How to Configure DNS Aging and Scavenging (Cleanup Stale DNS Records)

In this tutorial, I’ll show you step by step instructions for setting up DNS aging and scavenging on Windows DNS Servers. 

What is DNS Aging and Scavenging? 

It is a Windows DNS Server feature that will automate the cleanup of stale dynamically registered DNS records.  

  • DNS Scavenging will only remove records based on their timestamp.
  • DNS scavenging will not remove statically configured records. These are records manually created or changed from DDNS to static. 
  • DNS scavenging is not enabled by default

Do I really need to enable DNS Scavenging? 

It depends, in small environments with little or no change it’s probably not a big deal. In medium to large environments I’d recommend turning this feature on, DNS can become a big mess and result in name resolution problems if stale DNS records are not cleaned up. 

How to Configure DNS Aging and Scavenging on Server 2016 

In this tutorial I’m using a Windows  2016 server, these steps will work on other server versions (2008 – 2019).

Step 1: Check Server DNS Records (Very Important First Step) 

If you don’t follow this step first you could end up deleting server DNS records and that would be very BAD. As a precaution, you may want to also backup your DNS server and or records. 

Scavenging works on timestamps, so any DNS record with a timestamp will get processed and possibly deleted. So I recommend you check your server DNS records and make sure they are static.

To check your records open the DNS console and check the Timestamp column, your servers should be set to static. 

You can see below my DHCP1 server has a timestamp and is not static. I will need to fix this.

The fix is simple just open the record then uncheck the box “Delete this record when it becomes stale” 

Now when I refresh my DNS console the timestamp shows static for this record. 

Check all your server records and change them to static before moving on to the next step. 

Step 2: Set Scavenging on the DNS Zone

1. Open the DNS Console

2. Right Click on the zone you want to enable scavenging on and click properties

3. Click the Aging button

4. Now click the box “Scavenge stale resource records” 

You can adjust the intervals as needed. Keep these intervals equal to or less than your DHCP lease period. If your DHCP lease is set to 8 days then 7 days for scavenging works great. 

That completes setting up aging for the zone. Now it needs to be turned on the server. 

Step 3: Set Scavenging/Aging on the DNS Server

1. Open the DNS Console 

2. Right click the DNS server

3. Click the “Advanced Tab” Then click “Enable automatic scavenging of state records”

That completes the setup of DNS aging and scavenging. 


Don’t be afraid of DNS Scavenging. Just be patient.

Dynamic DNS Updates & How to Get it to Work with DHCP, Scavenging

Recommended Tool: Permissions Analyzer for Active Directory

This FREE tool lets you get instant visibility into user and group permissions and allows you to quickly check user or group permissions for files, network, and folder shares.

You can analyze user permissions based on an individual user or group membership.

This is a Free tool, download your copy here.

16 thoughts on “How to Configure DNS Aging and Scavenging (Cleanup Stale DNS Records)”

  1. Thanks for healthy information. You make my day.

  2. Thanks. Easy to follow and implement.

  3. In the non-refresh and refresh interval you set a period of 7 days because the DHCP lease period is 8 days. In the one of the resource i have used, solar winds, they say the combined period of non-refresh and refresh should be less or equal to the lease period. What is your opinion about this

    • That’s exactly how you should do it: “non-refresh interval” plus “refresh interval” musn’t exceed the maximum DHCP lease period .

  4. If you don’t see the delete-when-stale tickbox, click on the View menu and make sure Advanced is enabled.

    • Avatar photo

      Good tip. Thanks Mike

  5. Vital Information!

  6. Thanks a lot for all

  7. Why not have it run daily for items 7 days old. If you have it run every 7 days and the no refresh is 7 days and the refresh is 7 days you are 21 days out.

  8. Thanks for the info. its really nice

  9. And what do i need to do when i have multiple DHCP scopes with different lease periods? (ranging from 4 hours to 5 days)

    • I would have your workstations scopes be on the same lease period with exception if you have an imaging scope which should be much shorter. Printers and other devices don’t really matter.

  10. On picture just above the secund step, is a row with ip and that record will be deleted, if anyone start a scavange, em i right? What happens if executed, and that record disapear from the zone?

  11. Hi,
    When scavenging will happen, will it process the active directory domain related records like domain controller records, Name Server(NS) records. There will be several folders within the domain zone like _msdsc, _services, _sites, _tcp, _udp, DomainDnsZones, ForestDnsZones etc. All of these will have records which has “Delete this record when it becomes stale” checked. So scavenging will process these records as well and if the time stamp is older then it will delete these as well? Do we need to set these records also to static before enabling scavenging on the DNS server?

    Thanks & Regards

  12. I noticed that your dc1 and (same as parent folder) entries have the same IP ( but dc1 is static while (same as parent folder) is dynamic is there a reason for that or should they both be static?

    • Avatar photo

      same as parent folder is an A record for the domain. It should be left alone, do not modify it.


Leave a Comment