Fix DNS RR Set Missing (0X00002330) in Windows DNS
This error means a DNS record that should exist is missing—often caused by stale zone data or replication delays. Quick fix: scavenge stale records and force replication.
Quick answer (for the impatient)
If you're in a hurry: run dnscmd /ZoneResetSecondaries and enable scavenging on the zone. That usually forces the missing record to reappear.
Why this error happens
I've seen this error pop up most often on Windows Server 2016 and 2019 DNS servers with Active Directory-integrated zones. The DNS server knows a record set should exist—like an A record for a domain controller—but it's gone. The root cause is almost always one of these:
- Stale scavenging cleaned records that shouldn't have been touched. The default scavenging interval is 7 days, but if you have a misconfigured aging time, it can eat legit records.
- Replication lag between DNS servers. When a record is deleted on one server but the deletion hasn't fully replicated, you get this error on another server.
- A manually deleted record that the server expects to find (e.g., from a secure dynamic update).
The real fix is to force the DNS server to re-evaluate its zone state and either re-create the record or tell it to go look at its replication partner.
Step-by-step fix
- Open DNS Manager (dnsmgmt.msc) on the affected server. Right-click the zone and select Properties.
- Go to the Aging tab. Enable Scavenge stale resource records if it's not already on. Set No-refresh interval to 3 days (not the default 7). That gives a buffer but avoids accidental deletion of active records.
- Click OK. Then right-click the zone again and choose Scavenge Stale Resource Records. Confirm the warning.
- Open an elevated command prompt. Run:
Replacednscmd /ZoneResetSecondaries [ZoneName][ZoneName]with your zone's name (e.g.,dnscmd /ZoneResetSecondaries example.com). This forces the primary DNS to re-notify all secondaries and refresh the zone. - Wait 15 seconds, then run:
Check if the missing record now appears. If you know the record name, usednscmd /EnumRecords [ZoneName] .dnscmd /EnumRecords [ZoneName] [RecordName]instead.
Alternative fixes if scavenging doesn't work
If the record is still missing after scavenging, you have two paths:
Path 1: Force AD replication
Open Active Directory Sites and Services (dssite.msc). Expand your site, find the NTDS Settings object for your DNS server, and right-click → Replicate Now. Do this on each DNS server. Then go back to DNS Manager and refresh the zone. I've seen this fix the error when replication was the culprit.
Path 2: Manually re-add the record
If the record is critical (like a domain controller's A record), add it manually. Right-click the zone → New Host (A or AAAA). Enter the name and IP. For example, if the missing record is dc01.example.com, add it with the correct IP. Then run dnscmd /ZoneResetSecondaries [ZoneName] again to propagate.
Prevention tip
Don't rely on default scavenging settings. I set No-refresh interval to 3 days and Refresh interval to 7 days on all AD zones. Also, check your replication schedule—set it to every 15 minutes instead of 180. That way, if a record gets deleted accidentally, the fix replicates fast enough to avoid this error. If you're using Windows Server 2019 or later, consider enabling DNS Server Cache Locking to prevent cache poisoning, but that's a different topic.
One more thing: if you're running a mixed environment with Linux BIND servers, make sure they're not set to 'Notify' and 'Allow update' without proper transfer keys. That's a common setup that causes this exact error on Windows side.
Was this solution helpful?