Question on using DnsAvoidRegisterRecords registry key

S

srp336

I've got a situation where one of our company's locations (let's call
it xyz.com) has an Active Directory setup using xyz.com as its
AD-enabled dns zone. They also have a web site hosted at an external
location.

They're able to hit http://www.xyz.com/ from their LAN just fine. Since
xyz.com is their AD dns zone, it's registering all of the DCs as A
records. So, http://xyz.com/ doesn't work from their LAN (it works fine
everywhere else).

The solution I've seen to that is to define the registry key
DnsAvoidRegisterRecords on all the DCs that are creating the xyz.com A
records.

I'm concerned what the side effects of this will be? Will anything
break? The internal DNS already has an A record for xyz.com for the
real address of the website. It's just that the 4 DCs addresses that
appear there are lower than it.

Thanks!
 
K

Kevin D. Goodknecht Sr. [MVP]

I've got a situation where one of our company's locations (let's call
it xyz.com) has an Active Directory setup using xyz.com as its
AD-enabled dns zone. They also have a web site hosted at an external
location.

They're able to hit http://www.xyz.com/ from their LAN just fine.
Since xyz.com is their AD dns zone, it's registering all of the DCs
as A records. So, http://xyz.com/ doesn't work from their LAN (it
works fine everywhere else).

The solution I've seen to that is to define the registry key
DnsAvoidRegisterRecords on all the DCs that are creating the xyz.com A
records.

I'm concerned what the side effects of this will be? Will anything
break? The internal DNS already has an A record for xyz.com for the
real address of the website. It's just that the 4 DCs addresses that
appear there are lower than it.
Click to expand...

Do not do this, the domain name MUST resolve only to IP addresses on Domain
controllers that have file sharing enabled. This is for the \\xyz.com\sysvol
and \\xyz.com\netlogon DFS shares, where clients find their group policies
and logon scripts.
Modifying this behavior and creating a record that points to the webserver
can cause clients to look to the web server for group policies and logon
scripts.

Users must use http://www.xyz.com to access the website, the only workaround
is to use a website IIS on all DCs for http://xyz.com then use website
redirection on the website properties sheet (Home Directory tab), use "A
redirection to a URL" and enter http://www.xyz.com in the field.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

NEWBIE: DNS server on ADSL with static IP 21
intranet/extranet 6
multiple DNS servers for AD-integrated DNS 2
DnsAvoidRegisterRecords 3
DNS Config issue 13
Problems with the DnsAvoidRegisterRecords registry key 3
DNS Delegation 5
Event 4015 - Every four days 2

Top