Archived from groups: microsoft.public.win2000.dns (
More info?)
I will post back and let you know how it goes, so far in testing all looks
good.... .FRS is happy, NTDS replication is happy...
I was looking into weighting the records as well, but I still had
reservations about clients being able to query DNS and get records for the
LAG Servers. (ie. There is still an outside chance that they would uses a
LAG DC and I could see difficult troubleshooting of wierd client
problems....
) also in the company I work for DNS is looked after by
another team, and is also not a Windows based DNS service, which is only
dynamic for DC's. I really wanted the emergency recovery procedure to be
able to be carried out by one team without the need to depend on other
members of other teams which adds time. With this key implemented, the
server team can perform the complete recovery procecdure without involving
another set of people, which keeps things simple.
Many Thanks for your help... .
Jody
"Ace Fekay [MVP]" <firstnamelastname@hotmail.com> wrote in message
news:Oyr0NJkYFHA.3356@TK2MSFTNGP15.phx.gbl...
>
> "Jody Flett, JMF Computers" <news@SPAMjmfcomputers.co.uk> wrote in message
> news:%23IqXtVcYFHA.3488@tk2msftngp13.phx.gbl...
>> Hi Ace
>>
>> Many Thanks for your help, I was being very stupid and feel quite
>> embarrased.... :-s, using rededt32 set me on the right track, I was using
>> regedit which was not creating the right key.... (Sometimes you don't see
>> the wood for the trees, I think I may invest in some new glasses... )
>>
>> Anyway some further information - I am using this key to stop a couple of
>> DC's registering all of their records apart from the A (Host) and the
>> CNAME Alias for replication. I do not want it to be used to authenticate
>> any clients on the Domain as this particular DC is going to be placed in
>> a LAG replication DR site. Basically as well as sectioning off the site
>> this is another safeguard against clients using these DC's
>>
>> The registry key I am using can be created using the following command
>> line.... (should have used the trusty command line from the start.. ;-) )
>>
>> reg add HKLM\System\CurrentControlSet\Services\Netlogon\Parameters /v
>> DnsAvoidRegisterRecords /t REG_MULTI_SZ /s - /d
>> LdapIpAddress-Ldap-LdapAtSite-Pdc-Gc-GcAtSite-DcByGuid-GcIpAddress-Kdc-KdcAtSite-Dc-DcAtSite-Rfc1510Kdc-Rfc1510KdcAtSite-GenericGc-GenericGcAtSite-Rfc1510UdpKdc-Rfc1510Kpwd-Rfc1510UdpKpwdValue
>>
>> Thanks
>>
>> Jody
>
> I can sympathsize about the glasses. I've been thinking about doing the
> same thing.
>
> I think in addition to putting them into a separate site, it would be
> easier to play with the weights in the SVR records than removing those
> entries. This would be the first I heard of doing it this way. Curious how
> you make out.
>
> Ace
>