# Domain scavenging

Domain scavenging, more commonly known as DNS scavenging, refers to the process of cleaning up stale DNS records that dynamically register themselves over time in the DNS database. This mechanism is typically used in conjunction with Dynamic DNS (DDNS) to automatically remove outdated records, such as those for IP addresses no longer in use, and can help prevent DNS-related issues such as name resolution conflicts and bloat in the DNS database. This practice is essential for maintaining an accurate and efficient Domain Name System, particularly in environments where IP addresses and host configurations frequently change.

Here's an overview of domain scavenging:

1. **Purpose:** Scavenging helps remove stale resource records from DNS, which might no longer be valid due to changes in network configuration, such as decommissioned servers, expired DHCP leases, or devices that are no longer part of the network.
2. **Automated Cleanup:** The scavenging process is often automated. DNS servers are configured to periodically scan the DNS records and remove those that are outdated or no longer in use.
3. **Aging and Refresh:** Scavenging relies on two key concepts: the aging of records and the refresh of these records. When a DNS record is created or updated, it’s given a timestamp. If this record is not refreshed or updated within a certain period (the aging time), it's considered stale.
4. **Scavenging Interval:** Administrators set a scavenging interval, which is the frequency at which the DNS server checks for stale records. If a record is older than the aging period by the time of this check, it will be notified to the user through scavenge reports.
5. **Prevents DNS Bloat:** Regular scavenging prevents the DNS database from becoming bloated with unnecessary records, which can slow down DNS query responses and lead to inefficiencies in network operation.
6. **Dynamic DNS Environments:** Scavenging is particularly important in dynamic DNS environments where DHCP is used to assign IP addresses. As clients come and go, their DNS records need to be updated or removed to reflect their current status.
7. **Careful Configuration:** Incorrectly configured scavenging can lead to the premature deletion of active DNS records. It’s important to set appropriate aging and scavenging intervals to avoid disrupting network services.
8. **Improves Network Security:** By removing outdated records, scavenging can also enhance network security. Stale DNS entries can be a security risk, as they may point to unused IP addresses that could be exploited by malicious actors.

Domain scavenging is a crucial maintenance activity for any network that uses DNS and DHCP. It helps ensure that the DNS database remains up-to-date and free from clutter, enhancing both the performance and security of the network.

## Configuring domain scavenging in DDI Central

To configure Domain scavenging in DDI Central:

**Note:** Scavenging can be configured only for A, AAAA. CNAME, PTR and TXT records, as only these records are capable of receiving dynamic updates.

- Select the **DNS** menu from the menu bar along the left side of the screen. From the submenus that appear, choose **Scavenging.**

![DNS Scavenging menu](https://cdn.manageengine.com/sites/meweb/images/dns-dhcp-ipam/dns-scavenging-new.png)

- Here, **DDI Scavenging** can be configured and implemented for automated scheduled scavenging in domains.
- **DDI Scavenging:** Cleanup orchestrated by the DDI Central console, on a schedule the admin defines centrally. The scavenging logic lives inside DDI Central and operates across servers from a single pane.

### DDI Scavenging

Provide the values for configuring and implementing **DDI Scavenging** in the application under the **Scavenging** section.

![Add DDI Scavenging](https://cdn.manageengine.com/sites/meweb/images/dns-dhcp-ipam/add-ddi-scavenging-new.png)

- **SCAVENGING PERIOD:**

  Select the duration after which a DNS record becomes eligible for scavenging if it has not been refreshed. This field is meant for all the A, AAAA. CNAME, PTR of the domains selected.

  If the DNS record still remains un refreshed after this period, DNS server considers the record stale and eligible for deletion and put up in the report for the user to delete or reclaim it.

- **SCAVENGING PERIOD FOR TXT:** Select the duration after which a TXT record becomes eligible for scavenging if it has not been refreshed.
- **SCHEDULE INTERVAL:** This dropdown menu allows the user to select how often the scavenging process should be scheduled to run. The options could range from daily to monthly intervals.
- **DOMAINS:** Here, you can specify which domains are subject to the scavenging process. After configuring all the fields, click Save.
- After configuring, you can view the scavenging for all the normal domains configured in the clusters here.

![DDI Scavenging menu view](https://cdn.manageengine.com/sites/meweb/images/dns-dhcp-ipam/ddi-scavenging-new-menu_11zon.png)

- If you want to edit the values after implementing the scavenging, click on the **Edit** option to configure them.

![Edit DDI Scavenging](https://cdn.manageengine.com/sites/meweb/images/dns-dhcp-ipam/edit-ddi-scavenging-new.png)

### How it works

- DDI Scavenging covers everything outside that boundary — standard zones without dynamic updates — and overlays a consistent, console-driven cleanup policy across the entire managed DNS estate.

It ensures that no zone is left without a cleanup strategy, and no cleanup happens without the level of oversight the environment requires.

### When to use

Reach for DDI Scavenging when:

- Your zones are standard (non-dynamic)
- You manage DNS across multiple servers or clusters and need a single, consistent cleanup policy.
- You need an audit trail and a human review step before stale records are removed.

You want cleanup decisions tied to admin-defined rules and schedules rather than per-server timer configurations.

### Scavenging Report

The DNS scavenging report logs and audits all the DNS scavenging that occurred in the past time period, which can be filtered and viewed based on DNS zone name, record type, IP value, and domain name.

![Scavenging Report](https://cdn.manageengine.com/sites/meweb/images/dns-dhcp-ipam/ddi-scavenging_report.png)

Clicking on the **Scavenge now** will scavenge all the configured domains in the cluster immediately after confirmation.

You can reclaim or delete individual DNS record from the scavenging report by clicking on the Green **Reclaim** icon and Red **Delete** icon.

![Delete or Reclaim from Report](https://cdn.manageengine.com/sites/meweb/images/dns-dhcp-ipam/ddi-scavenging-report-delete-reclaim.png)

Or you can select multiple DNS records from the report and you can **Delete** or **Reclaim** the record by going through the **Actions** option.

![Scavenging Report Actions](https://cdn.manageengine.com/sites/meweb/images/dns-dhcp-ipam/ddi-scavenging-report-actions-new.png)