DNS and Domain Controllers
Posted on 21/06/07 15:39
Windows DC's like to set their address in DNS to also be the address of the domain itself, so our DNS ends up having this, among other things:
dc1.css.washington.edu -> <private IP 1>
dc2.css.washington.edu -> <private IP 2>
css.washington.edu -> <private IP 1>
css.washington.edu -> <private IP 2>
Those css.washington.edu records are totally useless, and they prevent us from using css.washington.edu as the address for any other server, e.g. a web server.
dc1.css.washington.edu -> <private IP 1>
dc2.css.washington.edu -> <private IP 2>
css.washington.edu -> <private IP 1>
css.washington.edu -> <private IP 2>
Those css.washington.edu records are totally useless, and they prevent us from using css.washington.edu as the address for any other server, e.g. a web server.
Fixing this in the campus DNS is easy, I just asked them to delete the records, and they did.
Fixing it in our DNS is a little harder, because it's dynamic, and the DC's will just keep putting it back in if you delete it.
Fortunately, MS has made it possible to fix this behavior while still keeping everything dynamic, by applying to each DC the registry fix from Knowledge Base article 295328:
Fixing it in our DNS is a little harder, because it's dynamic, and the DC's will just keep putting it back in if you delete it.
Fortunately, MS has made it possible to fix this behavior while still keeping everything dynamic, by applying to each DC the registry fix from Knowledge Base article 295328:
To disable only the registration of the local IP addresses, set the following registry value:
Key: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetlogonParameters
Registry value: DnsAvoidRegisterRecords
Data type: REG_MULTI_SZ
Value: LdapIpAddress
