My environment is: 2003 Functional level Domain and Forest
Domain controllers are a mix of 2008 R2 and 2003 (Mostly 2008 R2)
Client servers are a mix of 2003, 2008 R2, and a mix of Linux flavors.
Zone is AD Integrated with Non-secure and Secure dynamic updates enabled.
In an attempt to cleanup a zone that has not been scavenged for over five years I did the following:
- Enabled aging on the zone level for a month to allow the records to update their time-stamps
- After a month scavenging was turned on at the server level (single server that was SOA for the zone)
The problem occurred when Linux boxes with out of date time-stamps started to get scavenged. In total there were only about 12 active A records for Linux servers that got scavenged inappropriately, out of 1300 that were scavenged.
So my issue:
First off these servers are static, why are they getting timestamps? The answer is not that someone set them to age from the scavengeall command, that is not the case here. We have tested and even new Linux servers added to the domain with a static record, regardless of the many ways to add Linux servers to the domain ALWAYS get a timestamp added to them when they show up in AD DNS.
Even if they have a timestamp despite being static records shouldn't they have gotten timestamp updates (dynamic updating is on after all)?
More info:
Adding static A records manually for the Linux servers works fine.
These are often using Samba as the OS
Every windows server was updating perfectly and non of them were scavenged inappropriately. So DNS is working fine in general, it's just the way it handles these Linux boxes.
I've had to turn scavenging back off and would like to turn it back on but need to figure this beast out. Essentially how can I get Linux to show up in DNS as a static record?