Aging and Scavenging is very crucial and important for Active Directory Integrated zone, it should be carefully planned and configured. We recently faced a problem when a System Admin reported to me having two DNS records having the same IP address in the DNS Active Directory Integrated zone.
The first thing that came to my mind was to check the Scavenging settings however they both (Refresh and Non-Refresh) seem to be fine compared to the DHCP release time. Always remember that the main rule for this setting is that the Non-Refresh Interval + Refresh Interval should be greater than the DHCP release time. You can tweak it depending on your network, IPs availability and how busy is your network with computers in and out but always keep in mind this main equation.
The second thing to check was the DHCP scope properties and specifically the DNS Tab. Upon checking this setting i noticed that Dynamically Update DNS only if requested by DHCP clients is selected as shown below.
It should be noted that with this above setting, only if the client initiate a request to renew or release by maybe using the ipconfig /release command, then the DNS record will be updated or removed from the DNS zone. As per Microsoft Support advice, in most circumstances, the DHCP client won’t initiate the DHCP release request (The client is just removed from the network) and the DHCP and DNS integrated zone won’t notice that this client is removed and they still think that this client is online.
After the DHCP lease duration ends, the DHCP server will get this IP back and another client may get this same IP and register itself with the same IP. Now remember the main equation we mentioned earlier, since the Aging and Scavenging time didn’t end (They are greater than the DHCP lease), the result will be two records with the same IP address in the DNS zone.
The Solution to this issue is to ensure the DNS record is deleted once the Lease time is reached, we need to change the setting in the image above (Scope Properties – DNS) to Always Dynamically update DNS A and PTR Records.
After changing this setting you will need to restart both DHCP server and DNS server services.
A very efficient solution. I had the same problem a long time ago and couldn't figure it out. Thanks for the post anyway! public key infrastructure