DNS servers running Windows Server 200x support aging and scavenging features. These features are provided as a means for performing cleanup and removal of stale resource records in the DNS zone. With dynamic DNS (DDNS), resource records are automatically added and updated in their corresponding DNS zones.
However, in some cases, they are not automatically removed when computers leave the network. For example, if a computer registers its own host (A) resource record and is later improperly disconnected from the network, its host (A) resource records will most likely remain in the zone.
This can occur frequently on networks that maintain large numbers of mobile devices. If left unmanaged, the presence of stale resource records in zone data can cause some problems, such as:
- If a large number of stale resource records remain in DNS zones, they can eventually take up server disk space, cause unnecessarily long zone transfers, and degrade server performance over time.
- DNS servers loading zones with stale resource records might use outdated information to answer client queries, potentially causing the clients to experience name resolution problems.
- In some cases, the presence of a stale resource records in a zone could prevent a DNS domain name from being used by another computer or host device that is attempting to update the record with the correct information.
To solve these problems, the DNS Server service has the following processes in place:
- Time stamping resource records dynamically added to the zone.
- A time stamp value of zero is used for manually added records. These records are not affected by the aging process and can remain without limitation in zone data unless you otherwise change their time stamp or delete them.
- Aging of resource records in the zones, based on a specified refresh time period.
Prerequisites for aging/scavenging
Before the aging and scavenging features of DNS can be used, several conditions must be met. For example:
- Scavenging and aging must be enabled both at the DNS server object level and on the zone. By default, aging and scavenging of resource records is disabled.
- Resource records must either be dynamically added to zones or manually modified to be used in aging and scavenging operations. For records with a time stamp of zero, you can administer these records individually, to reset and permit them to use a current time stamp value. This enables these records to become aged and scavenged.
Important Terminology
Resource Record Timestamp
A date and time value is used by the DNS server to determine the removal of the resource record when it performs aging and scavenging operations.
No-refresh Interval
An interval of time, determined for each zone, as managed by the following events:
- The date and time when the record was last refreshed and its time stamp set.
- The date and time when the record next becomes eligible to be refreshed and have its time stamp reset.
This value is needed to decrease the number of write operations. By default, this interval is set to 7 days.
Refresh Interval
An interval of time, determined for each zone, as managed by the following events:
- The earliest date and time when the record becomes eligible to be refreshed and have its time stamp reset.
- The earliest date and time when the record becomes eligible to be scavenged and removed from the zone database.
This value should be large enough to allow all clients to refresh their records. By default, this interval is set to 7 days.
Scavenging period
When automatic scavenging is enabled at the server, this period represents the time between repetitions of the automated scavenging process. The default value for this is 7 days. To prevent the deterioration of DNS server performance, the minimum allowed value is 1 hour.
Record Refresh vs Record Update
Record Refresh
Refreshes to the client’s DNS resource record generally occur for the following reasons:
- When a computer is restarted on the network and, if at startup, its name and IP address information are consistent with the same name and address information it used prior to being shut down, it sends a refresh to renew its associated resource records for this information.
- The Windows DNS Client service renews DNS registration of client resource records every 24 hours. When this dynamic update occurs, if the dynamic update request does not cause modification to the DNS database, then it is considered to be a refresh and not a resource record update.
- Other network services make refresh attempts, such as: DHCP servers which renew client address leases, cluster servers which register and update records for a cluster, and the Net Logon service, which can register and update resource records used by Active Directory domain controllers.
Record Update
Updates generally occur for the following reasons:
- When a new computer is added to the network and, at startup, it sends an update to register its resource records for the first time with its configured zone.
- When a computer with existing records in the zone has a change in IP address, causing updates to be sent for its revised name-to-address mappings in DNS zone data.
Scavenging
Once all prerequisites for enabling the use of scavenging are met, it can start for a server zone when the current server time is greater than the value of the start scavenging time for the zone.
The server sets the time value to start scavenging on a per-zone basis whenever one of the following events occurs:
- Dynamic updates are enabled for the zone.
- A change in the state of the Scavenge stale resource records check box is applied. You can use the DNS console to modify this setting at either an applicable DNS server or one of its primary zones.
- The DNS server loads a primary zone enabled to use scavenging.
- When a zone resumes service after having been paused.
When the previous events occur, the DNS server sets the value of start scavenging time by calculating the following sum: Current server time + Refresh interval = Start scavenging time
Example of the Aging and Scavenging Process
To understand the process of aging and scavenging at the server, consider the life span and stages of a single resource record, as it is added to a server and zone where this process is in effect and then aged and removed from the database.
- A sample DNS host, “hostA.itgeared.com”, registers its host (A) resource record at the DNS server for a zone where aging/scavenging is enabled for use.
- When registering the record, the DNS server places a time stamp on this record based on current server time. After the record time stamp is written, the DNS server does not accept refreshes for this record for the duration of the zone no-refresh interval (by default, 7 days). It can, however, accept updates prior to that time. For example, if the IP address for ” hostA.itgeared.com ” changes, the DNS server can accept the update. In this case, the server also updates (resets) the record time stamp.
- Upon expiration of the no-refresh period, the server begins to accept attempts to refresh this record. Once the initial no-refresh period ends, the refresh period immediately begins for the record. During this time, the server does not suppress attempts to refresh the record for its remaining life span.
- During and after the refresh period, if the server receives a refresh for the record, it processes it. This resets the time stamp for the record.
- When subsequent scavenging is performed by the server for the ” itgeared.com ” zone, the record (and all other zone records) are examined by the server.
Each record is compared to the current server time on the basis of the following sum to determine whether the record should be removed: Record time stamp + No-refresh interval for zone + Refresh interval for zone
If the value of this sum is greater than the current server time, no action is taken and the record continues to age in the zone. If the value of this sum is less than the current server time, the record is deleted both from any zone data currently loaded in server memory and also from the applicable zone.
