is also recommended. Just be sure that when you set scavenging, that the NOREFRESH and REFRESH times added up together, the sum is equal or greater than the lease time.

To be specific:

• Configure DHCP for at LEAST a 25 hour lease (less than 24 will cause MAJOR problems).
  
• Configure DHCP with credentials using a plain-Jane Domain User account
  
• Add the DHCP server computer account (not the DHCP credentials account), to the DnsUpdateProxy group in AD.
  *    This blog covers the following:
  DHCP Service Configuration, Dynamic DNS Updates, Scavenging, Static Entries, Timestamps, DnsUpdateProxy Group, DHCP Credentials, prevent duplicate DNS records, DHCP has a "pen" icon, and more...
  Published by Ace Fekay, MCT, MVP DS on Aug 20, 2009 at 10:36 AM  3758  2 
  http://msmvps.com/blogs/acefekay/archive/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group.aspx
  
  *    DNS Record Ownership and the DnsUpdateProxy Group, Updated: November 10, 2008
  http://technet.microsoft.com/en-us/library/dd334715(v=WS.10).aspx
  
  *    If DHCP is co-located on a Windows 2008 R2 DC or newer, you must secure the DnsUpdateProxy group by running the following:
  dnscmd /config /OpenAclOnProxyUpdates 0 
  
• Configure DHCP to update all records (DNS tab in DHCP) and force it to update everything including computers that can and cannot update)
  
• Configure Scavenging on one DNS server (that server will take care of the deletions) and set the NoRefresh and Refresh Scavenging intervals on all zones to one day each (that's the lowest you can set it).
  
  *    Good article by Sean Ivey, MSFT:
  How DNS Scavenging and the DHCP Lease Duration Relate
  (Make the NoRefresh and Refresh each half the lease, so combined, they are equal or greater than the lease).
  http://blogs.technet.com/b/askpfe/archive/2011/06/03/how-dns-scavenging-and-the-dhcp-lease-duration-relate.aspx
  
   *    Don't be afraid of DNS Scavenging. Just be patient.
  http://blogs.technet.com/b/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx

-

I hope that helps.

Great run down of articles there from Ace, well done. Regards, Silyrics