Hello,

I have Win2003 DC equiped with two NICs - one for LAN and the other one for
WAN connection (actually there are two DCs, replicating each other). There
are ADI DNS zone for LAN and other non-ADI zones for WAN IPs. All worksations
register in ADI and other, non-DC servers (connected to both networks) should
register in ADI with LAN IP ONLY. To do this I uncheck the "Register this
connection's addresses in DNS" option for WAN NICs - and this WORKS - WAN IPs
don't appear in ADI zone.
The problem is, that this doesn't work with DCs - they register all their
IPs in ADI zone which makes a mess. Workstations trying to connect to DC,
using intranet DNS zone, get its WAN IP instead of LAN IP and because of
this, all further traffic passes the router.
When a DC is an NLBS node, the NLBS IP is also being registered in ADI zone.
When you want to connect to the server (to a particular port which is
load-balanced) using its local domain name, you actually connect to NLBS IP,
so you don't event know which node you reach.

I already tried entering proper "Connection specific domain suffix" for each
connection or leaving one of them blank - no success.

How can I force DCs not to register ALL their IPs in ADI DNS zone?
I didn't find any solution for this on the Internet so far... !


regards,
gizbern

Check out Knowledge Base 275554 which refers to KB 292822 which deals with
multi-nic DCs.

Let us know if this s.

SlowBob

"gizbern" wrote:

> Hello,
>
> I have Win2003 DC equiped with two NICs - one for LAN and the other one for
> WAN connection (actually there are two DCs, replicating each other). There
> are ADI DNS zone for LAN and other non-ADI zones for WAN IPs. All worksations
> register in ADI and other, non-DC servers (connected to both networks) should
> register in ADI with LAN IP ONLY. To do this I uncheck the "Register this
> connection's addresses in DNS" option for WAN NICs - and this WORKS - WAN IPs
> don't appear in ADI zone.
> The problem is, that this doesn't work with DCs - they register all their
> IPs in ADI zone which makes a mess. Workstations trying to connect to DC,
> using intranet DNS zone, get its WAN IP instead of LAN IP and because of
> this, all further traffic passes the router.
> When a DC is an NLBS node, the NLBS IP is also being registered in ADI zone.
> When you want to connect to the server (to a particular port which is
> load-balanced) using its local domain name, you actually connect to NLBS IP,
> so you don't event know which node you reach.
>
> I already tried entering proper "Connection specific domain suffix" for each
> connection or leaving one of them blank - no success.
>
> How can I force DCs not to register ALL their IPs in ADI DNS zone?
> I didn't find any solution for this on the Internet so far... !
>
>
> regards,
> gizbern
>

Hello,

It worked! Adding "PublishAddresses" registry key for DNS service seems to
solve the problem. Thank you!

But they also suggest to set "RegisterDnsARecords" key to 0 for NetLogon
service. I'm not sure what problem it solves. Is it necessary? Does NetLogon
register A record in DNS durring Windows startup or when? My server needs to
be up all the time, so I cannot verify this.
Anyway thank you for the solution!

best regards,
gizbern


"SlowBob" wrote:

> Check out Knowledge Base 275554 which refers to KB 292822 which deals with
> multi-nic DCs.
>
> Let us know if this s.
>
> SlowBob
>

Yes, the NetLogon key is required too. See KB198767 for additional info.

Dlow Bob

"gizbern" wrote:

> Hello,
>
> It worked! Adding "PublishAddresses" registry key for DNS service seems to
> solve the problem. Thank you!
>
> But they also suggest to set "RegisterDnsARecords" key to 0 for NetLogon
> service. I'm not sure what problem it solves. Is it necessary? Does NetLogon
> register A record in DNS durring Windows startup or when? My server needs to
> be up all the time, so I cannot verify this.
> Anyway thank you for the solution!
>
> best regards,
> gizbern
>
>
> "SlowBob" wrote:
>
> > Check out Knowledge Base 275554 which refers to KB 292822 which deals with
> > multi-nic DCs.
> >
> > Let us know if this s.
> >
> > SlowBob
> >