1:00 AM
El DiPablo
One of the many many tasks I was asked to lift off the shoulders of my company’s other Sr. Systems Engineer was to clean up DNS in the many domains we administer. He apparently took over an aging network that needs some serious TLC.
Since he is overloaded with many other projects, I gladly took that one off his plate. If you ever find your self having to do a similar project, it is actually pretty easy to do. You see Microsoft has built a feature into it’s DNS server that does an auto cleanup of stale records in DNS, the problem is they don’t turn it on by default. A lot of Systems Administrators overlook this feature when initially setting up DNS on their networks, and over time it can create problems, and a messy DNS structure.
The feature is called Aging and Scavenging. If this feature is never enabled you may encounter the following problems:
- If a large number of stale resource records remain in server zones, they can eventually take up server disk space and cause unnecessarily long zone transfers.
- DNS servers loading zones with stale RRs might use outdated information to answer client queries, potentially causing the clients to experience name resolution problems on the network.
- The accumulation of stale RRs at the DNS server can degrade its performance and responsiveness.
- In some cases, the presence of a stale RR in a zone could prevent a DNS domain name from being used by another computer or host device.
To enable Aging and Scavenging on all DNS zones do the following:
-
Open the DNS snap-in.
-
In the console tree, right-click the applicable Domain Name System (DNS) server, and then click Set Aging/Scavenging for All Zones.
-
Select the Scavenge stale resource records check box.
-
Modify other aging and scavenging properties as needed
You can also simply make the change on individual zones as well, to do that:
-
Open the DNS snap-in.
-
In the console tree, right-click the applicable zone, and then click Properties.
-
On the General tab, click Aging.
-
Select the Scavenge stale resource records check box.
-
Modify other aging and scavenging properties as needed.
By default, the aging and scavenging mechanism for the DNS Server service is disabled. It should only be enabled when all parameters are fully understood. Otherwise, the server could be accidentally configured to delete records that should not be deleted. If a record is accidentally deleted, not only will users fail to resolve queries for that record, but any user can create the record and take ownership of it, even on zones configured for secure dynamic update.
Still though, I think the good outweighs the bad with this feature. What do you think though? have you ever had problems with this feature? Do you know of some other good tools to use with DNS/AD cleanup? Let me know in the comments!
Posted in: 
