DNS: The DNS server should have scavenging enabled

Updated: October 15, 2010

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012

This topic is intended to address a specific issue identified by a Microsoft Baseline Configuration Analyzer or Best Practices Analyzer scan. You should apply the information in this topic only to computers that have had the DNS Microsoft Baseline Configuration Analyzer or DNS Best Practices Analyzer run against them and are experiencing the issue addressed by this topic. For more information about best practices and scans, see Best Practices Analyzer.

Operating System

Windows Server 2008, Windows Server 2008 R2, Windows Server 2012

Product/Feature

DNS

Severity

Warning

Category

Configuration

Issue

Scavenging is disabled on the DNS server.

Scavenging will not occur for any zones or records on this server because the EnableScavenging parameter is set to 0 or null on the server.

Impact

The size of the DNS database can become excessive if scavenging is not enabled.

Scavenging automates the deletion of old records. When scavenging is disabled, these records must be deleted manually or the size of the DNS database can become large and have an adverse effect on performance.

Resolution

Enable scavenging on the DNS server.

Membership in Administrators, or equivalent, is the minimum required to complete these procedures. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).

To enable scavenging on the DNS server

  1. Click Start, click Run, type dnsmgmt.msc, and then press ENTER. The DNS Manager console will open.

  2. Click the Advanced tab.

  3. Select the Enable automatic scavenging of stale records check box.

  4. To adjust the Scavenging period, in the drop-down list, select an interval in either hours or days, and then type a number in the text box. The default value for the scavenging interval is seven days. Values less than 6 hours or greater than 28 days are not recommended.

Additional considerations

Stale resource records can result from performing dynamic updates because that process automatically adds resource records to zones when computers start on the network. In some cases, those resource records are not automatically removed when computers leave the network. For example, if a computer registers its own host (A) resource record at startup, and then is improperly disconnected from the network, its host (A) resource record might not be deleted. If your network has mobile users and computers, this situation can occur frequently. To allow automatic cleanup and removal of stale resource records, enable aging and scavenging on the DNS server.

See Also

Concepts

Enable Aging and Scavenging for DNS