I was at a customer a couple of months ago and they hadn’t turned on DNS Scavenging.
To all of your Network Engineers and Network Administrators, I firmly believe this is one of those items which is a must if you utilize Windows DNS.
I created this document for my customer to turn this feature on and do in such a way, they don’t get burned. Typically, I’ve found when I go to customers and they don’t have this feature turned on, they have did so in the past with a major burn mark across their rear end from the fire.
Well, I hope this helps you and if you have questions, please let me know.
Backup DNS Zones
Steps to turn on DNS Scavenging
- (Baby Steps) Steps to prevent issues with enabling DNS Scavenging. (This is the most important section to prevent issues with scavenging. Make sure this is completed with diligence.)
- In DHCP, set reservations for printers and any other devices (i.e. computers, servers.etc…) are utilizing DHCP for their IP address.
- In DNS, uncheck devices which shouldn’t be scavenged.
- To do this open DNS –> click View –> click Advanced.
- Right click on the record –> click properties –> uncheck “Delete this record when it becomes stale”
- Things to check if you find old records:
- Does an IPConfig /registerdns work?
- Who is the owner of the record (see security tab in the record properties)?
- Was the record statically created by an admin then later enabled for scavenging? If so you may need to delete the record to clear ownership and run an IPConfig /registerdns to get it updated.
- Is the server replicating OK with AD?
- Do not proceed unless you can explain any outdated records.
- Enable DNS scavenging on a single DNS server
- To set aging and scavenging properties for the DNS server
- Log on to the computer that is running the DNS Server service with an account that is a member of the local Administrators group.
- In the DNS console tree, right-click the applicable DNS server, and then click Set Aging/Scavenging for all zones.
- Select the Scavenge stale resource records check box.
- Modify other aging and scavenging properties as needed.
- To set aging and scavenging properties for a zone
- Log on to the computer that is running the DNS Server service with an account that is a member of the local Administrators group.
- In the DNS console tree, right-click the applicable zone, then click Properties.
- On the General tab, click Aging, and then select the Scavenge stale resource records check box.
- Modify other aging and scavenging properties as needed.
- Once enabled create a new test record and enable it for scavenging. Then map out the point in time when this record will disappear. Here is how:
- Start with the timestamp on the record
- Add the refresh interval
- Add the no refresh interval
- The result will be your “eligible to scavenge” time. The record will not disappear at this time though. It’s just eligible.
- Check your DNS event logs for 2501 and 2502 events to find what hour the DNS server is doing a scavenging run.
- Take your “eligible to scavenge” time, find the most recent 2501/2502 event and add the server’s Scavenging Period (from server properties | advanced tab) to it. This is the point in time when the test record you just created will disappear.
- To set aging and scavenging properties for the DNS server
- After Scavenging turned on
- During the time of scavenging review the DNS logs to monitor errors
- About 1 month after scavenging was turned on, run the following script and port out to XLS file to see if DNS has records with old TTL’s scavenging didn’t remove.