Prevent Registration of Certain Domain Controller DNS Records

There are times when you want to restrict a Domain Controller from registering certain resource records in the DNS. One of the scenario is when you have hub - spoke topology, it is preferable that if all domain controllers/global catalogs in a satellite site become unavailable, a client that is searching for a domain controller/global catalog in that site will fail over to a domain controller/global catalog in a central hub and not in another satellite site.
To achieve this behavior, the domain controllers/global catalogs in the satellite offices should not register generic (non-site-specific) domain controller locator DNS records

To restrict the DNS resource records that are updated by NetlLogon

1. Open Registry Editor.
2. In Registry Editor, navigate to the following registry key:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
3. Add the following multistring value (REG_MULTI_SZ) value:
   DnsAvoidRegisterRecords
4. In this value, specify the list of data corresponding to the DNS resource records that should not be registered for this domain controller by the Net Logon service. The following table contains the list of data.

<>

<>

Domain Controller -Specific Records

Mnemonic	Type	DNS Record
LdapIpAddress	A
Ldap	SRV	_ldap._tcp.
DcByGuid	SRV	_ldap._tcp..domains._msdcs.
Kdc	SRV	_kerberos._tcp.dc._msdcs.
Dc	SRV	_ldap._tcp.dc._msdcs.
Rfc1510Kdc	SRV	_kerberos._tcp.
Rfc1510UdpKdc	SRV	_kerberos._udp.
Rfc1510Kpwd	SRV	_kpasswd._tcp.
Rfc1510UdpKpwd	SRV	_kpasswd._udp.

Global Catalog-Specific Records

Mnemonic	Type	DNS Record
Gc	SRV	_ldap._tcp.gc._msdcs.
GcIpAddress	A	gc._msdcs.
GenericGc	SRV	_gc._tcp.