DC doesn't register domain A record

[John O.]

(Posting this here as it seems more related to AD than DNS.)
My domain has three DC's, two of which were recently installed and one
that's been in production for about two and a half years. Netlogon on
the old DC (let's call it dc1.my.domain.gov) registers a domain A
record -- in netlogon.dns this appears as something like:
my.domain. 600 IN A 10.123.234.1
Neither of the two newer DC's registers a domain A record. Their
netlogon.dns files show all the usual SRV records, all of which are
properly and correctly registered in DNS, but neither shows the A
record.
(I know that the domain A record is not used by AD, but there may be
some legitimate reasons for wanting it to be present.)
I've compared network settings and Netlogon registry settings across
all three DC's and I see no differences, so right now I'm at a loss to
explain the difference in behavior.
Any ideas?

 

[Jorge de Almeida Pinto [MVP]]

two things that come up that could be it....

(1) DHCP Client service is disabled
(2) DNSAvoidARecordRegistration key is set (or whatever it is called)

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx

 

[John O.]

Thanks for the suggestions... turns out they didn't help but I
appreciate the effort. To summarize:

DnsAvoidRegisterRecords was not set.
RegisterDnsARecords was originally not set (default is supposed to be
1, meaning A records should be registered) but even with it set to 1
explicitly the effect was the same, as you'd expect.
DHCP client was enabled (and anyway it's a Netlogon issue, and Netlogon
has been registering SRV records.)

Anyway, I finally managed to stumble across a solution while looking at
the registry. It seems that DisableDynamicUpdate (in the
Tcpip\Parameters key) was set to 1 due to a quirk of the server's
installation process. Deleting that value wasn't enough; I had to make
another change to a value under that key before it worked. (I
restarted both DHCP Client and Netlogon after each change, just to be
sure.)
It appears that Netlogon looks at the DisableDynamicUpdate value before
creating the list of records in netlogon.dns -- yet it does register
the SRV records that it writes to netlogon.dns regardless of the
DisableDynamicUpdate value. It appears that it only leaves out all the
A records. (Turns out it also left out the A record for
gc._msdcs.{root domain} but I hadn't noticed since I was looking
specifically for the LdapIpAddress domain A record entry.)

Thanks again...

 

[Jorge de Almeida Pinto [MVP]]

When I read your post about not registering the A record I THOUGHT you were
talking about the HOST A RECORD.

My apologies.

The host A record IS registered by the DHCP Client service and it does not
matter if the IP is static or not.
The Domain A record (which I see now you were talking about....first time I
read too fast through your post) and service records are indeed registered
by the netlogon service.


--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx