Disable DNS network registration on DMZ network card

[daveH]

Hi,

I wish to disable the DNS network registration on a DMZ NIC on my Windows
2K3 domain controller. The M$ client and file sharing are disabled. Only
Tcp/Ip is available. Also, the checkbox 'Register this connection's
addresses in DNS' is uncheck 'disabled'.

The problem : I can't access the SYSVOL share \\domain.abcd\SYSVOL on the
domain controller ''. If I right-click the sysvol folder and select the DFS
tab and click [Status] it says : ~Unreachable. The policies are replicated
on the clients computers since they are on the public side and seems to use
the IP of public NIC to access the SYSVOL share. If I disable NIC 2 'DMZ
card', the DNS registration are removed for this IP and the SYSVOL share is
accessible from the domain controller 'DFS tab and click [Status] it says :
Okay'.


Step I performed with no success 'got this from :
"http://support.microsoft.com/default.aspx?scid=kb;EN-US;q246804"

-
'Register this connection's addresses in DNS' is uncheck 'disabled'
-
Set
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interf
aces\<NIC 2>\DisableDynamicUpdate to 1.
-
Set
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters\PublishA
ddresses to
192.168.10.1
-

After all this 'I've already restarted the server', if I disable NIC 2
'Right-click, disable' and after I re-enable the NIC 2 it add itself in the
DNS : ( . ALSO, I DON'T wish to enable Print and File sharing & M$ client
on NIC 2.

==========
Current setup :
==========

NIC 1 'Public'
192.168.10.1
DNS : 192.168.10.1

NIC 2 'Private DMZ, for backup & maintenance'
192.168.100.1

===============
Service running locally:
===============
DNS
DHCP

 

[Ace Fekay [MVP]]

What is the M$ client?

Seems derogatory to me...

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[daveH]

Ooopss,

Right-click 'My Network Places', right-click an adapter i.e: 'Local Area
Connection' and will figure under the line : 'This connection uses the
following items:'

[ ] Client for Microsoft Networks
M$ = Microsoft
???

Has I said earlier, I don't wish to enable the "Client for Microsof
Networks" and the "File and Printer Sharing for Microsoft Networks" for
security reasons. Currently I'm running a service on my server that connect
to the NIC 2 'DMZ' and it only need TCP/IP.

 

[Ace Fekay [MVP]]

In

Ooopss,

Right-click 'My Network Places', right-click an adapter i.e: 'Local
Area Connection' and will figure under the line : 'This connection
uses the following items:'

[ ] Client for Microsoft Networks
M$ = Microsoft
???

Has I said earlier, I don't wish to enable the "Client for Microsof
Networks" and the "File and Printer Sharing for Microsoft Networks"
for security reasons. Currently I'm running a service on my server
that connect to the NIC 2 'DMZ' and it only need TCP/IP.

What is the M$ client?
Seems derogatory to me...

I don't recall a dollar sign ($) in the name...
Like I said it sound derogatory to me. YOU have to remember where your
posting your request for help.

Many folks may not help willingly when someone posts something like this,
especially when Microsoft engineers are monitoring this group. Maybe that's
why no one has offered any help as of yet.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[daveH]

Finally I found a quick solution to my problem that work well. I had to
increase the priority of my public network card 'NIC 1'.

- Goto 'Network Connections' panel
- Menu [Advanced], [Advanced Settings], tab [Adapters and Bindings]
- Select the public NIC and bring it up.

It works well since the network service use the highest priority NIC 'in
this case NIC 1' unless my public NIC is down or disabled. A quick way to
use a second NIC with the 'File and print sharing' and 'MS client : )'
turned off.

ALSO, sorry if I hurt someone by using the abbreviation : M + 'ALT 036'

, solution for archive

 

[Ace Fekay [MVP]]

It's not that you hurt anyone, it's kind of subtly saying, hey you @#@head,
I got a prob, give me the answer....
But on behalf of everyone, thanks for the apology.

About your issue, normally with dual NICs on a machine (expecially a DC
and/or DNS server), you would put the internal NIC at the top of the Binding
order (not the external NIC), and make absolutely sure that both NICs are
only using the internal DNS server address and not the ISP's DNS or other
issues will arise. Configure a forwarder for efficient Internet resolution.
On the external you can disable the MS Client service and the F&P services
and disable NetBIOS. If it's a DNS server, set it to listen to the internal
interface only. If a DNS server and if you want the external IP to not
register, there's also a reg entry to set to stop that, since by default a
DNS will always register itself. You may also want to stop the GcAddress
too, since that can cause problems with a client or DC on lookup, if this is
a GC.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================

Finally I found a quick solution to my problem that work well. I had to
increase the priority of my public network card 'NIC 1'.

- Goto 'Network Connections' panel
- Menu [Advanced], [Advanced Settings], tab [Adapters and Bindings]
- Select the public NIC and bring it up.

It works well since the network service use the highest priority NIC 'in
this case NIC 1' unless my public NIC is down or disabled. A quick way to
use a second NIC with the 'File and print sharing' and 'MS client : )'
turned off.

ALSO, sorry if I hurt someone by using the abbreviation : M + 'ALT 036'

, solution for archive

The problem : I can't access the SYSVOL share \\domain.abcd\SYSVOL on the
domain controller ''. If I right-click the sysvol folder and select the DFS
tab and click [Status] it says : ~Unreachable. The policies are replicated
on the clients computers since they are on the public side and seems to use
the IP of public NIC to access the SYSVOL share. If I disable NIC 2 'DMZ
card', the DNS registration are removed for this IP and the SYSVOL share is
accessible from the domain controller 'DFS tab and click [Status] it

says

:
Okay'.