The DNS Server service supports aging and scavenging features. These features are provided as a mechanism for performing cleanup and removal of stale resource records, which can accumulate in zone data over time.
With dynamic update, resource records are automatically added to zones when computers start on the network. However, in some cases, they are not automatically removed when computers leave the network. For example, if a computer registers its own host (A) resource record at startup and is later improperly disconnected from the network, its host (A) resource record might not be deleted. If your network has mobile users and computers, this situation can occur frequently.
If left unmanaged, the presence of stale resource records in zone data may cause some problems:
- If a large number of stale resource records
remain in zones, they can eventually take up server disk space and
cause unnecessarily long zone transfers.
- Domain Name System (DNS) servers that load
zones that contain stale resource records might use outdated
information to answer client queries, potentially causing the
clients to experience name resolution problems on the network.
- The accumulation of stale resource records at
the DNS server can degrade its performance and responsiveness.
- In some cases, the presence of a stale
resource record in a zone can prevent a DNS domain name from being
used by another computer or host device.
To solve these problems, the DNS Server service has the following features:
- Time stamping, based on the current date and
time that is set at the server computer, for any resource records
that are added dynamically to primary-type zones. In addition, time
stamps are recorded in standard primary zones where aging and
scavenging is enabled.
For resource records that you add manually, a time-stamp value of zero is used, indicating that these records are not affected by the aging process and that they can remain without limitation in zone data unless you otherwise change their time stamp or delete them.
- Aging of resource records in local data,
based on a specified refresh time period, for any eligible
Only primary-type zones that are loaded by the DNS Server service are eligible to participate in this process.
- Scavenging for any resource records that
persist beyond the specified refresh period.
When a DNS server performs a scavenging operation, it can determine that resource records have aged to the point of becoming stale and remove them from zone data. You can configure servers to perform recurring scavenging operations automatically, or you can initiate an immediate scavenging operation at the server.
For more information, see either Enable Automatic Scavenging of Stale Resource Records or Start Immediate Scavenging of Stale Resource Records.
By default, the aging and scavenging mechanism for the DNS Server service is disabled. It should be enabled only when all parameters are fully understood. Otherwise, the server can be accidentally configured to delete records that should not be deleted. If a record is accidentally deleted, not only will users fail to resolve queries for that record, but any user can create a record and take ownership of it, even on zones that are configured for secure dynamic update.
A server uses the contents of each resource-record-specific time stamp, along with other aging and scavenging properties that you can adjust or configure, to determine when it scavenges records.
Prerequisites for aging and scavenging
Before you can use the aging and scavenging features of DNS, several conditions must be met:
- Scavenging and aging must be enabled, both at the DNS server
and on the zone.
By default, aging and scavenging of resource records is disabled.
- Resource records must either be dynamically added to zones or
manually modified to be used in aging and scavenging
Typically, only those resource records that are added dynamically using the DNS dynamic update protocol are subject to aging and scavenging.
You can, however, enable scavenging for other resource records that are added through nondynamic means. For records that are added to zones in this way, either by loading a text-based zone file from another DNS server or by manually adding them to a zone, a time stamp of zero is set. This makes these records ineligible for use in aging and scavenging operations.
To change this default, you can administer these records individually, to reset and permit them to use a current (nonzero) time-stamp value. This makes it possible for these records to become aged and scavenged.
For more information, see Reset Aging and Scavenging Properties for a Specified Resource Record.
In the case of changing a zone from standard primary to Active Directory-integrated, you may want to enable scavenging of all existing resource records in the zone. To enable aging for all existing resource records in a zone, you can use the AgeAllRecords command, which is available through the dnscmd command-line tool.
Aging and scavenging terminology
The following table indicates new or revised terms that have been introduced to help specifically when discussing aging and scavenging.
Resource record time stamp
A date and time value that is used by the DNS server to determine removal of the resource record when it performs aging and scavenging operations.
Current server time
The current date and time on the DNS server. This number can be expressed as an exact numeric value at any point in time.
An interval of time, determined for each zone, as bounded by the following two events:
This value is needed to decrease the number of write operations to the Active Directory database. By default, this interval is set to seven days. It should not be increased to an unreasonably high level, because the benefits of the aging and scavenging feature might either be lost or diminished.
An interval of time, determined for each zone, as bounded by the following two distinct events:
This value should be large enough to allow all clients to refresh their records. By default, this interval is set to seven days. It should not be increased to an unreasonably high level, because the benefits of the aging and scavenging feature might either be lost or diminished.
Start scavenging time
A specific time, expressed as a number. This time is used by the server to determine when a zone becomes available for scavenging.
When automatic scavenging is enabled at the server, this period represents the time between repetitions of the automated scavenging process. The default value for this is seven days. To prevent deterioration of DNS server performance, the minimum allowed value for this is one hour.
When a DNS dynamic update is processed for a resource record when only the resource record time stamp, and no other characteristics of the record, are revised.
Refreshes generally occur for the following reasons:
When a DNS dynamic update is processed for a resource record where other characteristics of the record in addition to its time stamp are revised.
Updates generally occur for the following reasons:
An optional advanced zone parameter that enables you to specify a restricted list of IP addresses for DNS servers that are enabled to perform scavenging of the zone.
By default, if this parameter is not specified, all DNS servers that load a directory-integrated zone (also enabled for scavenging) attempt to perform scavenging of the zone. In some cases, this parameter can be useful if it is preferable that scavenging only be performed at some servers loading the directory-integrated zone.
To set this parameter, you must specify the list of IP addresses for the servers that are enabled to scavenge the zone in the ZoneResetScavengeServers parameter for the zone. This can be done using the dnscmd command, a command-line based tool for administering Windows DNS servers.
When scavenging can start
After all prerequisites for enabling the use of scavenging are met, it can start for a server zone when the current server time is greater than the value of the start scavenging time for the zone.
The server sets the time value to start scavenging on a per-zone basis whenever one of the following events occurs:
- Dynamic updates are enabled for the zone.
- A change in the state of the Scavenge
stale resource records check box is applied. You can use DNS
Manager to modify this setting at either an applicable DNS server
or one of its primary zones.
- The DNS server loads a primary zone that is
enabled to use scavenging.
This can occur when the server computer is started or when the DNS Server service is started.
- When a zone resumes service after having been
- If the zone is AD DS-integrated,
replication for the zone must have taken place at least once since
the DNS service was restarted or the domain controller was
rebooted. When the previous events occur, the DNS server sets the
value of start scavenging time by calculating the following
Current server time + Refresh interval = Start scavenging time
This value is used as a basis of comparison during scavenging operations.
Example: the aging and scavenging process for a sample record
To understand the process of aging and scavenging at the server, consider the life span and successive stages of a single resource record, as it is added to a server and zone where this process is in effect and then aged and removed from the database.
- A sample DNS host, "host-a.example.microsoft.com", registers
its host (A) resource record at the DNS server for a zone where
aging and scavenging are enabled for use.
- When registering the record, the DNS server places a time stamp
on this record based on current server time.
After the record time stamp is written, the DNS server does not accept refreshes for this record for the duration of the zone no-refresh interval. It can, however, accept updates before that time. For example, if the IP address for "host-a.example.microsoft.com" changes, the DNS server can accept the update. In this case, the server also updates (resets) the record time stamp.
- Upon expiration of the no-refresh period, the server begins to
accept attempts to refresh this record.
When the initial no-refresh period ends, the refresh period immediately begins for the record. During this time, the server does not suppress attempts to refresh the record for its remaining life span.
- During and after the refresh period, if the server receives a
refresh for the record, it processes it.
This resets the time stamp for the record based on the method that is described in step 2.
- When subsequent scavenging is performed by the server for the
"example.microsoft.com" zone, the record (and all other zone
records) are examined by the server.
Each record is compared to current server time on the basis of the following sum to determine whether the record should be removed:
Record time stamp + No-refresh interval for zone + Refresh interval for zone
- If the value of this sum is greater than
current server time, no action is taken and the record continues to
age in the zone.
- If the value of this sum is less than current
server time, the record is deleted both from any zone data
currently loaded in server memory and also from the applicable
DnsZone object store in Active Directory Domain Services
(AD DS) for the directory-integrated "example.microsoft.com"
- If the value of this sum is greater than current server time, no action is taken and the record continues to age in the zone.