I also read that a service account should be configured to carry out the zone updates - which I have now done. The Dns Update Proxy group should contain the computer accounts of your DHCP servers, so DC1 and DC2 in your case.In DNS console, find an outdated record, go to the Security tab and take a look at the owner of the record.
In most cases, the client should own it's own record.
So the DNS client service on the PC's should be updating the record when they receive a new IP.
Our DHCP was set to lease addresses for 1 day, for reasons which were never explained to me.
I set this back to 7 days, in an attempt to give DNS a chance to 'catch up' before the addresses potentially changed again, but we're still getting incorrect DNS entries. Our settings are now an amalgam of what went before (which didn't work) and what I've gleaned from MS documentation.
I'm wondering if I remove all records which don't have the service account present, will these then be regenerated correctly, and updated properly going forward? You can try deleting some of the outdated records, and then either let DHCP refresh the records or do an ipconfig /registerdns from the client. You still should be looking at why scavenging is not running in your environment.
All records with a timestamp of today (specifically the two machines we just rebuilt) don't have the service account in the permissions - they do have their own computer account, and the owner is SYSTEM.At the same time, I'm combing through AD and rationalizing group memberships.The Dns Update Proxy group, despite its description, had a domain admin account and the BES Service Account as members.I did a bit of reading and discovered that the group should have DNS computer accounts in, if the zones are configured to only be updated securely - which they were. I am forever getting incorrect / outdated lookups when connecting to machines.I also read that a service account should be configured to carry out the zone updates - which I have now done. Our domain's zone is configured as an AD-Integrated zone with replication to all DNS servers in the forest.Discard A and PTR records when lease is deleted Dynamically update for DHCP clients that do not request updates Our domain's zone is configured as an AD-Integrated zone with replication to all DNS servers in the forest.