Microsoft KB Archive/826743

= Clients cannot dynamically register DNS records in a single-label forward lookup zone =

PSS ID Number: 826743

Article Last Modified on 4/15/2004

-

The information in this article applies to:


 * Microsoft Windows Server 2003, Standard Edition
 * Microsoft Windows Server 2003, Datacenter Edition
 * Microsoft Windows Server 2003, Enterprise Edition
 * Microsoft Windows XP Professional
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Professional

-





Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry



SYMPTOMS
Clients cannot dynamically register DNS records in a single-label forward lookup zone. Specific symptoms vary according to the version of Microsoft Windows that is installed. The following list describes the symptoms:  After you install Microsoft Windows Service Pack 4 (SP4), all domain controllers may not be able to register DNS records. The system event log of the domain controller may consistently log NETLOGON 5781 warnings that are similar to the following example: Event Type: Warning

Event Source: NETLOGON

Event Category: None

Event ID: 5781

Description: Dynamic registration or deregistration of one or more DNS records failed because no DNS servers are available.

Data Words: 0000: 0000232a Note Status code 0000232a maps to the DNS_ERROR_RCODE_SERVER_FAILURE error code. The following are additional status codes and error codes that may appear in log files such as Netdiag.log:

DNS Error Code: 0x0000251D = DNS_INFO_NO_RECORDS

DNS_ERROR_RCODE_ERROR

RCODE_SERVER_FAILURE

 Windows 2000 SP4-based computers will not register in a single-label domain. A warning that is similar to the following example is recorded in the system event log of the computer: Event Type: Warning

Event Source: DnsApi

Event Category: None

Event ID: 11151

Description: The system failed to register network adapter with settings:

Adapter Name : {89317B1A-C246-4C7B-81D5-2CA8930EB721}

Host Name : FileServer

Adapter-specific Domain Suffix : domain.local

DNS server list :

209.242.21.82, 209.242.0.2, 209.242.0.5

Sent update to server : None

IP Address(es) : 192.168.127.254

The cause of this DNS registration failure was because of DNS server failure.

This may be due to a zone transfer that has locked the DNS server for the applicable zone that your computer needs to register itself with.

(The applicable zone should typically correspond to the Adapter-specific Domain Suffix that was indicated above.)

You can manually retry registration of the network adapter and its settings by typing &quot;ipconfig /registerdns&quot; at the command prompt. If problems still persist, contact your network systems administrator to verify network conditions. A Microsoft Windows Server 2003-based computer is not updating its SRV records and its host records in the DNS zone. Clients with fresh installations of Microsoft Windows XP cannot register with DNS dynamic update protocol on a DNS server. A message that is similar to the following example is recorded in the Windows XP system event log: Event Type: Warning

Event ID: 11165

Source: DnsApi

Description: The system failed to register host (A) resource records (RRs) for network adapter with settings:

Adapter Name : {8E866057-FDA9-4EBE-9F99-4D530A2933FD}

Host Name : SV2019

Primary Domain Suffix : mydom

DNS server list : 192.168.213.100, 204.246.1.20

Sent update to server : <?>

IP Address(es) : 192.168.213.101

The reason the system could not register these RRs was because the DNS server contacted refused the update request.

The reasons for this might be (a) you are not allowed to update the specified DNS domain name, or (b) because the DNS server authoritative for this name does not support the DNS dynamic update protocol.

To register the DNS host (A) resource records using the specific DNS domain name and IP addresses for this adapter, contact your DNS server or network systems administrator.



CAUSE
These issues may occur for either one of the following reasons if you have implemented a single-label domain namespace:
 * Starting with Windows 2000 SP4, the default setting for dynamically registering DNS records changed. In Windows 2000 SP4 and later, Windows does not dynamically register DNS records in a single-label domain.
 * By default, Windows XP, Windows Server 2003, and Windows 2000 SP4 and later do not send updates to top-level domains. You can change this behavior by using one of the methods that is shown in the &quot;Resolution&quot; section of this article.

<div class="resolution_section">

RESOLUTION
Microsoft does not recommend that you use Active Directory directory service domains with single-label DNS names. If you want to keep your single-label DNS structure, use one of the following methods to allow Windows-based clients to perform dynamic updates to single-label DNS zones.

Method 1: Use Registry Editor
Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk. <ol> On a client that is trying to dynamically update the single-label DNS zone, start Registry Editor.

Note The term &quot;client&quot; also applies to domain controllers.</li> Locate one of the following subkeys, depending on the client's operating system:  Windows XP or Windows 2000 SP4:

</li> Windows Server 2003:

IMPORTANT If the  subkey does not exist, you must create it. To do so: <ol style="list-style-type: lower-alpha;"> Right-click the following subkey:

</li> Point to New, and then click Key.</li> Type DNSClient, and then press ENTER.</li></ol> </li></ul> </li> Right-click the subkey, point to New, and then click DWORD Value.</li> Type UpdateTopLevelDomainZones, and then press ENTER.</li> Right-click the AllowSingleLabelDnsDomain entry, and then click Modify.</li> In the Value data box, type 1 .</li> To enable Active Directory domain members (clients, domain controllers, and DNS servers) to use DNS to locate domain controllers in domains with single-label DNS names, locate the following subkey:

</li> Right-click the subkey, point to New, and then click DWORD Value.</li> Type AllowSingleLabelDnsDomain, and then press ENTER.</li> Right-click the UpdateTopLevelDomainZones entry, and then click Modify.</li> <li>In the Value data box, type 1 .</li> <li>Repeat steps 1 through 11 for other clients that are trying to dynamically update the single-label DNS zone.</li> <li>For the changes to take effect, restart the computers where you changed the registry keys.</li></ol>

Summary of registry settings
The following list summarizes the registry entry settings that you create by using Method 1. For your convenience, this list is organized by operating system and by the computer's role in the domain.For Windows 2000 SP4 domain clients, for Windows 2000 SP4 domain controllers, and for Windows XP domain membersSubkey:

Entry name: UpdateTopLevelDomainZones

Data type: DWORD

Value: 1

Subkey:

Entry name: AllowSingleLabelDnsDomain

Data type: DWORD

Value: 1For Windows Server 2003 domain members and for Windows Server 2003 domain controllersSubkey:

Entry name: UpdateTopLevelDomainZones

Data type: DWORD

Value: 1

Subkey:

Entry name: AllowSingleLabelDnsDomain

Data type: DWORD

Value: 1

Method 2: Use Group Policy
Using Group Policy, enable the Update Top Level Domain Zones policy under the following folder on the root domain container in Users and Computers or on all organizational units (OUs) that host machine accounts for member computers and for domain controllers in the domain:

ComputerConfiguration\AdministrativeTemplates\Network\DNS Client

Note This policy is supported only on Windows Server 2003-based computers and on Windows XP-based computers.

To enable this policy, follow these steps on the root domain container:
 * 1) Click Start, click Run, type gpedit.msc, and then click OK.
 * 2) Under Local Computer Policy, expand Computer Configuration.
 * 3) Expand Administrative Templates.
 * 4) Expand Network.
 * 5) Click DNS Client.
 * 6) In the right pane, double-click Update Top Level Domain Zones.
 * 7) Click Enabled.
 * 8) Click Apply, and then click OK.
 * 9) Quit Group Policy.

For additional information about this new policy, click the following article number to view the article in the Microsoft Knowledge Base:

294785 New group policies for DNS in Windows Server 2003

The following article describes in detail how to use Group Policy Editor to change local policy settings for computers in all OUs that host machine accounts for member computers and domain controllers in the domain.

307882 HOW TO: Use the Group Policy Editor to manage local computer policy in Windows XP

On DNS servers, make sure that root servers are not created unintentionally. You may have to delete the root zone &quot;.&quot; on the Windows 2000-based DNS server to have the DNS records correctly declared. (The root zone is automatically created when DNS is installed because it cannot reach the root hints. This issue was corrected in Windows Server 2003.)

Root servers may be created by the DCpromo Wizard. If the &quot;.&quot; zone exists, a root server has been created. You may have to remove this zone for name resolution to work correctly.

New and modified DNS policy settings for Windows Server 2003
<ul> <li>The Update Top Level Domain Zones policy

If this policy is specified, it creates a REG_DWORD UpdateTopLevelDomainZones entry under the following registry subkey:

The following are the entry values for UpdateTopLevelDomainZones: <ul> <li>Enabled (0x1). An 0x1 setting means that computers may try to update the TopLevelDomain zones. That is, if the UpdateTopLevelDomainZones setting is enabled, computers that have this policy applied send dynamic updates to any zone that is authoritative for the resource records that the computer must update, except for the root zone.</li> <li>Disabled (0x0). An 0x0 setting means that computers may not try to update the TLD zones. That is, if this setting is disabled, computers that have this policy applied do not send dynamic updates to the root zone or to the top-level domain zones that are authoritative for the resource records that the computer must update. If this setting is not configured, the policy is not applied to any computers, and computers use their local configuration.</li></ul> </li> <li>The Register PTR Records policy

A new possible value, 0x2, of the REG_DWORD RegisterReverseLookup entry was added under the following registry subkey:

The following are the entry values for RegisterReverseLookup: <ul> <li>0x2 - Register only if A record registration succeeds. Computers try PTR resource records registration only if they successfully registered the corresponding A resource records.</li> <li>0x1 - Register. Computers try PTR resource records registration regardless of the success of the A records registration.</li> <li>0x0 - Do not register. Computers never try PTR resource records registration.</li></ul> </li></ul>

For additional information about the single-label domain name issue, click the following article number to view the article in the Microsoft Knowledge Base:

300684 Information about configuring Windows for domains with single-label DNS names

<div class="moreinformation_section">

MORE INFORMATION
The event ID 5781 Netlogon warning is seen on Active Directory-integrated DNS servers and on domain controllers with the Allow Dynamic Updates policy setting enabled.

If the registry entries that are described in Method 1 are present in the registry and if their values are set to 1, dynamic updates to the top-level domain zone will occur successfully.

By default, the registry entries are not present. If they are not present, or if they are present and if their values are set to 0, dynamic updates to the top-level domain zones will not succeed. The RCODE_SERVER_FAILURE error code will appear on the screen, or the following error code will appear in the DNS section of the log file if you run the Netdiag.exe diagnostic utility:DNS test. . . . . . . . . . . . . : Passed

Interface {6B1ED1B7-626E-4DDF-A4EB-B6A196573563}

DNS Domain:

DNS Servers: 172.20.200.72 172.20.200.30

IP Address: 172.20.200.30

Expected registration with PDN (primary DNS domain name):

Hostname: DC01.mydom.

[WARNING] Cannot find a primary authoritative DNS server for the name

'DC01.mydom.'. [RCODE_SERVER_FAILURE]

The name 'DC01.mydom.' may not be registered in DNS.

<div class="references_section">