my DNS scavenging is not working as I expected.
I have setup DNS scavenging like this on all of my domain controllers:
No-refresh interval: 4 days
Refresh interval: 4 days
and under properties –> Advanced I have Scavenging period: 7 days
My DHCP server is on one of my domain controllers and the lease duration is set to 8 days.
I turned the scavenging on about 3 weeks ago, so it has been running a couple of times already, but in the event viewer it gives me Event ID: 2502 and says:
The DNS server has completed a scavenging cycle but no nodes were visited.
Possible causes of this condition include:
1) No zones are configured for scavenging by this server.
2) A scavenging cycle was performed within the last 30 minutes.
3) An error occurred during scavenging.
When I go to Zone Aging/Scavenging properties of the zone that I want to scavenge I can see that it has incremented my "The zone can be scavenged after:" by 4 days. I guess that's my "No-refresh interval" doing that? I hope someone out there can tell me why it's not working! 🙂
Best Answer
"Scavenging is set in three places on a Windows Server:
On the individual resource record to be scavenged.
On a zone to be scavenged.
At one or more servers performing scavenging.
"It must be set in all three places or nothing happens."
https://blogs.technet.microsoft.com/networking/2008/03/19/dont-be-afraid-of-dns-scavenging-just-be-patient/
You need to provide an example of a record that you think should be scavenged but is not.
Also, if scavenging is not enabled, the timestamp is not replicated. Timestamps don't start replicating until after scavenging is enabled for the zone(s).
Here is another good piece of information:
"Although you can set every server hosting the zone to scavenge I recommend just having one [in each domain]. The logic for this is simple: If the one server fails to scavenge the world won’t end. You’ll have one place to look for the culprit and one set of logs to check. If on the other hand you have many servers set to scavenge you have many logs to check if scavenging fails. Worse yet, if things start disappearing unexpectedly you don’t want to go hopping from server to server looking for 2501 events."
DNS record cleanup timing is different for records that are dnsTombstoned:
"Everyday at 2AM (non-configurable) the DNS server scans all DNS integrated zones in AD and determines whether the tombstoned record is ready to be deleted. The default retention time of the tombstoned records is 7 days. This value can be changed by the DsTombStoneinterval value (dnscmd w2k8r2dc01 /config /DsTombstoneInterval value) or by editing the registry under HKLM\CCS\Services\DNS\Parameters Value Name:DsTombstoneInterval Value Type: DWORD). The value is in seconds.
At that point the DNS deletes the record."
https://blogs.technet.microsoft.com/isrpfeplat/2010/09/23/dns-scavenging-internals-or-what-is-the-dnstombstoned-attribute-for-ad-integrated-zones/