How to – configure DNS Scavenging Stale Record

The Figure below shows the life span of a scavengeable record.

Default no-refresh interval

This value specifies the no-refresh interval that is used by default for an Active Directory–integrated zone created on this server.


By default, this is 7 days.

Default refresh interval

This value specifies the refresh interval that is used by default for an Active Directory–integrated zone created on this server.

By default, this is 7 days.

Enable scavenging

This flag specifies whether the DNS server can perform scavenging of stale records. If scavenging is enabled on a server, it automatically repeats scavenging as often as specified in the Scavenging Period parameter.

By default, scavenging is disabled.

Scavenging Period

This period specifies how often a DNS server performs scavenging.

By default, this is 7 days.

 When a record is created or refreshed on an Active Directory–integrated zone or on a standard primary zone for which scavenging is enabled, a record’s timestamp is written.

Because of the addition of the timestamp, a standard primary zone file for which scavenging is enabled has a format slightly different from a standard DNS zone file. This does not cause any problems with zone transfer. However, you cannot copy a standard zone file for which scavenging is enabled to a non-Windows 2000-based DNS server.

The value of the timestamp is the time when the record was created or the record was last refreshed. If the record belongs to an Active Directory–integrated zone, then every time the timestamp is refreshed, the record is replicated to other domain controllers in the domain.

By default, the timestamps of records that are created by any method other than dynamic update are set to zero. A zero value indicates that the timestamp must not be refreshed and the record must not be scavenged. An Administrator can manually enable aging of such records.

After the record is refreshed, it cannot be refreshed again for the period specified by the no-refresh interval. The no-refresh interval, a zone parameter, prevents unnecessary Active Directory replication traffic.

However, the record can still be updated during the no-refresh interval. If a dynamic update request requires record modification, it is considered an update. If it does not require record modifications, it is considered a refresh. Therefore, prerequisite-only updates—updates that include a list of prerequisites but no zone changes—are also considered refreshes.

The no-refresh interval is followed by the refresh interval. After the expiration of the no-refresh interval, the server begins to accept refreshes. The record can be refreshed as long as the current time is greater than the value of the timestamp plus the no-refresh interval. When the server accepts a refresh or an update, the value of the timestamp changes to the current time.

Next, after the expiration of the refresh interval, the server can scavenge the record if it has not been refreshed. The record can be scavenged if the current time is greater than the value of the timestamp plus the value of the no-refresh interval plus the value of the refresh interval. However, the server does not necessarily scavenge the record at that time. The time at which records are scavenged depends on several server parameters.

Check that DHCP lease is less than Aging and Scavenging time. It should be the total of half the time of refreshinterverval plus 1. Suppose the refreshinterval is set as 7 days the DHCP lease should be 4 days. Do not forget to restart the DNS service once you enable scavenging.

The server can be configured to perform scavenging automatically, using a fixed frequency. In addition, you can manually trigger scavenging on a server
 to perform immediate scavenging. When scavenging starts, the server attempts to scavenge all primary zones and succeeds if all the following conditions are met:
1) The EnableScavenging parameter is set to 1 on the server.
2) The EnableScavenging parameter is set to 1 on the zone.
3) Dynamic update is enabled on the zone.
4) The zone parameter ScavengingServers is not specified or contains the IP address of this server.
5) The current time is greater than the value of the zone parameter StartScavenging.

The server sets StartScavenging whenever any of the following events occur:
6) Dynamic update is turned on.
7) EnableScavenging is set from 0 to 1 on the zone.
8) The zone is loaded.
9) The zone is resumed.

StartScavenging is equal to the time that one of the preceding events occurs plus the amount of time specified in the refresh interval for the zone. This prevents a problem that can occur if the client is unable to refresh records because the zone isn’t available-for example, if the zone is paused or the server is not working. If that happens and the server does not use StartScavenging, the server could scavenge the zone before the client has a chance to update the record.
When the server scavenges a zone, it examines all the records in the zone one by one. If the timestamp is not zero, and the current time is later than the time specified in the timestamp for the record plus the no-refresh and refresh intervals for the zone, it deletes the record. All other records are unaffected by the scavenging procedure.

To ensure that no records are deleted before the dynamic update client has time to refresh them, the refresh interval must be greater than the refresh period for each record subjected to scavenging within a zone. Many different services might refresh records at different intervals; for example, Netlogon refreshes records once an hour, cluster servers generally refresh records every 15 to 20 minutes, DHCP servers refresh records at renewal of IP address leases, and Windows computers refresh their A and PTR resource records every 24 hours.
Usually, the DHCP service requires the longest refresh interval of all services.
The longer you make the no-refresh and refresh intervals, the longer stale records remain. Therefore, you might want to make those intervals as short as is reasonable. However, if you make the no-refresh interval too short, you might cause unnecessary replication by Active Directory.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s