Interface registering in DNS despite being told not to

[Andre Fortin]

Hello,

I have a DC which is also a backup server. In order to back up a
certain server that is not on our domain, I have a second NIC in the DC,
configured on the same subnet as that server (this bypasses going through 2
firewalls to get to that server). I configured the second connection to not
register itself in DNS (in the DNS tab, I've unchecked 'Register this
connection's address in DNS'. The interface facing the real domain is set
to register itself in DNS. However, every time I enable the second
interface, it DOES register in DNS, and therefore, clients are seeing an IP
that is not reachable. Why is this address being registered in DNS despite
being explicitly told not to? Is this a bug? Or am I missing something?
Thanks in advance,

Andre Fortin

 

[Kevin D. Goodknecht [MVP]]

In

Hello,

I have a DC which is also a backup server. In order to back up a
certain server that is not on our domain, I have a second NIC in the
DC, configured on the same subnet as that server (this bypasses going
through 2 firewalls to get to that server). I configured the second
connection to not register itself in DNS (in the DNS tab, I've
unchecked 'Register this connection's address in DNS'. The interface
facing the real domain is set to register itself in DNS. However,
every time I enable the second interface, it DOES register in DNS,
and therefore, clients are seeing an IP that is not reachable. Why
is this address being registered in DNS despite being explicitly told
not to? Is this a bug? Or am I missing something? Thanks in advance,

Not a bug, Domain Controllers by default will register all addresses on all
adapters.

To stop the creation of the host record for the DC name, use the DNS
management console, click on the properties of the DNS server, select the
interfaces tab. Then select the option Listen only on these addresses and
use the IP you want the record to point to.

To stop the creation of the (same as parent folder) host takes a little
more, you have to make a registry entry and manually create the record with
the correct IP leaving the name field blank, it will bark at you saying
(same as parent folder) is not a valid host name, click OK to create the
record anyway.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Registry value: DnsAvoidRegisterRecords
Data type: REG_MULTI_SZ

Data: LdapIpAddress

After you make this registry entry don't forget to manually create the
record, it is neccessary for the SYSVOL DFS Share.

 

[Andre Fortin]

Hello,

Changing the DNS interfaces worked for the registration of the name.. As
for the root record, it is still being registered. Since I'm using Windows
2000, the type I used with REG_SZ. Do I need to reboot in order for this to
take effect? Thanks for the help

Andre

 

[Kevin D. Goodknecht [MVP]]

In

Hello,

Changing the DNS interfaces worked for the registration of the
name.. As for the root record, it is still being registered. Since
I'm using Windows 2000, the type I used with REG_SZ. Do I need to
reboot in order for this to take effect? Thanks for the help

IIRC Reboot is not required but the registry type you used is incorrect, you
must use REG_MULTI_SZ to make this entry you must use regedt32 to edit the
registry.
After you make the entry run ipconfig /registerdns ten manually create the
record for the correct IP address.