Windows computers update their DNS records in domain zones hosted by DNS servers every 24 hours. When a Windows computer is removed from the domain or is unable to update its DNS record in the DNS server, the DNS record for that Windows computer remains in the DNS database and is considered a DNS record out of date. Outdated DNS records remain in the DNS database unless they are deleted manually. DNS aging and cleaning help quickly identify outdated DNS records and delete them manually. In this article, we will provide a description of what DNS aging and cleanup is, as well as the steps required to configure / enable this feature on the Windows server.
What is DNS aging?
Aging is a feature that identifies outdated DNS records. It actually uses two intervals, and a DNS record is considered out of date when both have passed.
These intervals are:
- Non-refresh interval: This is a period during which a resource record cannot be updated (*). Refusing to refresh during this period reduces replication traffic because there is no need to replicate the same information again.
- Refresh interval: This is a period during which a resource record can be refreshed (*).
(*) A resource record update is a dynamic DNS update where the host name and IP do not change. A dynamic DNS update to change the registered IP for a resource record is not considered a refresh and is exempt from the non-refresh interval.
What is DNS cleanup?
Cleanup is a feature that allows cleaning and deleting outdated resource records in DNS zones.
An expired resource record will only be deleted if cleaning is enabled on:
- Resource registration
- The DNS zone where the resource record exists
- At least one DNS hosting a master copy of the DNS zone where the resource record exists
Cleanup occurs at recurring intervals when enabled on a DNS server. An outdated resource record can then exist until the next DNS cleanup cycle.
If you do not enable DNS aging and cleanup, you may be faced with the following situations:
- Domain zones will contain unnecessary DNS records.
- Over a period of time, the size of the DNS database will be increased.
- The DNS server service will take longer to enumerate and load the DNS database into memory.
- It will take longer for the DNS server to respond to a DNS query. This is because the DNS server must enumerate all the DNS records before it can find the required DNS record, then send a response.
- DNS servers can respond with an invalid DNS record that no longer exists on the network, causing name resolution problems on the network.
- Another Windows client computer may not be able to register its own DNS records if the same IP address is used by an outdated DNS record.
Enable and configure DNS aging and cleaning
To successfully configure / enable DNS aging and cleanup on the Windows server, you need to follow 3 steps in that order;
- Check the DNS records of the server (very important first step)
- Enable DNS aging and cleaning on DNS zones
- Enable DNS cleanup on at least one DNS server hosting primary copies of your DNS zones
Let’s take a closer look at the steps involved.
1]Check the DNS records of the server (very important first step)
This step is crucial because if you do not follow this step first, you could end up deleting the DNS records from the server. As a precaution, you can also back up your DNS server and / or your records.
Cleaning works on timestamps, so any DNS record with a timestamp will be processed and possibly deleted. It is therefore recommended that you check the DNS records of your server and make sure that they are static.
To check your records, open the DNS console and check the Timestamp column, your servers should be set to static. Otherwise, just open the record and uncheck the box Delete this record when it becomes obsolete box.
Once you’ve done that, refresh the DNS console, the timestamp will now display static for this recording.
Check all the records on your server and change them to static before proceeding to the next step.
2]Enable DNS aging and cleaning on DNS zones
Proceed as follows:
- Use DNS administration tool (dnsmgmt.msc), access the properties of your DNS zones then click on Aging…
- Activate Retrieve outdated resource records , specify the non-refresh interval and the refresh interval periods.
- Click on OKAY.
To enable default DNS aging and cleanup for all DNS zones on a DNS server, you need to do the following:
- Right click on the server name then click on Define aging / cleaning for all areas…
- Activate Retrieve outdated resource records , specify the non-refresh interval and the refresh interval periods.
- Click on OKAY.
- Check the Apply these settings to existing Active Directory integrated zones (This will allow aging and DNS cleanup for existing Active Directory integrated zones).
- Click on OKAY.
Now go to the next and final step.
3]Enable DNS cleanup on at least one DNS server hosting primary copies of your DNS zones
Proceed as follows:
- Access the properties of your DNS server.
- Go to Advanced tongue.
- Check the Activate automatic cleaning of outdated records box.
- When finished, specify the cleanup period (that is, the recurring interval for cleanup on a DNS server).
- Click on OKAY.
That’s it! This completes the DNS aging and cleanup configuration.