Article Summary: This article provides general information on DNS aging and scavenging in Windows Server.
Dynamic DNS has been one of the key features of Active Directory since its inception, and Active Directory administration would be considerably more difficult and time-consuming without it. It allows machines in an Active Directory domain to automatically register themselves in DNS so that other domain members can locate them easily. When the IP address of one of those machines changes, the corresponding DNS record is automatically updated to reflect the change, ensuring that the machine can still be located.
There can be a downside to this, though: when a machine is removed from the network without warning - due to a hardware failure, for example - any records belonging to it will remain in DNS indefinitely. If the same machine rejoins the network later with a different IP address, both sets of records will appear in DNS, and other machines will be intermittently unable to connect to it when they resolve its name to the old (and no longer valid) address.
Fortunately, there is a mechanism that can alleviate this: DNS aging and scavenging. As its name implies, two mechanisms work in concert to provide this functionality: the aging mechanism applies a timestamp to newly created DNS records, and the scavenging mechanism periodically deletes records that are older than a certain age. The process is a bit more complicated than that, however.
Aging and scavenging are disabled by default on Windows DNS servers, because they can have a negative impact if they are enabled and improperly configured. For example, valid DNS records may be deleted. If these deleted records belong to a domain controller, domain-wide connectivity problems and/or authentication failures can result. For this reason, it is important to understand the aging and scavenging process before setting it up.
The following is an overview of the aging and scavenging process for a single DNS record:
A record is dynamically registered on a DNS server and receives a timestamp based on the DNS server's current time. (Static records which are manually created in DNS are exempt from scavenging by default.)
The record's no-refresh interval begins immediately. The no-refresh interval can be configured on a per-server or per-zone basis. A refresh of a DNS record occurs when the record's timestamp is reset, but no other changes are made to the record. This is in contrast to an update, in which a property of a record - its IP address, for example - is modified and its timestamp reset (which resets the no-refresh interval to zero, starting this step over.) A record can be updated during its no-refresh interval, but it cannot be refreshed or scavenged.
When the no-refresh interval expires, the record's refresh interval begins. During this time, the record still cannot be scavenged, but it can be refreshed or updated. A record is refreshed whenever the corresponding machine is restarted without its name or IP address changing. Windows machines also automatically refresh their DNS records every 24 hours. If either of these occurs, the record's timestamp is reset, and the process returns to step 2.
If the no-refresh and refresh intervals both expire, the DNS record is now eligible for scavenging. The scavenging period is defined on a per-server basis (independently of the no-refresh and refresh intervals) and determines when scavenging will occur. If the record is refreshed or updated during this time, its timestamp will reset, and the process will return to step 2.
When scavenging occurs, the server examines each record to determine whether its no-refresh and refresh intervals have both expired. It does so by adding the record's timestamp to the no-refresh and refresh intervals and comparing the result to the current time. If the result is less than the current time, the record is deleted from the database. If it is greater, no changes are made to the record.
There are a few important points to remember:
A record is not eligible for scavenging until its no-refresh and refresh intervals have both expired.
When a record is refreshed or updated, its timestamp resets. Therefore, as long as a record is regularly refreshed, it will never be scavenged.
Even after the no-refresh and refresh intervals have both expired, a record will most likely not be scavenged immediately, as scavenging is controlled by a server's scavenging period, which is independent of the other two intervals.
The maximum age of a dynamically registered record is roughly equal to (no-refresh interval + refresh interval + scavenging period).
By default, static records will never be scavenged, regardless of age.
For instructions on configuring aging and scavenging, see How to Configure DNS Aging and Scavenging and How to Configure DNS Aging and Scavenging from the Command Line.
For best practices associated with aging and scavenging, see Best Practices for Implementing DNS Aging and Scavenging.
Quick Tips content is self-published by the Dell Support Professionals who resolve issues daily. In order to achieve a speedy publication, Quick Tips may represent only partial solutions or work-arounds that are still in development or pending further proof of successfully resolving an issue. As such Quick Tips have not been reviewed, validated or approved by Dell and should be used with appropriate caution. Dell shall not be liable for any loss, including but not limited to loss of data, loss of profit or loss of revenue, which customers may incur by following any procedure or advice set out in the Quick Tips.