I'd be interested in the procedure Daniel took and the results.
Found the following: http://technet2.microsoft.com/WindowsServer/f/?en/library/979f01c1-3a37-46 f5-813d-3e28d5f7eec01033.mspx Remarks . The ageallrecords operation is for backward compatibility between the current version of DNS and previous releases in which aging and scavenging were not supported. It adds a time stamp with the current time to records that do not have one and sets the current time on records that do have a time stamp. . Scavenging of records does not occur unless the records are timestamped. NS (name server), SOA (Start of Authority), and WINS records are not included in the scavenging process and are not timestamped even when the ageallrecords operation is run. . This command fails unless scavenging is enabled for the DNS server and the zone. For information about how to enable scavenging for the zone, see the aging parameter under Zone-Level Syntax in the config <http://technet2.microsoft.com/WindowsServer/en/library/d652a163-279f-4047 -b3e0-0c468a4d69f31033.mspx#BKMK_3> operation in this document. . The addition of a time stamp to DNS records makes them incompatible with DNS servers that run on operating systems other than Windows 2000, Windows XP, or Windows Server 2003. A time stamp you add by using the ageallrecords operation cannot be reversed. . If none of the optional fields are specified, the command returns all records at the specified node. If a value is specified for at least one of the optional fields, then DNSCmd enumerates only records corresponding to the value or values specified in the optional field or fields. http://technet2.microsoft.com/WindowsServer/f/?en/library/979f01c1-3a37-46 f5-813d-3e28d5f7eec01033.mspx Caution . By default, the aging and scavenging mechanism for the DNS Server service is disabled. It should only be enabled when all parameters are fully understood. Otherwise, the server could be accidentally configured to delete records that should not be deleted. If a record is accidentally deleted, not only will users fail to resolve queries for that record, but any user can create the record and take ownership of it, even on zones configured for secure dynamic update. The server uses the contents of each RR-specific time stamp, along with other aging/scavenging properties that you can adjust or configure, to determine when it scavenges records. Prerequisites for aging/scavenging Before the aging and scavenging features of DNS can be used, several conditions must be met: 1. Scavenging and aging must be enabled both at the DNS server and on the zone. By default, aging and scavenging of resource records is disabled. 2. Resource records must either be dynamically added to zones or manually modified to be used in aging and scavenging operations. Typically, only those resource records added dynamically using the DNS dynamic update protocol are subject to aging and scavenging. For more information, see Dynamic update <http://technet2.microsoft.com/WindowsServer/en/library/e760737e-9e55-458d -b5ed-a1ae9e04819e1033.mspx> . You can, however, enable scavenging for other resource records added through non-dynamic means. For records added to zones in this way, either by loading a text-based zone file from another DNS server or by manually adding them to a zone, a time stamp of zero is set. This makes these records ineligible for use in aging/scavenging operations. In order to change this default, you can administer these records individually, to reset and permit them to use a current (non-zero) time stamp value. This enables these records to become aged and scavenged. For more information, see Reset scavenging and aging properties <http://technet2.microsoft.com/WindowsServer/en/library/e312517b-9bbb-4ceb -bef0-117cdcc9ca871033.mspx> for a specified resource record . Note . In the case of changing a zone from standard primary to Active Directory-integrated, you might want to enable scavenging of all existing resource records in the zone. To enable aging for all existing resource records in a zone, you can use the AgeAllRecords command, which is available through the dnscmd command-line tool. For more information, see Server administration using Dnscmd <http://technet2.microsoft.com/WindowsServer/en/library/cee759b0-7a2a-4ba7 -904e-ff399814b1711033.mspx> . _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rich Milburn Sent: Friday, December 08, 2006 7:07 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DNS scavenging question I was curious about the static record thing with AgeAllRecords. I just tried it and it aged my dynamic records but not the static one I had (i.e. the checkbox to delete was not checked on the static record, but it was on the dynamic one). This is w2k3 sp1. I'm not 100% confident in my results as I set scavenging, turned it off, created a test static record, turned it back on, ran ageallrecords, and then checked it. all within about 10 minutes. Rich ----------------------------------------------------------------------- Rich Milburn MCSE, Microsoft MVP - Directory Services Sr Network Analyst, Field Platform Development Applebee's International, Inc. 4551 W. 107th St Overland Park, KS 66207 913-967-2819 ---------------------------------------------------------------------- "I love the smell of red herrings in the morning" - anonymous From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Gilbert Sent: Thursday, December 07, 2006 8:22 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DNS scavenging question Thanks for the input. Luckily for us we do not have any static records, at least I have not created any but I will check with the other Admins to be sure. I thought AGEALLRECORDS for bring the prior records into the fold and then they would be scavenged out in the next cycle. Guess we will give it a try and let everyone know how it turned out. Dan _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Vinnie Cardona Sent: Thursday, December 07, 2006 3:12 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DNS scavenging question You are correct. Due to the fact that aging/scavenging was not enabled the records which were dynamically registered were not stamped with a date/time. Therefore the aging/scavenging process ignores them upon starting it's scavenging process. You can use the AgeAllRecords which will do just that. Age ALL your records. You have to be careful though. I haven't proven this but I believe that it will also turn your static records into dynamic record (time stamp them). Then when you run AgeAllRecords.well guess what?... To prevent this, Once you ageallrecords you will have to go back into the DNS console and ensure that static/manually created records you need are not set to Delete this record when it becomes stale by unchecking the box in the record properties. You might have to enable the advanced view (View -->Advanced) to view this as well as the timestamp of the record. Once you've completed this you can then right click on the DNS server name in the DNS console and select Scavenge Stale Resource Records or via command prompt: dnscmd <servername> /StartScavenging Note: In order to successfully configure Scavenging and Aging you will need to enable it both on the zone and the DNS server. Which I'm sure you have already.but just in case. Right click on server name-->Properties-->Advanced tab-->check the Enable automatic scavenging of stale records or you can enable it for all zones by right clicking on the server name and selecting Set Aging/Scavenging for all Zones.-->check the box Scavenge stale resource records-->OK-->check the box to apply these settings to the existing Active Directory-integrated zones (if AD integrated)-->OK then go to the zone and right click-->Properties-->General tab-->Aging button and check the Scavenge stale resource records-->OK Hope this will help.please chime in. -vC -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Gilbert Sent: Thursday, December 07, 2006 11:42 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] DNS scavenging question I have a rather off the wall DNS scavenging question. I have a bunch of DNS records that are stale and need to be scavenged out of the zone. Following the O'REILLY book: DNS on Windows Server 2003 I have configured aging and scavenging. (Don't ask why this wasn't done when the zone was first setup, that is another story) Now I know: If scavenging is disabled on a standard zone and you enable scavenging, the server does not scavenge records that existed before you enabled scavenging. The server does not scavenge those records even if you convert the zone to an Active Directoryintegrated zone first. To enable scavenging of such records, use the AgeAllRecords in Dnscmd.exe. I know this must be done in order to configure existing records to a scavengable state. Is there a way to immediately force a scavenge cycle that will remove all stale records? I would not to have to wait unitl the "no-refresh" and "refresh" intervals expire. Daniel Gilbert List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ _____ -------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE------- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system. _____
