Limit DNS registration to 1 adapter on Windows Server 2008

I have a Windows 2008 DC that has 3 NICs in it. 1 is for normal DC traffic and needs to be registered in DNS. The other 2 are for admin and managment, and do not need to be registered in DNS, as they are on different networks. The normal DC traffic NIC is registering in DNS properly.

The problem is, on Windows Server 2008, it sees the DC's DNS service and puts the DNS server as 127.0.0.1 on the 2 management interfaces (automatically and cannot be removed other than through the registry), and then registers them in DNS along with the normal DC traffic one. This causes issues. I have been trying to turn off dynamic registration on these other 2 NICs, even tried adding "MaxNumberOfAddressesToRegister" registry entry to the Adapters GUID key, just to find out it is not supported anymore in Server 2008.

Any ideas how I can make these other 2 management adapters not register in DNS other than disable them or pull them out of the machine?
ArtemedesAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

peter41Commented:
I understand what you want to do but not why do you need to change this.
Generally there is sufficient only one DNS server on one interface on the machine (if it is DC or not)
and if machine needs to translate name -> IP then it uses this one DNS server (in your case you want to have only one 127.0.0.1 on first NIC).
If you add another different DNS servers into NIC->TCP properties then it tries all DNS in the list till it have successfuly translated DNS name -> IP address.
So I dont see reason why to remove 127.0.0.1 from other two NICs because if it should be possible, your DC should still use 127.0.0.1 included in first NIC.

What you need exactly this change for ?
0
DatedmanCommented:
In properties of the other two NIC's TCP/IP use their own addresses as the DNS server for each.  MS tech did this to my SAN NICs when I called complaining that there was no way (including documented ways in the MS knowledgebase) to stop NICs from registering in DNS.  Works great. :)

Oh just make sure the DNS server isn't listening on that address. :)
0
ArtemedesAuthor Commented:
I don't want the management interfaces to use DNS at all to resolve anything. I don't want them polluting
my DNS servers with A records with non correct ip addresses.  

Microsoft has no fix for this?

As long as the SRV records are right, I guess it will have to do.
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

peter41Commented:
Artemedes, this is misunderstanding.
Interface does not resolve DNS names but host resolves DNS names.
Like I said above, even you move away your DNS 127.0.0.1 from second and third interface,
your operating system TCP stack will still resolve names even TCP communicates through second or third interface, because you have DNS server in first interface already.
DNS servers which are in TCP properties of one interface are valid in scope of all interfaces,
so it has no sense for you to remove it from second and third interface.

Maybe if you if you tell why do you want to this, I can find some solution for you.
0
DatedmanCommented:
Just point the DNS at the adapter itself.  Trust me, it works and it's efficient.  The adapters will ALWAYS try to register their DNS, don't ask me why...but if the DNS points to an address that is (1) resolvable and (2) not a DNS server then nothing happens.  They don't keep trying but I think they try once per boot, NBD.
0
ArtemedesAuthor Commented:
This is what has been setup by a third party. They use network A (interface 1) for DC traffic, network B (Interface 2) for management, and network C (Interface 3) for NetBackup. They are all different subnets and theoretically disjointed.
I tried Datedman suggestion, but they still register in DNS.
Any other suggestions?
0
DatedmanCommented:
You're not doing it quite right then.

You will have to remove records from DNS that are there, may have to do it from all DNS servers manually.  But if you have the NICs using themselves (only) for DNS and if you have the DNS server on that machine NOT listening on those IPs, then they will not be able to register in DNS because there's no server listening on that address. :)

It's a pain to get it straight once it's wrong but this method *does work.*
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ArtemedesAuthor Commented:
DNS Servers were listening on all interfaces. Thanks for pointing that out.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.