Windows Server 2008R2 not scavenging stale DNS records

active-directorydomain-name-systeminternal-dns

We have Domain Controllers where our internal DNS runs on.
2 Windows 2008R2 and 2 Windows 2012R2.

Our stale records are no longer removed for some time now, even when running the DnsCmd commands manually or through the GUI.

It seems to happen since we set dynamic updates to secure.
It happens for all AD-integrated zones and normal zones including reverse lookup zones.

Things I've tried:

https://social.technet.microsoft.com/Forums/windowsserver/en-US/02563ce5-d026-4519-83e1-0222ed72cf2f/dns-server-not-flushing-stale-records?forum=winserverPN

https://community.spiceworks.com/topic/254198-old-dns-records-not-being-scavenged

https://support.microsoft.com/en-us/kb/2791165

Best Answer

For the zone in question run the following command:

dnscmd /zoneinfo foobar.com

You will get the result like this:

Zone query result:
Zone info:
            ptr                   = 0000000000327C90
            zone name             = foobar.com
~snip~

            zone DN = DC=fopobar.com,cn=MicrosoftDNS,DC=DomainDnsZones,DC=foobar,DC=com          Scavenge Servers
~snip~
           Server[0] => af=2, salen=16, [sub=0, flag=00000000] p=13568, addr=192.168.1.1

Here you notice the IP address 192.168.1.1

This is the IP address of the only server which has the permission to scavenge the zone. Most likely this could be a server which is no longer existing - this happens a lot in Domains with a funktion level of 2008. If this is not the IP address of the server which on which you have configured Scavenging, you need to change that.

To change the Scavenging server for a zone, run the command:

dnscmd /zoneresetscavengeservers foobar.com <IP of the correct DNS Server>

And a few moments later, your DNS is working with Scavenging again.

Related Topic