Exploring Aging and Scavenging for DNS
DNS RRs often become stale, or no longer
relevant, as computers are disconnected from the network or IP
addresses are changed without first notifying the DNS server. The
process of scavenging those records removes them from a database after
their original owners do not update them. Scavenging is not turned on,
by default, but this feature can be enabled in Windows Server 2012 by
following these steps:
1. Launch Server Manager from a Windows 2012 server with a full GUI.
2. Select the DNS section. The list of servers in the server pool with the DNS role installed will be shown.
3. Right-click the DNS server to configure and select DNS Manager.
4. Select the DNS server name to configure.
5. Right-click the server name and choose Properties.
6. Select the Advanced tab.
7. Check the Enable Automatic Scavenging of Stale Records check box.
8. Select a scavenging period, as shown in Figure 1, and click OK to save your changes.
Figure 1. Turning on scavenging.
Scavenging makes a DNS database
cleaner, but overly aggressive scavenging can also remove valid
entries. Therefore, if you’re using scavenging, it is wise to strike a
balance between a clean database and a valid one.
Understanding the Role of Forwarders
Forwarders are name servers that handle all
iterative queries for a name server. In other words, if a server cannot
answer a query from a client resolver, servers that have forwarders
simply forward the request to an upstream forwarder that will process
the iterative queries to the Internet root name servers. Forwarders are
often used in situations in which an organization
uses the DNS servers of an Internet service provider (ISP) to handle
all name-resolution traffic. Another common situation occurs when
Active Directory’s DNS servers handle all internal AD DNS resolution
but forward outbound DNS requests to another DNS environment within an
organization, such as a legacy UNIX BIND server.
In conditional forwarding, queries that are
made to a specific domain or set of domains are sent to a specifically
defined forwarder DNS server. This type of scenario is normally used to
define routes that internal domain resolution traffic will follow. For
example, if an organization controls the companyabc.com domain
namespace and the companyxyz.com namespace, it might want queries
between domains to be resolved on local DNS servers, as opposed to
being sent out to the Internet just to be sent back again so that they
are resolved internally.
Forward-only servers are never meant to do
iterative queries, but rather to forward all requests that cannot be
answered locally to a forwarder or set of forwarders. If those
forwarders do not respond, a failure message is generated.
If you plan to use forwarders in a Windows Server 2012 DNS environment, you can establish them by following these steps:
1. Launch Server Manager from a Windows 2012 server with a full GUI.
2. Select the DNS section. The list of servers in the server pool with the DNS role installed will be shown.
3. Right-click the DNS server to configure and select DNS Manager.
4. Select the DNS server name to configure.
5. Right-click the server name and choose Properties.
6. Select the Forwarders tab.
7. Click Edit to create forwarders.
8. Type in the IP
address or FQDN of the server or servers that will be forwarders. Press
Enter for each server entered, and they will be validated. Click OK
when you have finished.
9. If this server will
be configured only to forward, and to otherwise fail if forwarding does
not work, uncheck the Use Root Hints If No Forwarders Are Available
check box.
10. Click OK to save the changes.
