Microsoft KB Archive/932464

= How DNS dynamic updates work together with the DNS &quot;aging and scavenging&quot; process in Windows 2000 and in Windows Server 2003 =

Article ID: 932464

Article Last Modified on 12/3/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
 * Microsoft Windows Server 2003, Datacenter x64 Edition
 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise x64 Edition
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Standard x64 Edition
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Server
 * Microsoft Windows Small Business Server 2003 Standard Edition
 * Microsoft Windows Small Business Server 2003 Premium Edition

-



Important This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry



INTRODUCTION
This article describes how Domain Name System (DNS) dynamic updates work together with the DNS &quot;aging and scavenging&quot; process in Microsoft Windows 2000 and in Microsoft Windows Server 2003.



DNS &quot;aging and scavenging&quot; intervals
Windows Server 2003 uses the following DNS &quot;aging and scavenging&quot; settings.

Note By default, the Dynamic Host Configuration Protocol (DHCP) lease time is set to eight days.

When a DNS record is created by a new client, the NoRefresh interval is in effect. When the client dynamically updates its DNS information in this situation, the client's DNS time stamp is not updated until the Refresh interval takes effect. This behavior prevents the replication of lots of DNS objects in the Active Directory directory service.

During the Refresh interval, the client's DNS time stamp is updated. During the Scavenging interval, old DNS resource records are automatically deleted.

Security and DNS records
When a DNS client or a DHCP server performs a dynamic update, the DNS record adds the $ account to the permissions for the DNS record. Therefore, only the computer that registered the DNS record can update the DNS record. In some scenarios, when a change is made on the DHCP server, the DHCP server may not update a DNS record when the client registers a DNS record. This behavior occurs if the $ account already exists for the DNS record.

How the client dynamically registers the DNS records
When the DNS client is configured to use a static IP address, the DNS client registers both host (A) resource records and pointer (PTR) resource records on the DNS server. Then, the DNS client adds the $ account together with Full Control permissions for the DNS record.

To change this behavior, disable the Register this connection's address in DNS setting on the DNS client computer. To do this, follow these steps:
 * 1) Click Start, point to Control Panel, point to Network Connections, right-click the network connection that you want to change, and then click Properties.
 * 2) On the General tab, click Internet Protocol (TCP/IP), and then click Properties.
 * 3) On the Internet Protocol (TCP/IP) Properties page, click Advanced.
 * 4) On the Advanced (TCP/IP) Settings page, click to clear the Register this connection's address in DNS check box, and then click OK three times.

Assume that Microsoft Windows 2000-based DNS clients or later versions of DNS clients are configured to use the following DHCP settings:
 * Enable DNS Dynamic updates according to the settings below
 * Dynamically update DNS A and PTR records only if requested by the DHCP clients

In this case, the DNS client registers the host (A) resource record. Then, the DNS client adds the $ account together with Full Control permissions for the DNS record on the DNS servers. Next, the DHCP server registers the pointer (PTR) resource record. Finally, the DHCP server adds the $ account together with Full Control permissions for the DNS record.

Assume that Microsoft Windows 2000-based DNS clients or later versions of DNS clients are configured to use the following DHCP settings:
 * Enable DNS Dynamic updates according to the settings below
 * Always dynamically update DNS A and PTR records

In this case, the DHCP server registers both the host (A) resource record and the pointer (PTR) resource record. Then, the DHCP server adds the $ account together with Full Control permissions for the DNS record.

The DHCP lease-expiration process
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

DHCP checks for expired leases by using the following registry subkey:

By default, when the DHCP Server service is running on Windows Server 2003-based computers, the DatabaseCleanupInterval value is set to 60 (1 hour). When the DHCP Server service is running on a Windows 2000-based computer, the DatabaseCleanupInterval value is set to 1440 (1 day). When the DHCP lease is released, the DHCP server unregisters the DNS record.

You can configure the client's DHCP lease to expire automatically when the client computer is shut down for Windows 2000-based DNS clients or for later versions of DNS clients. To do this, follow these steps:
 * 1) Click Start, point to Administrative Tools, and then click DHCP.
 * 2) Expand the scope for which you want to change the DHCP expiration lease, right-click Scope Options, and then click Configure Options.
 * 3) Click the Advanced tab.
 * 4) Click the list that is next to Vendor Class, and then click Microsoft Windows 2000 Options.
 * 5) Click to select the 002 Microsoft Release DHCP Lease On Shutdown Option check box, and then click OK.

How to configure the queue limit on a DHCP server
The DHCP server uses the queue limit to restrict the number of DNS records that the server tries to unregister at the same time. If there are lots of pointer (PTR) resource records to be scavenged, the DHCP server may reach the queue limit. If this behavior occurs, the DHCP server unregisters records until it reaches the configured queue limit.

You can change the DHCP queue limit on a Windows Server 2003-based computer by installing hotfix 837061 or by installing Windows Server 2003 Service Pack 1 (SP1). For more information, click the following article number to view the article in the Microsoft Knowledge Base:

837061 DHCP server processes expired PTR resource records in Windows Server 2003

After you install hotfix 837061 or Windows Server 2003 Service Pack 1 (SP1), you can increase the size of the queue that DHCP tries to unregister during each cycle. To do this, set the DynamicDNSQueueLength registry entry to 2048.

