2nd NIC keeps registering in DNS on Win2k8

A little background first. I have roughly 5 DC's in my domain. 3 of which are
Win2k8, and 2 are still Win2k3. The Win2k3 DC's will eventually be upgraded
to Win2k8 within the next 3 months.

Two of the Win2k8 DC's have multiple NIC's for a SANs solution. The LAN NIC
has a 10.0.0.0 / 8 on it, where the SANs NIC has a 192.168.1.0 / 24 on it. I
dont want the SANs NIC IP to show in DNS. There's no reason for it and in
fact, it causes some issues when its in there. In the properties of the SANs
NIC, I have gone into Advanced -> DNS and have removed the check mark for
"Register this connection's address in DNS" yet the IP address is constantly
being registered in DNS. Is there someplace else in Windows 2008 that you
need to change something so that the 192.168.1.x address doesn't show in
DNS???

 

To understand what is happening and why, requires an understanding of Active
Directory's underlying functions. To simply state it, because of the way AD
works and DNS registration, it is highly suggested and recommended to NOT
multihome domain controllers. This is based on numerous engineers, including
Microsoft KB articles indicating issues with multihoming DCs. The only
exception is SBS server.

The netlogon service on each DC registers necessary data in the form of SRV
records into DNS. This includes the GcIpAddress (if it is a GC and assuming
you have one domain, all DCs should be a GC), as well as the LdapIpAddress,
which is the record that shows up as "same as parent." Also, because it is a
DNS server, it will register its A record, even if you disable it. Kind of a
self-identifier that it's an SOA.

You can change this default functionality on a DC if you really need a DC to
be mutltihomed. However, it rerquires numerous registry changes. Read my
blog on this thoroughly, which has additional details, to understand what is
going on, and ways to alter your DCs' default functionality to accomodate
your requirements. Otherwise, the real suggestion is to disable one of the
NICs, or team them to eliminate the multiple interfaces.

Oh, I haven';t tested this on 2008 yet, but looking at all the registry
entries on a 2008 machine, they are the same.

Multihomed DCs with DNS, RRAS, multiple IPs, and/or PPPoE adapters
http://msmvps.com/blogs/acefekay/ar...-dcs-with-dns-rras-and-or-pppoe-adapters.aspx

I know this is NOT what you wanted to hear. Sorry. However I hope you find
this useful at least to understand what is happening and to create a plan of
attack as to how to move forward.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance, please
contact Microsoft PSS directly. Please check http://support.microsoft.com
for regional support phone numbers.

 

Make sure DNS service on your DC is bound to only the IP you want to register.

 

That won;t help if this is a DC, because the netlogon services
registers records, and simply setting the binding in DNS, won't do the
trick, unfortunately.

Ace