Content Search

Custom Search

IP Address Lookup

Saturday, October 29, 2011

Prevent Registration of Certain Domain Controller DNS Records

There are times when you want to restrict a Domain Controller from registering certain resource records in the DNS. One of the scenario is when you have hub - spoke topology, it is preferable that if all domain controllers/global catalogs in a satellite site become unavailable, a client that is searching for a domain controller/global catalog in that site will fail over to a domain controller/global catalog in a central hub and not in another satellite site.
To achieve this behavior, the domain controllers/global catalogs in the satellite offices should not register generic (non-site-specific) domain controller locator DNS records

To restrict the DNS resource records that are updated by NetlLogon
  1. Open Registry Editor.
  2. In Registry Editor, navigate to the following registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
  3. Add the following multistring value (REG_MULTI_SZ) value:
    DnsAvoidRegisterRecords
  4. In this value, specify the list of data corresponding to the DNS resource records that should not be registered for this domain controller by the Net Logon service. The following table contains the list of data.
<>
<>
Domain Controller -Specific Records
Mnemonic
Type
DNS Record
LdapIpAddress
A
Ldap
SRV
_ldap._tcp.
DcByGuid
SRV
_ldap._tcp..domains._msdcs.
Kdc
SRV
_kerberos._tcp.dc._msdcs.
Dc
SRV
_ldap._tcp.dc._msdcs.
Rfc1510Kdc
SRV
_kerberos._tcp.
Rfc1510UdpKdcSRV_kerberos._udp.
Rfc1510KpwdSRV_kpasswd._tcp.
Rfc1510UdpKpwdSRV_kpasswd._udp.

Global Catalog-Specific Records
Mnemonic
Type
DNS Record
GcSRV_ldap._tcp.gc._msdcs.
GcIpAddressAgc._msdcs.
GenericGcSRV_gc._tcp.

2 comments:

piyush23 said...

Thanks for sharing excellent informations. Your site is very cool. I’m impressed by the details that you have on this blog. It reveals how nicely you perceive this subject. Web Hosting India

Movies Gallery 2011 said...

Thanks for sharing your info. I really appreciate your efforts and I will be waiting for your further write ups thanks once again.
Vee Eee Technologies

Quote of the Day