Pesky A Record wont go away

[Jenkins]

I have 2 Active Directory domain controllers, both with 2 nics. One
for the interal network and one dedicated to a GB backup network.

the backup nic keeps registering an A record in DNS.

from reading all the MS articles i learned that despite the settings
on the card the server will register A records for all available
interfaces.

i have tried using the PublishAddresses key but this doesnt seem to
work either.

the backup interface has netbios disabled, the option to register dns
is removed and there is no gateway specified. (i am using the host
file on the backup server for resolution)

how do i kill these 2 A records that my domain controllers are
registering from their backup interfaces???

the registry looks like this
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters]
"BootMethod"=dword:00000003
"PreviousLocalHostname"="dc-01-company.org"
"EventLogLevel"=dword:00000001
"ListenAddresses"="10.10.105.115"
"PublishAddresses"="10.10.105.115"

* ip's listed above are not accurate

 

[William Stacey [MVP]]

Note: If you have DNS listening on the interface, it will register A record
also.

 

[Jenkins]

dns is configured to listen only on the one interface, but yet the A
record still gets registered for the backup nic.

the PegisterAddresses registry key doesnt seem to be working

 

[William Stacey [MVP]]

Think it must be NetLogin or DHCP client then. I forgot the entries to
config that. Maybe someone will post or I will if I can find again.

 

[William Stacey [MVP]]

Actually, I was able to Google some very old posts of mine. I tend not to
like messing with the default behaviors of the Netlogin service, but if you
really need, I hope this info can help.

== Post 1 ==
A records are registered by netlogon. Actually, if you are a w2k
server, it can get a little more complicated. Regististrations can happen
by each of the following:
1) DHCP Client service - all w2k computers (this is the service that
registers via the ipconfig /registerdns command you talked about)
2) DNS Server service - w2k DNS servers
3) Netlogon service - w2k DCs only
4) RAS client - w2k RAS clients
5) DHCP server - w2k DHCP

Netlogon Service
------------------
"By default, Netlogon registers certain SRV, CNAME, and A records every hour
even if some or all of these records are correctly registered in DNS." (KB
Q246804)

"Registration of domain A records for all adapters by Netlogon and
subsequent
re-registration every hour (by default) can be problematic if clients
resolve
the domain name to an unreachable IP address.

The following registry key enables/disables the registration of A records by
Netlogon for a domain controller. The domain A records are *NOT required by
Windows 2000, but are registered for the *benefit of Lightweight Directory
Access
Protocol (LDAP) implementations that do not support SRV records."

"Does not register DNS A records. LDAP implementations that do not support
SRV records will not be able to locate the LDAP server on this domain
controller."

My take is we only have to worry about LDAP implementations that do not
support SRV records. Does anyone know of any?? So it seems we can sleep
easy and use that record as needed for web services.

So by my read, if you want to point your Domain A records (i.e.
mydomain.com) to your will, then:
1) Add the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Registry Value: DnsAvoidRegisterRecords and add the "LdapIpAddress"
Mnemonic.
2) Do this on all DCs and restart netlogon or restart machine.
3) Manually add domain A records.

SEE Below for further info:
-Registration of gc._msdcs.<DnsForestName> Records Is Required [Q258213]
-How to Enable/Disable Windows 2000 Dynamic DNS Registrations [Q246804]
-***Problems with Many DCs and Integrated DNS Zones [Q267855]*** Good!


== Post 2 ===
1) DNS server will register NS and A records for each IP DNS is listening on
(All IPs by default.) This is done regardless of how the "Register this
connection's address in DNS" (RTCON) is set.
2) If a DNS server is installed locally, the DHCP client (like the ipconfig
/registerdns) will register an A record for each interface on the system
regardless of how the RTCON is set.
3) Netlogon on a DC observers the state of RTCON even if a DNS server is
loaded locally. If RTCON is on, Netlogon will register SRV, CNAME and A
records every hour for each IP on each interface.

See below for further info:
-How to Enable/Disable Windows 2000 Dynamic DNS Registrations [Q246804]
-Problems with Many DCs and Integrated DNS Zones [Q267855] - This describes
how to "tune" what netlogon registers.

 

[Ace Fekay [MVP]]

In

I have 2 Active Directory domain controllers, both with 2 nics. One
for the interal network and one dedicated to a GB backup network.

the backup nic keeps registering an A record in DNS.

from reading all the MS articles i learned that despite the settings
on the card the server will register A records for all available
interfaces.

i have tried using the PublishAddresses key but this doesnt seem to
work either.

the backup interface has netbios disabled, the option to register dns
is removed and there is no gateway specified. (i am using the host
file on the backup server for resolution)

how do i kill these 2 A records that my domain controllers are
registering from their backup interfaces???

the registry looks like this
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters]
"BootMethod"=dword:00000003
"PreviousLocalHostname"="dc-01-company.org"
"EventLogLevel"=dword:00000001
"ListenAddresses"="10.10.105.115"
"PublishAddresses"="10.10.105.115"

* ip's listed above are not accurate

This is default behavior of how the Netlogon service functions to ensure
registration, and especially if you have DNS installed on it. The way to
alter the default netlogon behavior is to follow Kevin or William's post.

With all due respect, I always suggest to avoid altering the Netlogon
service default behaviors. The *best* thing to do, and to make
administration much easier on you, is to not multihome a DC/DNS server for
the obvious reasons you've encountered. Multihomed DCs/DNS machines are
problematic as you've found out. If you want to have a backup NIC, keep it
in there, but disable it. Enable it if the other one goes down.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.