DnsAvoidRegisterRecords

[Simmo]

I have an infrastructure consisting of a total of 8 dual NIC'd DCs. Each DC
is connected to a User LAN & a Management LAN.

I am trying to remove the Management LAN NIC ip address "Same as Parent
Folder" entry within dns leaving only the user LAN ip address "Same as
Parent Folder" entry.

In order to remove both I have used
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Registry value: DnsAvoidRegisterRecords
Data type: Reg_Multi_Sz
Value: LdapIpAddress

I then manually add:
Same as Parent folder Host "Actual User LAN IP Address"

My development network consists of two child domain DCs I can action the
above on each DC and I am left with the desired entries of a single user ip
address "same as parent folder" entry for each of the DCs.

However if I carry this out on my live environment the manual entry
disappears after a few minutes. I have looked at the following
1. The account I use does have sufficient rights to carry out the work
2. There is no time stamp on the record - as you would expect - so no
scavenging is taking place
3. The original entries do not return even when stopping and starting
netlogon so there is no problem with the original registry entry

The first entry disappears after I have carried out the sequence on the
second DC.

So far I have only got as far as the second DC because when this happened I
reversed the registry entry and returned the boxes to their original state.

Advice on how to stabilise with the single setting will be appreciated.
Could it be something to do with replication not working properly?

Why am I only seeing it on my live network?

Cheers
Simmo

 

[Ace Fekay [MVP]]

In conjunction with the DnsAvoidRegisterRecords entry, you can use this
method. I inculded the steps for what you did too, since it's pretty much a
repost that I normally post for others with the same problem..

=======================================
==========================================
Step 1.

Disabling the Same As Parent LdapIpAddress blank FQDN and auto Publishing a
Blank Domain FQDN IP:
[Taken from http://support.microsoft.com/?id=295328]

To disable only the registration of the local IP addresses, set the
following registry value, then reboot the machine for it to take effect:

1) Add the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Registry value: DnsAvoidRegisterRecords
Data type: REG_MULTI_SZ
Value: LdapIpAddress

2) Do this on all DCs and restart netlogon or restart machine.
This will prevent the DC from adding the domain A records from netlogon.
And you can add multiple Blank Domain A records as you need.

After you set this value, you must manually register your publicly available
IP addresses for your domain to appear as:
Same as parent folder Host "publicIP"

====================================
2. Now you can also publish the IP you want instead of having to put it in
manually for the blank FQDN. Do this on the DNS service in the registry.
[Taken from http://support.microsoft.com/?id=275554]

Configure the DNS service to publish a specific IP addresses to the DNS
zone.
To do so, make the following registry modification:
PublishAddresses
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters

Data type: REG_SZ
Range: IP address [IP address]
Default value: blank

This modification specifies the IP addresses that you want to publish for
the computer. The DNS server creates A records only for the addresses in
this list. If this entry does not appear in the registry, or if its value is
blank, the DNS server creates an A record for each of the computer's IP
addresses.

This entry is for computers that have multiple IP addresses, only a subset
of which you want to publish. Typically, this prevents the DNS server from
returning a private network address in response to a query when the computer
has a corporate network address.
====================================


See These Links for more info on it (the first one, IMO, is the best on this
subject):
Problems with Many DCs and Integrated DNS Zones [Q267855]
http://support.microsoft.com/?id=267855
Private Network Interfaces on a DC Are Registered in DNS [Q295328]
http://support.microsoft.com/?id=295328
Optimizing the Location of DC/GC That's Outside of Client's Site [Q306602]
http://support.microsoft.com/?id=306602


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Simmo]

I'm pretty much carrying out these steps already. Although I am entering the
registry change, then restarting netlogon, then manually entering the user
lan ip address as a "same as parent record" on each DC in turn.

Shortly after I have finished the second DC the manually entered "same as
parent reord" on the first DC disappears. This same entry is then removed by
replication from my second DC. Are you saying in 2. that the manual records
should be added to each dc after all the registry entries have been
changed.

Regards
Simmo

"Ace Fekay [MVP]"

In conjunction with the DnsAvoidRegisterRecords entry, you can use this
method. I inculded the steps for what you did too, since it's pretty much a
repost that I normally post for others with the same problem..

=======================================
==========================================
Step 1.

Disabling the Same As Parent LdapIpAddress blank FQDN and auto Publishing a
Blank Domain FQDN IP:
[Taken from http://support.microsoft.com/?id=295328]

To disable only the registration of the local IP addresses, set the
following registry value, then reboot the machine for it to take effect:

1) Add the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Registry value: DnsAvoidRegisterRecords
Data type: REG_MULTI_SZ
Value: LdapIpAddress

2) Do this on all DCs and restart netlogon or restart machine.
This will prevent the DC from adding the domain A records from netlogon.
And you can add multiple Blank Domain A records as you need.

After you set this value, you must manually register your publicly available
IP addresses for your domain to appear as:
Same as parent folder Host "publicIP"

====================================
2. Now you can also publish the IP you want instead of having to put it in
manually for the blank FQDN. Do this on the DNS service in the registry.
[Taken from http://support.microsoft.com/?id=275554]

Configure the DNS service to publish a specific IP addresses to the DNS
zone.
To do so, make the following registry modification:
PublishAddresses
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters

Data type: REG_SZ
Range: IP address [IP address]
Default value: blank

This modification specifies the IP addresses that you want to publish for
the computer. The DNS server creates A records only for the addresses in
this list. If this entry does not appear in the registry, or if its value is
blank, the DNS server creates an A record for each of the computer's IP
addresses.

This entry is for computers that have multiple IP addresses, only a subset
of which you want to publish. Typically, this prevents the DNS server from
returning a private network address in response to a query when the computer
has a corporate network address.
====================================


See These Links for more info on it (the first one, IMO, is the best on this
subject):
Problems with Many DCs and Integrated DNS Zones [Q267855]
http://support.microsoft.com/?id=267855
Private Network Interfaces on a DC Are Registered in DNS [Q295328]
http://support.microsoft.com/?id=295328
Optimizing the Location of DC/GC That's Outside of Client's Site [Q306602]
http://support.microsoft.com/?id=306602


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================

I have an infrastructure consisting of a total of 8 dual NIC'd DCs. Each DC
is connected to a User LAN & a Management LAN.

I am trying to remove the Management LAN NIC ip address "Same as Parent
Folder" entry within dns leaving only the user LAN ip address "Same as
Parent Folder" entry.

In order to remove both I have used
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Registry value: DnsAvoidRegisterRecords
Data type: Reg_Multi_Sz
Value: LdapIpAddress

I then manually add:
Same as Parent folder Host "Actual User LAN IP Address"

My development network consists of two child domain DCs I can action the
above on each DC and I am left with the desired entries of a single user ip
address "same as parent folder" entry for each of the DCs.

However if I carry this out on my live environment the manual entry
disappears after a few minutes. I have looked at the following
1. The account I use does have sufficient rights to carry out the work
2. There is no time stamp on the record - as you would expect - so no
scavenging is taking place
3. The original entries do not return even when stopping and starting
netlogon so there is no problem with the original registry entry

The first entry disappears after I have carried out the sequence on the
second DC.

So far I have only got as far as the second DC because when this

happened

I
reversed the registry entry and returned the boxes to their original state.

Advice on how to stabilise with the single setting will be appreciated.
Could it be something to do with replication not working properly?

Why am I only seeing it on my live network?

Cheers
Simmo

 

[Ace Fekay [MVP]]

I'm just saying, and so is the article that I took step 2 from., that the
system will automatically publish the IP of your choice. Must be done on all
DCs. If you want it to be just on one DC since you only want one IP or
whatever IP it is (doesn;'t have to be the DC's IP), then just do step 2 on
one DC.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================

I'm pretty much carrying out these steps already. Although I am entering the
registry change, then restarting netlogon, then manually entering the user
lan ip address as a "same as parent record" on each DC in turn.

Shortly after I have finished the second DC the manually entered "same as
parent reord" on the first DC disappears. This same entry is then removed by
replication from my second DC. Are you saying in 2. that the manual records
should be added to each dc after all the registry entries have been
changed.

Regards
Simmo

"Ace Fekay [MVP]"

In conjunction with the DnsAvoidRegisterRecords entry, you can use this
method. I inculded the steps for what you did too, since it's pretty

much

a
repost that I normally post for others with the same problem..

=======================================
==========================================
Step 1.

Disabling the Same As Parent LdapIpAddress blank FQDN and auto

Publishing

a
Blank Domain FQDN IP:
[Taken from http://support.microsoft.com/?id=295328]

To disable only the registration of the local IP addresses, set the
following registry value, then reboot the machine for it to take effect:

1) Add the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Registry value: DnsAvoidRegisterRecords
Data type: REG_MULTI_SZ
Value: LdapIpAddress

2) Do this on all DCs and restart netlogon or restart machine.
This will prevent the DC from adding the domain A records from netlogon.
And you can add multiple Blank Domain A records as you need.

After you set this value, you must manually register your publicly available
IP addresses for your domain to appear as:
Same as parent folder Host "publicIP"

====================================
2. Now you can also publish the IP you want instead of having to put it in
manually for the blank FQDN. Do this on the DNS service in the registry.
[Taken from http://support.microsoft.com/?id=275554]

Configure the DNS service to publish a specific IP addresses to the DNS
zone.
To do so, make the following registry modification:
PublishAddresses
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters

Data type: REG_SZ
Range: IP address [IP address]
Default value: blank

This modification specifies the IP addresses that you want to publish for
the computer. The DNS server creates A records only for the addresses in
this list. If this entry does not appear in the registry, or if its

value

is
blank, the DNS server creates an A record for each of the computer's IP
addresses.

This entry is for computers that have multiple IP addresses, only a subset
of which you want to publish. Typically, this prevents the DNS server from
returning a private network address in response to a query when the computer
has a corporate network address.
====================================


See These Links for more info on it (the first one, IMO, is the best on this
subject):
Problems with Many DCs and Integrated DNS Zones [Q267855]
http://support.microsoft.com/?id=267855
Private Network Interfaces on a DC Are Registered in DNS [Q295328]
http://support.microsoft.com/?id=295328
Optimizing the Location of DC/GC That's Outside of Client's Site [Q306602]
http://support.microsoft.com/?id=306602


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================

I have an infrastructure consisting of a total of 8 dual NIC'd DCs.

Each
DC

is connected to a User LAN & a Management LAN.

I am trying to remove the Management LAN NIC ip address "Same as Parent
Folder" entry within dns leaving only the user LAN ip address "Same as
Parent Folder" entry.

In order to remove both I have used
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Registry value: DnsAvoidRegisterRecords
Data type: Reg_Multi_Sz
Value: LdapIpAddress

I then manually add:
Same as Parent folder Host "Actual User LAN IP Address"

My development network consists of two child domain DCs I can action the
above on each DC and I am left with the desired entries of a single

user
ip

address "same as parent folder" entry for each of the DCs.

However if I carry this out on my live environment the manual entry
disappears after a few minutes. I have looked at the following
1. The account I use does have sufficient rights to carry out the work
2. There is no time stamp on the record - as you would expect - so no
scavenging is taking place
3. The original entries do not return even when stopping and starting
netlogon so there is no problem with the original registry entry

The first entry disappears after I have carried out the sequence on the
second DC.

So far I have only got as far as the second DC because when this

happened

I
reversed the registry entry and returned the boxes to their original state.

Advice on how to stabilise with the single setting will be appreciated.
Could it be something to do with replication not working properly?

Why am I only seeing it on my live network?

Cheers
Simmo