Recently, we found that some servers’ and workstations’ host record (A RR) has been dropped off our DNS servers. All the machines were running a DHCP clients and we are using MS product for both DHCP and DNS.
The DHCP servers are configured to update the host record on behalf of the client. When we checked the scopes, we found that they have a 30 days lease duration. Very quickly it was established that its possible that the host records could have gone stale in the DNS due to the lease duration and got scavenged.
A quick chat with our DNS team and we found our that the DNS servers have a setting of about 14 days before a record is scavenged in a daily routine. Namingly the values are 7 days for non-refresh interval and 7 days for refresh interval. (see DNS Aging/Scavenging Simplied)
Now with a 30 days lease, the client will renew itself at 50% lease which is 15 days. When the client first gets its lease from the DHCP server, the server will register the host record via DDNS. It will do so again in 15 days when the client renews its lease. It the cleint is unsuccessful, it wil try again at 87.5% lease with a rebinding broadcast.
As we can see from here, there is a gap of 1 day in which the host record could be considered stale and scavenged.
Reducing the lease duration will resolve the issue, but by how much?
Some would choose a lease duration where 50% lease is 14 days of less, which gives you about 28 days lease duration. I don’t like that calculation. What if for some reasons the renew did not happen on the 14th day? If it is not successful on the 14th day, then it wil try to renew itself on around 24 days (87.5% lease). This mean potentially, I will have 10 days where the host record could be gone.
Being an production guy, I like to be more cautious and prefer to have the lease duration in which 87.5% lease of 14 days, giving 16 days (16 days is on the edge, so I would choose 15 days lease), to balance between network noise and technical effectiveness. This will allow the host record to not go stale until after the 2nd dhcp refresh interval (87.5% of lease window). If by 87.5% lease and renewal still don’t happen, sometime must be wrong with the client anyway and it needs to be fixed.
So if you have an environment in which you integrate DHCP and DNS, you will need to consider the DNS non-refresh and refresh intervals when considering your dhcp lease duration, to avoid host records disappearing when you need them.