🟒 Low   ⏱ 5–30 min  Last verified: 29 May 2026
Affected versions: Windows Server 2022

πŸ“– ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution β€” Primary Fix
  7. Solution β€” Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

Outdated DNS A/PTR records remain and clients resolve old IPs, causing intermittent connectivity issues.

Environment & Reproduction

Windows Server 2022 DNS role on build 20348 with mixed static/dynamic zones.

Get-DnsServerScavenging
Get-DnsServerZoneAging -Name contoso.local
Get-DnsServerResourceRecordAging -ZoneName contoso.local -Name app01 -RRType A

Root Cause Analysis

Scavenging is often disabled globally or zone aging is not enabled per zone.

Quick Triage

Check timestamps and no-refresh/refresh intervals.

Get-DnsServerZoneAging -Name contoso.local
Get-Date
Get-WinEvent -LogName 'DNS Server' -MaxEvents 40 | Select TimeCreated,Id,Message

Step-by-Step Diagnosis

Validate dynamic update mode and stale record age distribution.

Get-DnsServerZone -Name contoso.local | Select ZoneName,DynamicUpdate,IsDsIntegrated
Get-DnsServerResourceRecord -ZoneName contoso.local -RRType A | Select HostName,Timestamp,RecordData
Illustrative mockup for windows-server-2022 β€” terminal_or_powershell
DNS aging and scavenging checks β€” Illustrative mockup β€” Progressive Robot

Solution β€” Primary Fix

Enable scavenging globally and zone aging with safe intervals.

Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.

Set-DnsServerScavenging -ScavengingState $true -ApplyOnAllZones -NoRefreshInterval 7.00:00:00 -RefreshInterval 7.00:00:00 -ScavengingInterval 7.00:00:00
Set-DnsServerZoneAging -Name contoso.local -Aging $true -NoRefreshInterval 7.00:00:00 -RefreshInterval 7.00:00:00
Start-DnsServerScavenging
Illustrative mockup for windows-server-2022 β€” event_or_log_viewer
DNS server scavenging events β€” Illustrative mockup β€” Progressive Robot

Solution β€” Alternative Approaches

Use targeted cleanup for known stale hosts before broad scavenging.

Remove-DnsServerResourceRecord -ZoneName contoso.local -RRType A -Name oldhost01 -Force
Clear-DnsServerCache -Force

Verification & Acceptance Criteria

Stale records should reduce without deleting active dynamic entries.

Get-DnsServerStatistics | Select SecureUpdateFailure,QueryReceived
Resolve-DnsName app01.contoso.local
Get-DnsServerResourceRecord -ZoneName contoso.local -RRType A | Measure-Object

Rollback Plan

If active records are removed unexpectedly, restore zone backup.

dnscmd /zoneexport contoso.local contoso.local.bak
Add-DnsServerPrimaryZone -Name contoso.local -ZoneFile contoso.local.bak

Prevention & Hardening

Separate static infrastructure records from dynamic client records.

Add-DnsServerPrimaryZone -Name static.contoso.local -ReplicationScope Domain
Set-DnsServerZone -Name contoso.local -DynamicUpdate Secure

Related to DHCP DNS update credentials misconfiguration and duplicate A records.

Related tutorial: View the step-by-step tutorial for Windows Server 2022.

View all Windows Server 2022 tutorials on the Tutorials Hub β†’

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

Microsoft Learn DNS scavenging design for Active Directory-integrated zones.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today β€” we respond within one business day.