When using DNS, you can perform many routine tasks to maintain and monitor domain name resolution services. Key tasks you might need to perform include the following:
Configuring default application directory partitions and replication scope
Setting aging and scavenging
Configuring logging and checking event logs
When the domain controllers running DNS in all the domains of your forest are using Windows Server 2003, you can create default application directory partitions for DNS. This reduces DNS replication traffic because DNS changes are replicated only to domain controllers also configured as DNS servers. There are two ways to configure default application directory partitions:
Forest-wide Creates a single application directory partition that stores DNS zone data and replicates that data to all DNS servers in the forest. The default partition name is ForestDnsZones.DnsForestName, where DnsForestName is the domain name of the forest.
Domain-wide Creates a single application directory partition that stores DNS zone data and replicates that data to all DNS servers in a designated domain. The default partition name is DomainDnsZones.DnsDomainName, where DnsDomainName is the domain name of the domain.
Tip
Check the DNS configuration fast
A fast way to check for the default application partitions and other DNS server configuration settings is to use DNSCMD. At a command prompt, type dnscmd ServerName /info, where ServerName is the name or IP address of a DNS server, such as CORPSVR03 or 192.168.10.15.
By default, the DNS Server service will try to create the default application directory partitions when you install it. You can verify this by connecting to the primary DNS server in the forest root domain and looking for subdomains of the forest root domain named Domain-DnsZones and ForestDnsZones. Figure 27-23 shows an example in which these partitions have been created.
If the DNS Server service is unable to create these partitions, you will need to create the partitions manually. To do so, you must use an account that is a member of the Enterprise Admins group. If the default application partitions are currently available, the option to create them should not be available in the DNS console.
If the default application partitions have not yet been created, you can create them in the DNS console by following these steps:
In the DNS console, connect to the DNS server handling the zone for the parent domain of your forest root, such as cpandl.com rather than tech.cpandl.com.
Right-click the server entry, and select Create Default Application Directory Partitions. The DNS dialog box is displayed, as shown in Figure 27-24.
The first prompt asks: Would You Like To Create A Single Partition That Stores DNS Zone Data And Replicates That Data To All DNS Servers In The Active Directory Domain DomainName? Click Yes if you want to create the DomainDnsZones.Dns-DomainName default partition.
As Figure 27-25 shows, the next prompt states: Would you like to create a single partition that stores DNS zone data and replicates that data to all DNS servers in the Active Directory forest ForestName. Click Yes if you want to create the ForestDnsZones.Dns-ForestName default partition.
When you create Active Directory–integrated zones, you have the option of setting the replication scope. Four replication scopes are available:
To check or change the replication scope for a zone in the DNS console, right-click the related domain or subnet entry, and select Properties. In the Properties dialog box, the current replication scope is listed to the right of the Replication entry. If you click the related Change button, you can change the replication scope using the dialog box shown in Figure 27-26.
By default, the DNS Server service doesn't clean out old records. In some ways this is a good thing, because you don't want records you created manually to be deleted. However, for records created automatically through dynamic DNS, you might want to clear out old records periodically. Why? Consider the case of systems that register with DNS and then are removed from the network. Records for these systems will not be cleared automatically, which mean the DNS database might contain records for systems that are no longer in use.
DNS can help you clear out old records by using aging and scavenging. These rules determine how long a record created through a dynamic DNS update is valid, and if a record isn't reregistered within the allotted time, it can be cleared out. Aging and scavenging rules are set at two levels:
Zone Zone aging/scavenging properties apply to an individual zone on a DNS server. To set zone-level options, right-click a zone entry, and select Properties. In the Properties dialog box, click Aging in the General tab. After you enable and configure aging/ scavenging, click OK.
Server Server aging/scavenging properties apply to all zones on a DNS server. To set server-level options in the DNS console, right-click a server entry, and select Set Aging/ Scavenging For All Zones. After you enable and configure aging/scavenging, click OK. You'll see a prompt telling you these settings will be applied to new Active Directory– integrated zones created on the server. To apply these settings to existing zones, select Apply These Settings To The Existing Active Directory–Integrated Zones before you click OK.
In either case, the dialog box you see is similar to the one shown in Figure 27-27. To enable aging/scavenging, select Scavenge Stale Resource Records, and then set these intervals:
No-Refresh Interval Sets a period of time during which a DNS client cannot reregister its DNS records. When aging/scavenging is enabled, the default interval is 7 days. This means that if a DNS client attempts to reregister its record within 7 days of creating it, the DNS server will ignore the request. Generally, this is what is wanted because each time a record is reregistered this is seen as a change that must be replicated. The no-refresh interval doesn't affect clients whose IP address has changed and who therefore need to reregister their DNS records. The reason for this is that the previous records are actually deleted and new records are then created.
Refresh Interval Sets the extent of the refresh window. Records can be scavenged only when they are older than the combined extent of the no-refresh interval and the refresh interval. When aging/scavenging is enabled, the default no-refresh interval is 7 days and the default refresh interval is 7 days. This means their combined extent is 14 days, and the DNS server cannot scavenge records until they are older than 14 days.
Tip
Scavenge stale records manually
In addition to configuring automatic aging/scavenging, you can manually scavenge for stale (old) records. To do this in the DNS console, right-click a server entry, and select Scavenge Stale Resource Records. When prompted to confirm the action, click Yes. You can start scavenging at the command prompt by typing dnscmd ServerName /startscavenging, where ServerName is the name or IP address of the DNS server to work with, such as NS1 or 10.10.1.52.
By default the DNS Server service is configured to record all types of events (error, warning, and informational events) in the DNS Server log. You change this behavior in the DNS console; right-click a server entry, and then select Properties. In the Properties dialog box, select the Event Logging tab. Select the appropriate logging option so that no events, errors only, or errors and warnings are logged, and then click OK.
Using the DNS console, you can view only DNS-related events that have been logged in the system log by expanding the Event Viewer node in the left pane and selecting DNS events. As Figure 27-28 shows, you'll then see the current DNS events for the server. The primary events you will want to examine are error and warning events.
