none
DNS Name servers - I only want two of my nine servers listed RRS feed

  • Question

  • I have DNS running on all nine DCs.  Each DC/DNS server has all nine listed in Name Servers under DNS.  I'd like to only have two listed, the same two (#3 & 5) on all nine.  That way if someone does a nslookup on internal.com they only get that #3 & 5 as a reply. Problem is eventually all nine keep coming back.  I did this in test domain and same behavior so I suspect it to be by default.  Any way to only list the NS I want?

    • Edited by Franky_M Monday, June 29, 2020 10:53 PM
    Monday, June 29, 2020 10:52 PM

All replies

  • Hi,

    In regard to your issue of ‘Only list DNS server wanted’, the method I can find so far is to delete unwanted A RR( same as parent folder) in your DNS server. I have test it in my environment, it worked successfully.
    Then you can use ‘nslookup domain name’ to check the reply, which will only contain the IP address of DNS server you wanted.

    But delecting these record may cause some unexpected problem during AD domain service( so far I haven’t experience these problems in my environment) . So it’s not suggested that you take this action if not strongly needed.



    Hope my answer will help you, thanks!

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, June 30, 2020 7:30 AM
  • Yes, I've tried deleting those too. As explained, given time they come back.
    Tuesday, June 30, 2020 1:42 PM
  • Hi,

    Because this A RR is dynamic resource record, so it will automatically register after being deleted.
    You can delete this RR through Registry Editor permanently:

    HKLM_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
    Add key:RegisterDnsARecords, value=0

    We have tested that this method can solve the current problem, but will also cause some unexpected effects in the AD environment.
    Firstly, the client configured with non-SRV-aware will fail to find DC, so as some programs require these RR to find DC.

    Then this action may cause the following result:
    (1)Fail to creact new namespace in DFC, error:The RPC server is unavailable

    Reference Link:
    "The namespace cannot be queried. The RPC server is unavailable." error attempting to create a DFS namespace on Windows Server 2008
    (2) “Invalid Pointer“

    Reference Link:
    GPMC backup of a GPO fails together with an "Invalid Pointer" error message

    Above all, make this configuration in DNS will solve this problem currently. But in the long term, the effect in the AD environment is also a very critical element to be considered.So we don't recommand you to use this method at the cost of risks.

      

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Edited by Gloria Gu Wednesday, July 1, 2020 8:33 AM
    • Proposed as answer by Gloria Gu Friday, July 3, 2020 8:47 AM
    Wednesday, July 1, 2020 8:32 AM
  • Hi,

    Just want to confirm the current situations. Please feel free to let us know if you need further assistance.


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, July 3, 2020 8:47 AM
  • From my reading on RegisterDnsARecords I don't understand it it stops just itself from registering or does it also stop registering all clients?  What if this DC is also a DHCP server, would it continue to register clients?
    Saturday, July 4, 2020 8:53 PM