T
Trust No One®
Hi Folks,
My company is currently well advanced in its AD rollout with over 50 domain
controllers worldwide and quite a few more to come. So far it has been
remarkably painless (I still get my 8 hours sleep daily) despite that the
fact that we don't use Microsoft DNS
I recently did some monitoring on our primary DNS servers and I noticed that
it is frequently sending NOTIFIES to its secondaries due to the _msdcs
forest root zone being periodically updated. The zone is updated roughly
every 3 to 4 minutes which seems to correlate with 50+ domain controllers
updating their SRV records every hour.
In coming up with the DNS design I read just about every white paper and
book out there, paying particular attention to KB Article 246804. Based on
this KB article I set the registry key:
HKLM\CCS\Services\Tcpip\Parameters\DefaultRegistrationRefreshInterval
to 0x2A30 (3 hours)
in the belief that this setting affected all dynamic DNS registrations
(including SRV and CNAME) by domain controllers. I was hoping to reduce the
amount of Netlogon DNS registrations by increasing the interval from the
default of 1 hour (for domain controllers) to 3 hours.
This does not seem to be the case however, and the registry key above only
seems only to apply to A and PTR records
I've re-read the KB Article carefully and it seems to suggest near the end
that SRV and CNAME registrations by the NETLOGON service can only be
disabled or enabled (by use of the UseDynamicDNS registry key).
Could anyone confirm my latter interpretation above to be correct?
It would be extremely useful if the frequency of Netlogon DNS registrations
could be varied, but the KB article seems to suggest that the only option
available is to switch the registrations off
The DNS servers are coping with the load, but it would be nice to reduce the
volume of DNS traffic as hourly renewals of the SRV/CNAME records seems
rather like overkill
Is anyone running with periodic Netlogon DNS Registrations disabled? It
seems a workable solution as after all there are relatively few occasions
when the DNS registrations will change.
Best Wishes,
My company is currently well advanced in its AD rollout with over 50 domain
controllers worldwide and quite a few more to come. So far it has been
remarkably painless (I still get my 8 hours sleep daily) despite that the
fact that we don't use Microsoft DNS
I recently did some monitoring on our primary DNS servers and I noticed that
it is frequently sending NOTIFIES to its secondaries due to the _msdcs
forest root zone being periodically updated. The zone is updated roughly
every 3 to 4 minutes which seems to correlate with 50+ domain controllers
updating their SRV records every hour.
In coming up with the DNS design I read just about every white paper and
book out there, paying particular attention to KB Article 246804. Based on
this KB article I set the registry key:
HKLM\CCS\Services\Tcpip\Parameters\DefaultRegistrationRefreshInterval
to 0x2A30 (3 hours)
in the belief that this setting affected all dynamic DNS registrations
(including SRV and CNAME) by domain controllers. I was hoping to reduce the
amount of Netlogon DNS registrations by increasing the interval from the
default of 1 hour (for domain controllers) to 3 hours.
This does not seem to be the case however, and the registry key above only
seems only to apply to A and PTR records
I've re-read the KB Article carefully and it seems to suggest near the end
that SRV and CNAME registrations by the NETLOGON service can only be
disabled or enabled (by use of the UseDynamicDNS registry key).
Could anyone confirm my latter interpretation above to be correct?
It would be extremely useful if the frequency of Netlogon DNS registrations
could be varied, but the KB article seems to suggest that the only option
available is to switch the registrations off
The DNS servers are coping with the load, but it would be nice to reduce the
volume of DNS traffic as hourly renewals of the SRV/CNAME records seems
rather like overkill
Is anyone running with periodic Netlogon DNS Registrations disabled? It
seems a workable solution as after all there are relatively few occasions
when the DNS registrations will change.
Best Wishes,