2

Our Active Directory domain is installed on a subdomain (us.example.com). The parent domain (example.com) is for mostly linux servers located at our datacenter - for our website and other public facing services. On the primary domain controller, I am getting errors in the event viewer from NETLOGON saying the dynamic registration of various SRV records failed. It was trying to register them on the DNS SOA for the parent domain, example.com. This zone is hosted by a our domain registrar's DNS server and does not allow dynamic registration.

  1. Does this failure cause any actual problems with the operation of AD?
  2. Can I prevent this behavior? Or is there a workaround?

--

For reference, here is an example of one of the errors being logged:

The dynamic registration of the DNS record '_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.example.com. 600 IN SRV 0 100 389 SERVER01DC.us.example.com.' failed on the following DNS server:  

DNS server IP address: x.x.x.x
Returned Response Code (RCODE): 1 
Returned Status Code: 9001
ahab
  • 21
  • 2

1 Answers1

1

Your AD DNS zone should be hosted on an internal DNS server that supports SRV records and dynamic DNS. Your DC and your clients should be configured to use this server for DNS. Why is your DC pointing to your name servers at your registrar for DNS?

joeqwerty
  • 108,377
  • 6
  • 80
  • 171
  • Our AD DNS zone (us.example.com) is hosted on our domain controllers for this domain. The example.com zone is hosted on our registrar's DNS server because it is just for things like our website. This server is not configured as a forwarder or anything else like that in AD DNS. us.example.com is the forest root, but our domain controllers are still trying to register locator records with example.com. I hope this clarifies things a bit. – ahab Oct 20 '11 at 20:58
  • It sounds like your DC's have the registrars DNS servers configured in their NIC properties. Can you verify that they do or don't? – joeqwerty Oct 20 '11 at 21:22
  • They do not. Only internal IPs are configured. – ahab Oct 20 '11 at 21:25
  • How about the name servers listed for the AD zone? Any of the external DNS servers listed there? I would run dcdiag on the DC and see what is shows. – joeqwerty Oct 20 '11 at 22:00
  • This is not the case. I ran dcdiag and it passed all of the tests; the external DNS server was not referenced anywhere in it. – ahab Oct 20 '11 at 22:09
  • Just to clarify: The AD domain name is us.example.com and the AD DNS zone is us.example.com and the DC FQDN is SERVER01DC.us.example.com? – joeqwerty Oct 20 '11 at 22:42
  • That's correct. – ahab Oct 20 '11 at 23:33