• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 275
  • Last Modified:

Having problems with Automatic DNS Updates from DCs

Hello,

I have 2 DCs in two different locations connected via software VPN.
Both DCs run DNS server services on them.

However, one DC is behind an NAT router, so it only has a local address, while the other DC is behind a Cisco firewall co-located in a data center with both a public and a private IP.

The private IP works fine over the software VPN and can connunicate, however the co-located DC keeps updating it's DNS record for itself with both the public and the private IP address.
This is causing problems in the office where the NAT router sits because it tries to connect over a public IP when it should only be using the private IP.

I have tried to remove it in the DNS records, and it works perfectly.. However it keeps adding itself back in every couple of hours!

How can I stop this DNS server from updating itself with the public IP?
0
BuggyBoyNYC
Asked:
BuggyBoyNYC
  • 4
  • 3
2 Solutions
 
Amit BhatnagarTechnology Consultant - SecurityCommented:
A very common problem normally seen with DNS Server with RRAS installed as well (Multihomed). Anyways, the fix is simple as well.

http://support.microsoft.com/kb/275554
http://support.microsoft.com/kb/246804/EN-US/
http://support.microsoft.com/kb/292822

I could have posted the exact keys for you but I want you to read the entire article if possible. It will help you know a lot of keys\registry changes which people are normally unaware of.


Cheats : Last article contains the resolution part..:D Cheers !!!
0
 
BuggyBoyNYCAuthor Commented:
Thanks for the response!
However I think I should clarify one thing, I am not using RRAS I am using a seperate third-party software VPN on the system which creates a new network adapter with a private address (much like how a Cisco VPN client does, except this runs 24/7 with no disconnect).

I am not quite sure exactly what instruction set to follow since this isn't specifically RRAS!

Many thanks again, hope you can clarify for me! :)

For example sake, lets say the public address is 66.237.111.111 and the private is 10.2.2.1. How do I keep 66.237.111.111 from automatically registering in the DNS on this server, even though both are valid connections?
0
 
Amit BhatnagarTechnology Consultant - SecurityCommented:
Hey Buggy Boy from New York City...:D...It does not really matter whether you have RRAS configured or not, if it is a DNS Box and you have multiple adapters, they will register themselves automatically in the form of SOA(Start of Authority) and Host A record. That means even if you have a Virtual network Card due to Loopback adapter or bluetooth, They will get registered in DNS as well. To disable this effect, Add the PublishAddresses and RegisterDnsARecords registry values for the DNS and Netlogon services.

You will notice in the last article that they have mentioned "This issue typically affects computers that are running Small Business Server because this version of Windows Server is frequently the only server on the network". This is because SBS in most of the cases has two NICs. One public and one private. Hope, this helps !!!
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
BuggyBoyNYCAuthor Commented:
Thank you so much! :)
0
 
Amit BhatnagarTechnology Consultant - SecurityCommented:
I'll be more happy if these steps actually resolve your issue...It is not like I have doubts...but technology has a mind of its own.... :D U never know...Do let me know the result.
0
 
BuggyBoyNYCAuthor Commented:
Added those two registry values, and restarted NetLogon and DNS Server services and it IMMEDIATELY resolved the issue! The only A record showing for the co-lo machine was the local address! :) Many thanks!!!!
0
 
Amit BhatnagarTechnology Consultant - SecurityCommented:
You are welcome !! Just an advice...To be dead sure that it is fixed. Restart the Server in Off-Office hours and see if they are still missing. Take care..:) A lot of reregistration happens at the time of System Restart...:)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now