Back

Best Practices on Windows DNS Scavenging

Scavenging will help you clean up old unused records in DNS Since clean up really means delete stuff a good understanding of what you are doing ...

3 min read
Published on Mar 21, 2008
Best Practices on Windows DNS Scavenging

Scavenging will help you clean up old unused records in DNS.  Since “clean up” really means “delete stuff” a good understanding of what you are doing and a healthy respect for “delete stuff” will keep you out of the hot grease.  Because deletion is involved there are quite a few safety valves built into scavenging that take a long time to pop.  When enabling scavenging patience is required.  It will work just fine, but not today!

Note: For purposes of this discussion we are going to concentrate on the most common Windows DNS scenario: Windows Server 2003 DNS servers hosting AD integrated zones.

Scavenging is set in three places on a Windows Server:

  1. On the individual resource record to be scavenged.
  2. On a zone to be scavenged.
  3. At one or more servers performing scavenging.

It must be set in all three places or nothing happens.

Scavenging settings on a Resource Record

To see the scavenging setting on a record hit View | Advanced in the DNS MMC then bring up properties on a record.

Scavenging settings on a Resource Record Scavenging gets set on a resource record in one of three ways.  The first is by someone coming in here, checking the “Delete this record when it becomes stale” checkbox and hitting apply.  When you hit apply the time of day will be rounded down to the nearest hour and applied as the timestamp on the record.  Static records have a timestamp of 0 indicating do not scavenge.

The second is when a record gets created by a client machine registering using dynamic DNS.  Windows clients will attempt to dynamically update DNS every 24 hours.  All DDNS records get set to scavenge.  When a record is first created by a client that has no existing record it is considered an “Update” and the timestamp is set.  If the client has an existing host record and changes the IP of the host record this is also considered an “Update” and the timestamp is set.  If the client has an existing host record with the same IP address then this is considered a “Refresh” and the timestamp may or may not get changed depending on zone settings.  More on this later.

The third way to set scavenging on records is by using DNScmd.exe with the /ageallrecords switch.  Let’s pause here for a few moments to consider a few important words: All, Records, Delete, Stuff.  If you actually run this command against a zone it will truly set scavenging and a timestamp on all records in the zone including static records that you never want to be scavenged.  Because of the time it takes scavenging to do it’s thing people find this command and get tempted to give it a try.  Do not.  It will delete stuff.  Have patience instead.

Once a timestamp is set on a record it will replicate around to all servers that host the zone.  There is one caveat to this.  If scavenging is not enabled on the zone that hosts the record then it will never scavenge so the timestamp is essentially irrelevant.  The timestamp may get updated on the server where the client dynamically registers but it will not replicate around to the other servers in the zone.  

Read the rest of the article @> Microsoft Enterprise Networking Team : Don’t be afraid of DNS Scavenging. Just be patient.

This post has matured and its content may no longer be relevant beyond historical reference. To see the most current information on a given topic, click on the associated category or tag.

Related Posts

Critical Data Backup in Azure | Identify & Protect What Matters

Identifying Critical Data and Applications for Backup in Azure

Learn how to identify and prioritize your critical data and applications for backup in Azure to reduce risk, ensure business continuity, and meet compliance requirements.

Oct 3, 2025
5 min read
Microsoft 365 Backup Compliance | Key Risks & Best Practices

Compliance Considerations When Backing Up Microsoft 365 Data

Ensure your Microsoft 365 backups meet compliance requirements for CMMC, NIST 800-171, and other regulations. Learn key considerations to avoid violations.

Oct 3, 2025
6 min read
Azure Backup Needs Assessment | Plan Your Cloud Data Protection

Assessing Your Organization's Backup Needs for Azure Workloads

Learn how to assess your backup needs for Azure workloads, from compliance and recovery objectives to choosing the right tools for data protection and resilience.

Sep 26, 2025
6 min read
CUI Compliance and the Role of MSPs

Overview of CUI Compliance and the Role of MSPs

Explore the essentials of CUI compliance and how MSPs support DFARS, NIST 800-171, and ITAR requirements through secure IT services and expert guidance.

Sep 26, 2025
7 min read
Evaluating Data Retention Policies for Microsoft 365 and Azure

Evaluating Data Retention Policies for Microsoft 365 and Azure

Learn how to evaluate and manage data retention policies in Microsoft 365 and Azure to meet compliance, security, and operational needs.

Sep 26, 2025
6 min read
How MSPs Help Meet CUI Compliance Requirements

How MSPs Help Organizations Meet CUI Compliance Requirements

Learn how MSPs help organizations meet CUI compliance by offering expertise, secure environments, and ongoing support for DFARS and NIST 800-171 standards.

Sep 26, 2025
7 min read

Ready to Secure and Defend Your Data
So Your Business Can Thrive?

Fill out the form to see how we can protect your data and help your business grow.

Loading...
Secure. Defend. Thrive.

Let's start a conversation

Discover more about Agile IT's range of services by reaching out.

Don’t want to wait for us to get back to you?

Schedule a Free Consultation

Location

Agile IT Headquarters
4660 La Jolla Village Drive #100
San Diego, CA 92122