It is likely that by using the BPA (Best Practices Analyzer) on a new DNS server, you will find the following warning. In this post, I want to show you how to use the Set-DnsServerScavenging cmdlet to correct this warning. Scavenging will help you clean up old unused records in DNS. You can use aging settings to define when the DNS role can remove a stale record. Important: Aging and scavenging are disabled by default on Windows DNS servers because they can have a negative impact if they are enabled and improperly configured. DNS Scavenging depends on the following two configurations:
- No-Refresh interval: The time between the most recent refresh of a record timestamp and the moment when the timestamp may be refreshed again. The default is seven days.
- Refresh interval: The time between the earliest moment when a record timestamp can be refreshed and the earliest moment when the record can be scavenging. The refresh interval must be longer than the maximum record refresh period. By default, this is also seven days.
To enable Scavenging, you must enable it on the:
- The DNS Server
- The DNS Zone
Enable Aging/Scavenging at the DNS Server #
To enable Aging/Scavenging at the DNS Server with PowerShell, use the Set-DnsServerScavenging cmdlet with the following syntax: Run the PowerShell console as administrator, and then type: You can use the -ApplyOnAllZones parameter, this applies to the server settings on all zones.
Enable Aging/Scavenging at the Zone. #
To enable Aging/Scavenging at the DNS Server with PowerShell, use the Set-DnsServerZoneAging cmdlet with the following syntax:
With -ScavengeServers parameter*, _you can specify which server(s) can scavenge records in this zone. If you do not specify any scavenge servers, any primary DNS server that is authoritative for the zone can scavenge.
If you want to know more about the Set-DnsServerScavenging cmdlet, check out this link.