Microsoft KB Archive/289735

= Routing and Remote Access IP Addresses Register in DNS =

Article ID: 289735

Article Last Modified on 2/28/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server

-



This article was previously published under Q289735



SYMPTOMS
When DNS queries for the domain name or the domain controller's fully qualified domain name (FQDN) are sent to a Windows 2000 domain controller that is running Routing and Remote Access, the domain name or FQDN for the domain controller is resolved to an Internet protocol (IP) address that is used by Routing and Remote Access.

DNS Manager displays HOST (A) records for the Routing and Remote Access server IP addresses and Routing and Remote Access client IP addresses with the name of the domain controller and the name of the domain that is used for Active Directory.

NOTE: In Windows 2000, a HOST (A) record for the domain name is displayed with the same name as parent folder.

This behavior occurs after the first incoming Routing and Remote Access or virtual private network (VPN) connection causes the server to bind an IP address to its own NDISWAN adapter. Because the Windows 2000-based computer uses DNS name resolution for accessing NetBIOS resources, you may not be able to access resources.



CAUSE
This issue can occur because after you have configured and enabled Routing and Remote Access on a Windows 2000 domain controller, and the first incoming Routing and Remote Access or VPN connection is made, the server creates a PPP/NDISWAN interface. After this interface is created, the Netlogon service or the DNS Server service recognizes the interface as an interface, and then registers HOST (A) records for the Routing and Remote Access IP address that the server takes as well as the Routing and Remote Access client IP address.



RESOLUTION
NOTE: If you run Routing and Remote Access on a domain controller that owns the operations master role, a multi-homed master browser is created. It is recommended that you install Routing and Remote Access on another computer for full browsing capabilities. It is also recommended that the domain controller, which is the multi-homed master browser, has only one interface. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

191611 Symptoms of Multi-homed Browsers

How to Prevent the DNS Server Service from Registering A Records
The DNS Server service registers HOST records for all interfaces on the local computer including interfaces created by Routing and Remote Access. To prevent this behavior, configure the interfaces available to DNS. To do so:
 * 1) Start DNS Manager.
 * 2) Right-click the computer name, and then click Properties.
 * 3) Click the Interfaces tab, and then click Only the following IP addresses.
 * 4) Remove any Routing and Remote Access IP addresses that are listed.

If the Routing and Remote Access IP addresses are not displayed in the DNS console, but HOST (A) records are registered for the FQDN of the domain controller in DNS, use the PublishAddresses registry key to manually add only the IP addresses which you want DNS to register. Add the appropriate IP addresses with one space between addresses to the value. To configure the PublishAddresses registry key:  Start Registry Editor (Regedt32.exe). Locate and click the following key in the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters

 On the Edit menu, click Add Value, and then add the following registry value:

Value name: PublishAddresses

Data type: REG_SZ

Range:

Default value: blank

 Quit Registry Editor.

How to Prevent Netlogon A Records from Being Registered
The Netlogon service registers the records for the domain. These records have the same name as the parent folder. To prevent this behavior, use the RegisterDnsARecords key. When you set this value to 0, Netlogon A records are not registered. To set the RegisterDnsARecords key:  Start Registry Editor (Regedt32.exe).</li> Locate and click the following key in the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

</li> On the Edit menu, click Add Value, and then add the following registry value:

Value name: RegisterDnsARecords

Data type: REG_DWORD

Range: 0 - 1

Default value: 1

</li> Quit Registry Editor.</li></ol>

After you complete this procedure, you must maintain the HOST (A) records for the domain in its forward lookup zone, and the global catalog HOST (A) record that is located in _msdcs.gc.domain name.com.

<div class="moreinformation_section">

MORE INFORMATION
For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

246804 How to Enable/Disable Windows 2000 Dynamic DNS Registrations

Keywords: kbnetwork kbprb KB289735

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.