DNS: Zone <zone name> scavenging parameters should be set to default values
Updated: October 15, 2010
Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012
This topic is intended to address a specific issue identified by a Microsoft Baseline Configuration Analyzer or Best Practices Analyzer scan. You should apply the information in this topic only to computers that have had the DNS Microsoft Baseline Configuration Analyzer or DNS Best Practices Analyzer run against them and are experiencing the issue addressed by this topic. For more information about best practices and scans, see Best Practices Analyzer.
Operating System |
Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 |
Product/Feature |
DNS |
Severity |
Warning |
Category |
Configuration |
Issue
The refresh and no-refresh scavenging intervals for the zone are not set to the default values.
One or both of the zone scavenging parameters: no-refresh and refresh interval, are not set to the default value of 7 days.
Impact
The DNS server will scavenge resource records too frequently or not frequently enough.
If the values for the no-refresh and refresh intervals are set to a small value, the DNS server may scavenge resource records too often. If the values for the no-refresh and refresh intervals are set to a large value, the DNS server may not scavenge the DNS records in a timely manner which might cause growth in the size of the DNS database.
Resolution
Configure the refresh and no-refresh intervals for the zone to the default values.
To ensure that records do not refresh prematurely, keep the no-refresh interval comparable in length to the current refresh interval for each resource record. For example, if you increase the refresh interval to a higher value, you can similarly increase the no-refresh interval. In most instances, the default interval of seven days is sufficient and does not need to be changed.
Membership in Administrators, or equivalent, is the minimum required to complete these procedures. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).
To configure no-refresh and refresh intervals for a zone using the Windows interface
Click Start, click Run, type dnsmgmt.msc, and then press ENTER. The DNS Manager console will open.
In the console tree, right-click the applicable zone, and then click Properties.
On the General tab, click Aging.
Select the Scavenge stale resource records check box.
Next to No-refresh interval, type 7 and then choose days from the drop-down menu.
Next to Refresh, type 7 and then choose days from the drop-down menu.
Click OK, and then click OK again.