The DNS Server service supports aging and scavenging features. These features are provided as a mechanism for performing cleanup and removal of stale resource records, which can accumulate in zone data over time.

With dynamic update, resource records are automatically added to zones when computers start on the network. However, in some cases, they are not automatically removed when computers leave the network. For example, if a computer registers its own host (A) resource record at startup and is later improperly disconnected from the network, its host (A) resource record might not be deleted. If your network has mobile users and computers, this situation can occur frequently.

If left unmanaged, the presence of stale resource records in zone data may cause some problems:

To solve these problems, the DNS Server service has the following features:

Caution

By default, the aging and scavenging mechanism for the DNS Server service is disabled. It should be enabled only when all parameters are fully understood. Otherwise, the server can be accidentally configured to delete records that should not be deleted. If a record is accidentally deleted, not only will users fail to resolve queries for that record, but any user can create a record and take ownership of it, even on zones that are configured for secure dynamic update.

A server uses the contents of each resource-record-specific time stamp, along with other aging and scavenging properties that you can adjust or configure, to determine when it scavenges records.

Prerequisites for aging and scavenging

Before you can use the aging and scavenging features of DNS, several conditions must be met:

  1. Scavenging and aging must be enabled, both at the DNS server and on the zone.

    By default, aging and scavenging of resource records is disabled.

  2. Resource records must either be dynamically added to zones or manually modified to be used in aging and scavenging operations.

    Typically, only those resource records that are added dynamically using the DNS dynamic update protocol are subject to aging and scavenging.

    You can, however, enable scavenging for other resource records that are added through nondynamic means. For records that are added to zones in this way, either by loading a text-based zone file from another DNS server or by manually adding them to a zone, a time stamp of zero is set. This makes these records ineligible for use in aging and scavenging operations.

    To change this default, you can administer these records individually, to reset and permit them to use a current (nonzero) time-stamp value. This makes it possible for these records to become aged and scavenged.

    For more information, see Reset Aging and Scavenging Properties for a Specified Resource Record.

Note

In the case of changing a zone from standard primary to Active Directory-integrated, you may want to enable scavenging of all existing resource records in the zone. To enable aging for all existing resource records in a zone, you can use the AgeAllRecords command, which is available through the dnscmd command-line tool.

Aging and scavenging terminology

The following table indicates new or revised terms that have been introduced to help specifically when discussing aging and scavenging.

Term Description

Resource record time stamp

A date and time value that is used by the DNS server to determine removal of the resource record when it performs aging and scavenging operations.

Current server time

The current date and time on the DNS server. This number can be expressed as an exact numeric value at any point in time.

No-refresh interval

An interval of time, determined for each zone, as bounded by the following two events:

  1. The date and time when the record was last refreshed and its time stamp was set.

  2. The date and time when the record next becomes eligible to be refreshed and have its time stamp reset.

This value is needed to decrease the number of write operations to the Active Directory database. By default, this interval is set to seven days. It should not be increased to an unreasonably high level, because the benefits of the aging and scavenging feature might either be lost or diminished.

Refresh interval

An interval of time, determined for each zone, as bounded by the following two distinct events:

  1. The earliest date and time when the record becomes eligible to be refreshed and have its time stamp reset.

  2. The earliest date and time when the record becomes eligible to be scavenged and removed from the zone database.

This value should be large enough to allow all clients to refresh their records. By default, this interval is set to seven days. It should not be increased to an unreasonably high level, because the benefits of the aging and scavenging feature might either be lost or diminished.

Start scavenging time

A specific time, expressed as a number. This time is used by the server to determine when a zone becomes available for scavenging.

Scavenging period

When automatic scavenging is enabled at the server, this period represents the time between repetitions of the automated scavenging process. The default value for this is seven days. To prevent deterioration of DNS server performance, the minimum allowed value for this is one hour.

Record refresh

When a DNS dynamic update is processed for a resource record when only the resource record time stamp, and no other characteristics of the record, are revised.

Refreshes generally occur for the following reasons:

  1. When a computer is restarted on the network and, if at startup, its name and IP address information are consistent with the same name and address information it used before being shut down, it sends a refresh to renew its associated resource records for this information.

  2. A periodic refresh is sent by the computer while it is running.

    The Windows DNS Client service renews DNS registration of client resource records every 24 hours. When this dynamic update occurs, if the dynamic update request does not cause modification to the DNS database, it is considered to be a refresh and not a resource record update.

  3. Other network services make refresh attempts, such as: DHCP servers, which renew client address leases; cluster servers, which register and update records for a cluster; and the Net Logon service, which can register and update resource records that are used by Active Directory domain controllers.

Record update

When a DNS dynamic update is processed for a resource record where other characteristics of the record in addition to its time stamp are revised.

Updates generally occur for the following reasons:

  1. When a new computer is added to the network and, at startup, it sends an update to register its resource records for the first time with its configured zone.

  2. When a computer with existing records in the zone has a change in IP address, causing updates to be sent for its revised name-to-address mappings in DNS zone data.

  3. When the Net Logon service registers a new Active Directory domain controller.

Scavenging servers

An optional advanced zone parameter that enables you to specify a restricted list of IP addresses for DNS servers that are enabled to perform scavenging of the zone.

By default, if this parameter is not specified, all DNS servers that load a directory-integrated zone (also enabled for scavenging) attempt to perform scavenging of the zone. In some cases, this parameter can be useful if it is preferable that scavenging only be performed at some servers loading the directory-integrated zone.

To set this parameter, you must specify the list of IP addresses for the servers that are enabled to scavenge the zone in the ZoneResetScavengeServers parameter for the zone. This can be done using the dnscmd command, a command-line based tool for administering Windows DNS servers.

When scavenging can start

After all prerequisites for enabling the use of scavenging are met, it can start for a server zone when the current server time is greater than the value of the start scavenging time for the zone.

The server sets the time value to start scavenging on a per-zone basis whenever one of the following events occurs:

  • Dynamic updates are enabled for the zone.

  • A change in the state of the Scavenge stale resource records check box is applied. You can use DNS Manager to modify this setting at either an applicable DNS server or one of its primary zones.

  • The DNS server loads a primary zone that is enabled to use scavenging.

    This can occur when the server computer is started or when the DNS Server service is started.

  • When a zone resumes service after having been paused.

  • If the zone is AD DS-integrated, replication for the zone must have taken place at least once since the DNS service was restarted or the domain controller was rebooted. When the previous events occur, the DNS server sets the value of start scavenging time by calculating the following sum:

    Current server time + Refresh interval = Start scavenging time

    This value is used as a basis of comparison during scavenging operations.

Example: the aging and scavenging process for a sample record

To understand the process of aging and scavenging at the server, consider the life span and successive stages of a single resource record, as it is added to a server and zone where this process is in effect and then aged and removed from the database.

  1. A sample DNS host, "host-a.example.microsoft.com", registers its host (A) resource record at the DNS server for a zone where aging and scavenging are enabled for use.

  2. When registering the record, the DNS server places a time stamp on this record based on current server time.

    After the record time stamp is written, the DNS server does not accept refreshes for this record for the duration of the zone no-refresh interval. It can, however, accept updates before that time. For example, if the IP address for "host-a.example.microsoft.com" changes, the DNS server can accept the update. In this case, the server also updates (resets) the record time stamp.

  3. Upon expiration of the no-refresh period, the server begins to accept attempts to refresh this record.

    When the initial no-refresh period ends, the refresh period immediately begins for the record. During this time, the server does not suppress attempts to refresh the record for its remaining life span.

  4. During and after the refresh period, if the server receives a refresh for the record, it processes it.

    This resets the time stamp for the record based on the method that is described in step 2.

  5. When subsequent scavenging is performed by the server for the "example.microsoft.com" zone, the record (and all other zone records) are examined by the server.

    Each record is compared to current server time on the basis of the following sum to determine whether the record should be removed:

    Record time stamp + No-refresh interval for zone + Refresh interval for zone

    • If the value of this sum is greater than current server time, no action is taken and the record continues to age in the zone.

    • If the value of this sum is less than current server time, the record is deleted both from any zone data currently loaded in server memory and also from the applicable DnsZone object store in Active Directory Domain Services (AD DS) for the directory-integrated "example.microsoft.com" zone.