It is likely that by using the BPA (Best Practices Analyzer) on a new DNS server, you will find the following warning. In this post, I want to show you how to use the Set-DnsServerScavenging cmdlet to correct this warning. Scavenging will help you clean up old unused records in DNS. You can use aging settings to define when the DNS role can remove a stale record.

Scavenging

Important: Aging and scavenging are disabled by default on Windows DNS servers because they can have a negative impact if they are enabled and improperly configured.

DNS Scavenging depends on the following two configurations:

  • No-Refresh interval: The time between the most recent refresh of a record timestamp and the moment when the timestamp may be refreshed again. The default is seven days.
  • Refresh interval: The time between the earliest moment when a record timestamp can be refreshed and the earliest moment when the record can be scavenging. The refresh interval must be longer than the maximum record refresh period. By default, this is also seven days.

To enable Scavenging, you must enable it on:

  • The DNS Server
  • The DNS Zone

Enable Aging/Scavenging at the DNS Server

To enable Aging/Scavenging at the DNS Server with PowerShell, use the Set-DnsServerScavenging cmdlet with the following syntax:

Run PowerShell console as administrator, and then type:

Set-DnsServerScavenging

You can use the -ApplyOnAllZones parameter, this applies the server settings on all zones.

Enable Aging/Scavenging at the Zone.

To enable Aging/Scavenging at the DNS Server with PowerShell, use the Set-DnsServerZoneAging cmdlet with the following syntax:

Run PowerShell console as administrator, and then type:

Set-DnsServerZoneAging

With -ScavengeServers parameteryou can specify which server(s) can scavenge records in this zone. If you do not specify any scavenge servers, any primary DNS server that is authoritative for the zone can scavenge.

You can view the settings for your DNS server using the Get-DnsServerScavenging cmdlet.

Get-DnsServerScavenging

If you want to know more about Set-DnsServerScavenging cmdlet, check out this link: https://docs.microsoft.com/en-us/powershell/module/dnsserver/set-dnsserverscavenging?view=win10-ps