Routing and Remote Access IP Addresses Register in DNS (289735)

SYMPTOMS

When DNS queries for the domain name or the domain controller's fully qualified domain name (FQDN) are sent to a Windows 2000 domain controller that is running Routing and Remote Access, the domain name or FQDN for the domain controller is resolved to an Internet protocol (IP) address that is used by Routing and Remote Access.

DNS Manager displays HOST (A) records for the Routing and Remote Access server IP addresses and Routing and Remote Access client IP addresses with the name of the domain controller and the name of the domain that is used for Active Directory.

NOTE: In Windows 2000, a HOST (A) record for the domain name is displayed with the same name as parent folder.

This behavior occurs after the first incoming Routing and Remote Access or virtual private network (VPN) connection causes the server to bind an IP address to its own NDISWAN adapter. Because the Windows 2000-based computer uses DNS name resolution for accessing NetBIOS resources, you may not be able to access resources.

RESOLUTION

NOTE: If you run Routing and Remote Access on a domain controller that owns the operations master role, a multi-homed master browser is created. It is recommended that you install Routing and Remote Access on another computer for full browsing capabilities. It is also recommended that the domain controller, which is the multi-homed master browser, has only one interface. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

191611 Symptoms of Multi-homed Browsers

How to Prevent the DNS Server Service from Registering A Records

The DNS Server service registers HOST records for all interfaces on the local computer including interfaces created by Routing and Remote Access. To prevent this behavior, configure the interfaces available to DNS. To do so:

Start DNS Manager.
Right-click the computer name, and then click Properties.
Click the Interfaces tab, and then click Only the following IP addresses.
Remove any Routing and Remote Access IP addresses that are listed.

If the Routing and Remote Access IP addresses are not displayed in the DNS console, but HOST (A) records are registered for the FQDN of the domain controller in DNS, use the PublishAddresses registry key to manually add only the IP addresses which you want DNS to register. Add the appropriate IP addresses with one space between addresses to the value. To configure the PublishAddresses registry key:

Start Registry Editor (Regedt32.exe).
Locate and click the following key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters
On the Edit menu, click Add Value, and then add the following registry value:
Value name: PublishAddresses
Data type: REG_SZ
Range: IP address
Default value: blank
Quit Registry Editor.

How to Prevent Netlogon A Records from Being Registered

The Netlogon service registers the records for the domain. These records have the same name as the parent folder. To prevent this behavior, use the RegisterDnsARecords key. When you set this value to 0, Netlogon A records are not registered. To set the RegisterDnsARecords key:

Start Registry Editor (Regedt32.exe).
Locate and click the following key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
On the Edit menu, click Add Value, and then add the following registry value:
Value name: RegisterDnsARecords
Data type: REG_DWORD
Range: 0 - 1
Default value: 1
Quit Registry Editor.

After you complete this procedure, you must maintain the HOST (A) records for the domain in its forward lookup zone, and the global catalog HOST (A) record that is located in _msdcs.gc.domain name.com.