Steps to turn on DNS Scavenging | Quisitive
Steps to turn on DNS Scavenging
February 27, 2009
Quisitive
How did I do it?

I was at a customer a couple of months ago and they hadn’t turned on DNS Scavenging.

To all of your Network Engineers and Network Administrators, I firmly believe this is one of those items which is a must if you utilize Windows DNS.

I created this document for my customer to turn this feature on and do in such a way, they don’t get burned. Typically, I’ve found when I go to customers and they don’t have this feature turned on, they have did so in the past with a major burn mark across their rear end from the fire.

Well, I hope this helps you and if you have questions, please let me know.

Backup DNS Zones

http://blogs.technet.com/networking/archive/2007/05/10/oops-our-ad-integrated-dns-zone-s-are-missing-in-windows-2003.aspx

Steps to turn on DNS Scavenging

  1. (Baby Steps) Steps to prevent issues with enabling DNS Scavenging. (This is the most important section to prevent issues with scavenging. Make sure this is completed with diligence.)
    • In DHCP, set reservations for printers and any other devices (i.e. computers, servers.etc…) are utilizing DHCP for their IP address.
    • In DNS, uncheck devices which shouldn’t be scavenged.
      • To do this open DNS –> click View –> click Advanced.
      • Right click on the record –> click properties –> uncheck “Delete this record when it becomes stale”
    • Things to check if you find old records:
      • Does an IPConfig /registerdns work?
      • Who is the owner of the record (see security tab in the record properties)?
      • Was the record statically created by an admin then later enabled for scavenging?  If so you may need to delete the record to clear ownership and run an IPConfig /registerdns to get it updated.
      • Is the server replicating OK with AD?
    • Do not proceed unless you can explain any outdated records.
  2. Enable DNS scavenging on a single DNS server
    • To set aging and scavenging properties for the DNS server
      • Log on to the computer that is running the DNS Server service with an account that is a member of the local Administrators group.
      • In the DNS console tree, right-click the applicable DNS server, and then click Set Aging/Scavenging for all zones.
      • Select the Scavenge stale resource records check box.
      • Modify other aging and scavenging properties as needed.
    • To set aging and scavenging properties for a zone
      • Log on to the computer that is running the DNS Server service with an account that is a member of the local Administrators group.
      • In the DNS console tree, right-click the applicable zone, then click Properties.
      • On the General tab, click Aging, and then select the Scavenge stale resource records check box.
      • Modify other aging and scavenging properties as needed.
    • Once enabled create a new test record and enable it for scavenging.  Then map out the point in time when this record will disappear.  Here is how:
      • Start with the timestamp on the record
      • Add the refresh interval
      • Add the no refresh interval
      • The result will be your “eligible to scavenge” time.  The record will not disappear at this time though.  It’s just eligible.
      • Check your DNS event logs for 2501 and 2502 events to find what hour the DNS server is doing a scavenging run.
      • Take your “eligible to scavenge” time, find the most recent 2501/2502 event and add the server’s Scavenging Period (from server properties | advanced tab) to it.  This is the point in time when the test record you just created will disappear.
  3. After Scavenging turned on
    • During the time of scavenging review the DNS logs to monitor errors
    • About 1 month after scavenging was turned on, run the following script and port out to XLS file to see if DNS has records with old TTL’s scavenging didn’t remove.