-1

I have a running Active Directory with a non Microsoft DNS Server. The DNS Server is the authority DNS Server for the AD Domain Zone. All required DNS records for AD exists in this DNS zone.

So far no problems.

But the Netlogon service on the Domain Controller logs some errors because dynamic registration failed.

The dynamic registration of the DNS record 'domain.example.com. 600 IN A 192.168.x.x' failed on the following DNS server:  

DNS server IP address: 192.168.x.y 
Returned Response Code (RCODE): 5 
Returned Status Code: 9017  

For computers and users to locate this domain controller, this record must be registered in DNS.  

USER ACTION  
  Determine what might have caused this failure, resolve the problem, 
  and initiate registration of the DNS records by the domain controller. 
  To determine what might have caused this failure, run DCDiag.exe. 
  To learn more about DCDiag.exe, see Help and Support Center. 
  To initiate registration of the DNS records by this domain  controller, 
  run 'nltest.exe /dsregdns' from the command prompt on the domain controller
  or restart Net Logon service. 
  Or, you can manually add this record to DNS, but it is not recommended.  

ADDITIONAL DATA 
Error Value: DNS bad key.

The AD should not register DNS records, I manually manage this zone on the DNS Server. Is it possible to disable the dynamic registration?

Thanks for any help!

Benni
  • 3
  • 1
  • 3
  • 1
    Have you taken steps to also manage the MSDCS zone where the SRV records that clients use to find the DC's are stored? See C:\Windows\System32\config\netlogon.dns and https://support.microsoft.com/en-us/kb/816587 – Clayton Feb 10 '16 at 14:40
  • 1
    https://support.microsoft.com/en-us/kb/198767 – joeqwerty Feb 10 '16 at 16:08

1 Answers1

0

As JoeQwerty commented https://support.microsoft.com/en-us/kb/198767

By default, the Netlogon service on a domain controller registers dynamic Domain Name Service (DNS) records to advertise Active Directory directory service services. This behavior can be disabled with a registry setting.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\UseDynamicDns

The default value data for the UseDynamicDns REG_DWORD value is 0x1. Changing the UseDynamicDns REG_DWORD value to 0x0 disables dynamic registration and the records specified in %windir%\system32\config\netlogon.dns folder must be manually registered.

HBruijn
  • 72,524
  • 21
  • 127
  • 192