For scavenging to work it must be set in three places: On the individual resource record, on the zone, and on the server that will be performing the scavenging. This post will only cover the behavior of enabling scavenging on the zones (e.g., Scavenge stale resource records, No-refresh interval, and Refresh intervals) at the server level. You can enable these settings on each individual zone or you could enable it at the server level and check the box to "Apply these settings to the existing Active Directory-integrated zones”. There are few things you need to understand about the behavior when configuring this at the server level.

When you check “Scavenging stale resource records” and "Apply these settings to the existing Active Directory-integrated zones"at the server level the Scavenging settings, No-refresh, and Refresh intervals are not always propagating to existing DNS zones. This is also true for newly created zones. In order to propagate the settings to existing and new zones you have to actually modify the current values in order for this to happen. This behavior is by design. I will walk you through the steps to get a better understanding of the behavior I am talking about.

 

 1. In DNS MMC Right-click the server node and select properties

 2. Select Set Aging/Scavenging for All Zones

 

3.       Select Scavenge stale resource records and keep the default of 7 and 7. Click ok

4.       In the “Server Aging settings for New Active Directory-Intergraded zone:” window, click “Apply these settings to the existing Active Directory-integrated zone” Notice there is No-refresh and Refresh intervals listed in the dialog box.

 5.       Click ok

 

So a few weeks go by and start to notice that you are missing records in DNS. You start to investigate the issue and you happen to find that the zone was misconfigured to something crazy like 3 and 1.

OK, so I know you might be saying to yourself but I checked the box Apply these setting to existing Active Directory-integrated zone right? Just remember whatever is in the dialog box is what is actually being applied. So depending what you are trying to configure your No-refresh and Refresh intervals to, and you also want those setting to apply to all ADI zones you may have to modify the existing values first in order to get your expected settings to propagate down.

For example if you wanted have your No-refresh and Refresh intervals configured to 7 and 7 you will have to modify them to some other value like 8 and 8.

Let’s take a look at what is configured at the server level and the zone.

Server:

Zone:

  

Ok let’s fix this mess.

1. In DNS MMC Right-click the server node and select properties

2. Select Set Aging/Scavenging for All Zones

3. Select Scavenge stale resource records and change it to 8 and 8. "Remember we have to change these values to something other than the current values". Click ok

The reason you don’t see the Scavenge stale resource records: Enabled is because that value was not changed. OK time for a quick sidebar: You could run into the same situation where aging\scavenging is checked at the server level and you have additional zones that reside on the server that are unchecked. If you want to enable aging\scavenging on all zones on the server you will have to deselect the checkbox at the server level then go back in and re-enable it. Make sure you also select "Apply these settings to the existing Active Directory-integrated zones”

If we take a look at the server and zone intervals they will both be 8 and 8 in the GUI or 192 via DNSCMD.

Server:

Zone:

Now let’s change them to 7 and 7.

If you take a look at the server and zone intervals they will both be 7 and 7 in the GUI or 168 via DNSCMD. This is how you get your expected intervals to propagate to existing zones and new zones. You can use DNSCMD to modify whether scavenging is enabled, or modify the No-Refresh and Refresh intervals. But the only way to Apply the settings to the existing ADI zones or new zones from  the server level is from within the GUI unfortunately.

Here is a great article on scavenging: http://blogs.technet.com/b/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx