DNS Aging and Scavenging – A Comprehensive Guide

What is DNS Aging and Scavenging?

DNS Aging

DNS Aging is a process of identifying stale resource records from the DNS Server. Stale resource records can lead to issues in name resolution, such as the creation of duplicate DNS records, unnecessary space utilization, and degradation of DNS server performance.

It keeps track of the timestamps of individual resource records (RR). The age of a resource record is determined from its last timestamp to the current time of the server. The obtained value is utilized in the Scavenging Operation and is responsible for deleting, removing, or cleaning up the resource record from the DNS Server.

DNS Scavenging

DNS Scavenging is a recurring scheduled process that runs on the DNS Server, checking whether resource records need to be removed from the DNS. Eligible stale resource records are then removed.

Key Points Before Enabling DNS Scavenging

• Go through the DNS resource records to check and confirm that the servers/printers/critical devices, which should hold a static IP, are set with a static DNS record. This is to ensure that those records are not scavenged when the DNS scavenging operation runs on the DNS Server.

• If you find any resource record showing as a Dynamic DNS Record (with the date and time stamp), you can simply open the resource record and uncheck the box, as shown in the screenshot below. Please note that when a DNS record is static, you will have to manually clean up the resource records after they become stale, as static records are not deleted by the DNS scavenging process.

• Enable DNS Scavenging on only one DNS Server for easy management. If the DNS Server is AD Integrated and AD replication is functioning correctly, a scavenged resource record on one DNS server will replicate to all DNS Servers.

• For example, if a workstation DNS record (e.g., WK-DESKTOP1) has been scavenged, it will be deleted across all DNS Servers through AD replication. Hence, there is no need to apply a Scavenging configuration on multiple DNS Servers.

• Ensure careful configuration of the non-refresh and refresh intervals, as incorrect settings may lead to duplicate records, especially when not aligned with the DHCP Lease. Adjust these values to ensure that record scavenging occurs after the DHCP Lease expires. Set the DHCP Lease by incorporating the non-refresh interval and refresh interval values accordingly.

About DNS Aging Configuration?

Non-Refresh Interval 

The time interval during which the resource record cannot be refreshed reduces DNS replication traffic based on the configured value. Please note that the update of the IP Address of the resource record through Dynamic DNS update is exempt from the Non-Refresh Interval.

Refresh Interval

The time interval during which the resource record is allowed to be refreshed.

If you set the Non-Refresh Interval to 7 Days and the Refresh Interval to 7 Days, your resource record would be eligible for scavenging after 14 Days. The scavenging process occurs based on the last scheduled event on the DNS Server. You can check the last scavenging date and time using event ID 2501.

Note

• Event ID 2501: When records were scavenged.
• Event ID 2502: When no resource records were scavenged.

Step 1 – Enable DNS Aging/Scavenging: 3 Locations

There are three places where you can enable DNS Aging/Scavenging. This will depend on the level of DNS Aging configuration you want to achieve. For example, you can enable DNS Aging at the DNS Server level, DNS Zone level, or at the resource record level as well. Let’s check the steps:

1. Enable Aging/Scavenging at the DNS Server Level

This will enable/set DNS Scavenging on all the zones on the DNS Server. Follow the steps below to enable it on the server level.

If you do not want to enable scavenging for all the DNS zones, then please skip this step and proceed to enable aging/scavenging at the DNS Zone level. Please note that enabling aging/scavenging at the DNS Server Level setting will not be replicated to other DNS Servers.

Note

• Right-click on DNS Server and click on Set Aging/Scavenging for All Zones…

• Set the No-Refresh Interval and Refresh Interval Values
  • Keep the default values or update them as per your requirements. I have set 7 days for both the non-refresh and refresh intervals.

• Scavenge stale resource records: Enabled
• Apply these settings to the existing Active Directory-Integrated zones – Enable

In certain instances, despite selecting the checkbox for Apply these settings to the existing Active Directory-Integrated zones and verifying the DNS Zone Level Aging Settings, you may observe that the changes are not propagated. An explanation will be provided at the end of the article.

Note

• To verify that Aging/Scavenging has been enabled at the DNS Server Level, you can use the command line with the dnscmd command, as shown below:

dnscmd /info

2. Enable Aging/Scavenging at the DNS Zone Level

This will enable DNS Aging/Scavenging at the DNS Zone Level without affecting other DNS Zones on your server. Follow the steps below to enable it at the DNS Zone Level.

• Right-click on the DNS Zone and click on Properties.

• Click on the Aging button.

• Enable the Checkbox “Scavenge stale resource records” and modify the non-refresh and refresh interval values according to your requirements. You can choose to keep the default settings as well.

• To verify that Aging/Scavenging has been enabled at the DNS Zone Level, you can use the command line with the dnscmd command, as shown below:

dnscmd /zoneinfo <zonename>

Example:

dnscmd /zoneinfo techpress.net

3. Enable Aging/Scavenging at the Resource Record (RR) Level

Enable DNS Aging/Scavenging at the DNS Resource Record Level by following the steps below:

• Find the Resource Record on which you want to Enable DNS Aging/Scavenging configuration.

• Right-click on the record and click on Properties.

• Select the checkbox “Delete this record when it becomes stale”.

Excellent! You have now enabled Aging/Scavenging on the DNS Server. However, there is a second step to complete the Scavenging Configuration. Ensure to complete both steps; otherwise, it will not work.

Step 2 – Enable “Automatic Scavenging of Stale Records” setting

After configuring DNS Scavenging at the DNS Server Level, DNS Zone Level, or Resource Record (RR) Level, enable the recurring scavenging interval. This ensures the deletion of stale records from the DNS Server when they become eligible according to the Aging configuration.

• Right-click the DNS Server > Select Properties.

• Check the box for ‘Enable automatic scavenging of stale records‘ and set the scavenging period to 7 days (or update it according to your requirements). This means the DNS Server will check for eligible stale records every 7 days. If none are found, it will check again in the subsequent 7 days, following the scavenging period value, and so on.

• Now, right-click on the DNS Zone where scavenging is configured. If scavenging is enabled at the DNS Server Level and you have multiple zones, right-click on any zone, click ‘Properties,’ and then select ‘Aging‘.

• This will open the Zone/Scavenging Properties window, displaying the date and time when the zone can be scavenged.

Known Issues

In some cases, when configuring Aging and Scavenging at the DNS Server Level and selecting the checkbox ‘Apply these settings to the existing Active Directory-Integrated zones‘, it may not propagate to specific zone(s).

Let’s take an Example:

When DNS Zone Level Scavenging is configured on techpress.net with a non-refresh interval of 6 days and a refresh interval of 2 days, enabling DNS Scavenging at the server level with default values and selecting the checkbox ‘Apply these settings to the existing Active Directory-Integrated zones’ may not update the DNS Zone techpress.net, which continues to show non-refresh and refresh intervals of 6 and 2 days, respectively.

• A workaround for this issue is to change the values at the DNS Server Level to values other than 7 for non-refresh and refresh intervals, such as 9.

• Click on OK to save.

• Now, upon checking the DNS Zone Level Aging Configuration, it is set to 9 for both non-refresh and refresh intervals.

• Now that the configuration has propagated successfully, you can revert the DNS Server Level Scavenging Configuration from 9 to 7 for both non-refresh and refresh intervals and propagate the changes once again.
• At this point, you will observe that the DNS Zone also displays the correct aging configuration values, now being propagated from the DNS Server Level Aging Configuration.