External DNS - Same as parent folder

My external DNS use the microsoft server service.

I have 2 Domain Controllers that sync all the DNS zone via the MSAD synchronization. (primary)

Then I have 2 DNS servers (not a DC) that have all the zone, but all zones are secondary.
Those two secondaries, are the one that answered all the DNS requested that come form the Internet.

for my zone (mycompany.com), I have an A record for the www,
so I can access my web site with www.mycompany.com

I also have a A record, "same as parent folder", that I would like to use to get my website via "mycompany.com" (no www)

Unfortunately, becase it use the MSAD synchrnization all the DC are also listed as "same as parent folder".

Is there any ways to remove those entries, maybe only on my secondaries DNS server, and make works my web page without the www.

Who is Participating?
Chris DentPowerShell DeveloperCommented:

Thanks, much easier to see now :)

You need to disable auto creation of records on that zone (not to be confused with dynamic update).

dnscmd /Config /DisableNSRecordsAutoCreation 1
dnscmd /Config dmz.local //AllowNSRecordsAutoCreation IPofDC1 IPofDC2

You'll need to run that on both DCs. After you've done that you should manually clean up the NS and records, may take a bit of work but see how you get on with that first.

Chris DentPowerShell DeveloperCommented:

If the DNS zone you're talking about is also used for Active Directory then no. Removing them will adversely impact your domain.

If it isn't your AD domain it shouldn't be registering A records there anyway.

No, don't change those entries - they're used by other machines to locate a domain controller.  In your situation, there's no way to do what you're trying to do, because your internal and external DNS namespaces use the same name - my company.com.  This is one reason why it's strongly recommended to use a non-public DNS suffix like .local on your internal domain.
WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

sparadisAuthor Commented:
The 4 machines previously detailled deserved only External DNS in the DMZ.

I have an other domain (mycompany.local) and an other set of DNS server for my internal DNS request.

we decided to create a new domain in the DMZ to have two primaries DNS servers.
hope that it will help, or I will change everything.
Chris DentPowerShell DeveloperCommented:

What did you call the domain in the DMZ? That's the only one that matters in this scenario.

sparadisAuthor Commented:
the domain in the DMZ is dmz.local
I created a primary Zone (ad replicated) mycompany.com
-there are 2 DC member of that domain
and two other servers (not DC) that have a secondary zone of mycompany.com

in my zone I have

www -
(same as parent folder) -

(same as parent folder) - dc01.dmz.local (DC, with primary zone of mycomapny.com)
(same as parent folder) - dc02.dmz.local (DC, with primary zone of mycomapny.com)
(same as parent folder) - ns1.dmz.local (secondary, replication of dc1)
(same as parent folder) - ns2.dmz.local (secondary, replication of dc2)

I don't want to see the 4 last entries on my secondary server

Chris DentPowerShell DeveloperCommented:

I managed to include an extra / in the second command above, it should be dropped.

And on reflection, you should run the first on all 4 DNS servers.

sparadisAuthor Commented:
Thx for your help
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.