Aging and Scavenging is a DNS server service that can be used to clean and remove stale resource records automatically.
This tool is helpful for maintaining a dynamic DNS environment.
Sometimes, stale resource records remain in DNS zones and can take up server disk space which will cause unnecessarily long zone transfers and degrade server performance.
In some cases, the presence of stale records in DNS zones could lead to the use of outdated information to answer client queries which then leads to name resolution problems on your network.
What is DNS Aging?
Aging is a DNS feature that is used to identify the stale resource records from the DNS server.
It uses two intervals namely Non-refresh interval and Refresh interval.
The DNS record is considered a stale record when both these intervals are elapsed.
Non-Refresh Interval is the interval during which the resource record cannot be refreshed.
It is used to reduce the replication traffic during this interval to avoid the same information being replicated.
By default, this is configured for 7 days and during this time, the timestamp cannot be updated.
This helps reduce the amount of replication traffic, but there are also other changes that can happen to a DNS record.
These changes are allowed to be made during this period, it is only if the timestamp is attempted to be changed by itself in this period that it is not allowed.
For example, changes in the IP or port changing or a service record are allowed.
Refresh Interval is the interval during which the resource record can be updated.
By default, the refresh interval is set to 7 days.
This value should be large to allow all clients to refresh their records.
In this time any data in the DNS records can be updated including the time stamp.
This effectively gives the device that registered the DNS record 7 days to update the DNS server and thus let the DNS server know that the DNS record is still required.
This essentially means, by default, it takes 14 days for a DNS record that is registered in DNS to be removed.
You can see that using a system like this gives a balance between replication traffic but also gives the device time to register the DNS record before it is removed.
What is Scavenging?
DNS Scavenging is the process of removing outdated DNS records.
It looks at the timestamps of the DNS record in order to determine if the DNS record should be removed.
This will occur after the No-refresh interval and Refresh interval, which is 14 days by default as mentioned above.
The important thing to remember with Scavenging is that it is not configured by default.
In order for Scavenging to work, a number of settings need to be configured in order for it to work at which we will look at in a moment.
If these settings are not configured correctly, Scavenging will not occur or can happen quite randomly.
It is not uncommon for an administrator to be looking at DNS and seeing DNS records that they believe should be scavenged and they are not automatically removed, but later on suddenly disappear.
The next point to remember is that if your clients are not dynamically updating their DNS records, this includes resource records used for Active Directory, these will be scavenged.
Having all the resources records for your ADC suddenly being removed can have the effect of preventing any user on the domain from being able to login.
So if you enable scavenging, the two points to remember are, be patient as the records will be removed eventually (after 14 days) and ensure there is nothing preventing your clients, especially Domain Controller, from registering DNS records.
You can set Scavenging in three places:
- Individual Record,
- Server and
How to Configure DNS Aging and Scavenging on Windows Server 2016
In this section, we will show you how to enable the DNS Aging and Scavenging on DNS server and DNS Zone.
- A server running Windows server 2016.
- DNS server must be installed and configured on your server.
Enable Scavenging on the DNS Zone
In order to remove a stale resource record automatically, you must enable the scavenging on the resource record, the DNS zone where the resource record exists, and at least one DNS hosting a primary copy of the DNS zone where the resource record exists.
By default, DNS Scavenging and Aging features is disabled on Windows Server.
You can set scavenging on the DNS zone by following the below steps:
2. Right click on the Zone you want to enable scavenging on and click on the properties as shown below:
3. Click on the Aging button. You should see the following screen:
4. Check the box “ Scavenge stale resource records“. You can adjust the interval settings with your desired value.
It is recommended to set this value equal to or less than your DHCP lease period.
Now, click on the OK button to finish the process.
Enable Scavenging on the DNS Server
1. Click on the Server Manager => Tools => DNS to open the DNS Console.
2. Right click on the DNS server and click on the properties. You should see the following screen:
3. Click on the Advanced Tab and click on the “ Enable Automatic Scavenging of State Records ” and click on the OK button to finish the process.
You have successfully enabled Scavenging and Aging features on DNS on Windows server 2016.
Verify DNS Scavenging and Aging
DNS Scavenging and Aging is now enabled on both the DNS server and Zone.
It’s time to verify whether the Scavenging and Aging has been enabled or not.
You can verify it using the dnscmd command as shown below:
You should see that the Scavenging and Aging is now enabled in the following screen:
In the above guide, we learned about what DNS Aging and Scavenging are.
We also learned how to set the Scavenging and Aging on the DNS server and Zone.
Hopefully our screenshots and notes made you an expert at understanding DNS Scavenging and Aging and help you with configuring it easily!
Feel free to leave any questions or comments below!