none
DNS Scavenging - How replication of records works RRS feed

  • Question

  • Hi All,

    Need clarification on how DNS replication works when Scavenging is enabled,

    In our infrastructure, we have 40 Domain Controllers, we have our production AD integrated DNS Zone eg:contoso.com, and Scavenging is not enabled from past 3 years.

    Now we want to enable scavenging as multiple systems having same IP are there and thousands of records are stale.

    My question is, I can see the timestamp on dynamic record are different in multiple DCs, eg: server01.contoso.com is having timestamp of 10/20/2016 in DC01 and in DC02 timestamp is 11/20/2016, Server01 is still active.

    When we enable scavenging on DC01,

    1) Will it update the record timestampt to current date? or will it delete the record considering it is stale?

    2) How replication of timestamp works in DNS? will it check all DCs and replicate the latest timestamp of a record or will it replicate the record available in Scavenging enabled DC?

    Please advice.

    Thanks in advance.

    Srivari.

    Friday, September 6, 2019 7:50 PM

Answers

  • Hi,

    Thanks for your question.

    Scavenging is the process of removal and clean-up of stale resource records from the DNS zone. The stale resource records will be removed only if the scavenging is enabled on the resource record,  where the resource record exists and at least one DNS hosting where the primary copy of the resource records exists.

    Scavenging can be set in three places:

    1) Individual record

    2) Zone

    3) Server

    If scavenging is set on zone it will work only for dynamic records. It will work for manual entries only if it’s enabled for the zone. Once scavenging is set on zone this will enable it on DNS servers. The DNS server where the scavenging option enabled is responsible to scavenge the record.

    Details,

    https://www.interserver.net/tips/kb/dns-aging-scavenging/

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Meanwhile, If DNS aging and scavenging is not enabled on an AD-integrated DNS zone, there is no need to replicate DNS resource records’ timestamps. This is because this information is needed only for aging and scavenging mechanism and there is no requirement for this replication if it is not enabled. That is why, when DNS aging and scavenging is disabled on an AD-integrated DNS zone, the timestamps of resource records on your DC/DNS servers are not consistent (The resource record timestamp is updated on the DNS server that refreshed the record and not replicated to other DC/DNS servers).

    When DNS aging and scavenging is enabled on an AD-integrated DNS zone, the update of a resource record timestamp will start to be replicated to other DC/DNS servers. It is then important that the scavenging for the DNS zone is not done until you are sure that the update of your dynamic resource records was done and replicated. If not, you can see a bulk removal of DNS records that are legitimate and should not be removed.

    Details,

    https://social.technet.microsoft.com/wiki/contents/articles/21724.how-dns-aging-and-scavenging-works.aspx

    Hope above information can help you.

    Highly appreciate your effort and time. If you have any question or concern, please feel free to let me know.

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    Monday, September 9, 2019 12:11 PM

All replies

  • Hi,

    Thanks for your question.

    Scavenging is the process of removal and clean-up of stale resource records from the DNS zone. The stale resource records will be removed only if the scavenging is enabled on the resource record,  where the resource record exists and at least one DNS hosting where the primary copy of the resource records exists.

    Scavenging can be set in three places:

    1) Individual record

    2) Zone

    3) Server

    If scavenging is set on zone it will work only for dynamic records. It will work for manual entries only if it’s enabled for the zone. Once scavenging is set on zone this will enable it on DNS servers. The DNS server where the scavenging option enabled is responsible to scavenge the record.

    Details,

    https://www.interserver.net/tips/kb/dns-aging-scavenging/

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Meanwhile, If DNS aging and scavenging is not enabled on an AD-integrated DNS zone, there is no need to replicate DNS resource records’ timestamps. This is because this information is needed only for aging and scavenging mechanism and there is no requirement for this replication if it is not enabled. That is why, when DNS aging and scavenging is disabled on an AD-integrated DNS zone, the timestamps of resource records on your DC/DNS servers are not consistent (The resource record timestamp is updated on the DNS server that refreshed the record and not replicated to other DC/DNS servers).

    When DNS aging and scavenging is enabled on an AD-integrated DNS zone, the update of a resource record timestamp will start to be replicated to other DC/DNS servers. It is then important that the scavenging for the DNS zone is not done until you are sure that the update of your dynamic resource records was done and replicated. If not, you can see a bulk removal of DNS records that are legitimate and should not be removed.

    Details,

    https://social.technet.microsoft.com/wiki/contents/articles/21724.how-dns-aging-and-scavenging-works.aspx

    Hope above information can help you.

    Highly appreciate your effort and time. If you have any question or concern, please feel free to let me know.

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    Monday, September 9, 2019 12:11 PM
  • Hi,

     

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

     

    Best Regards,

     

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, September 10, 2019 9:50 AM
  • Thanks Michael!

    Yes, it is helpful!!

    Tuesday, September 17, 2019 8:05 PM
  • Hi,

    I'm very glad that the information here is helpful to you.

    Also thanks for your sharing and support.

    Have a nice day!

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, September 18, 2019 2:52 AM