A Quick Tip To Prevent Registration Of A and GC Records For Domain Controllers

by [Published on 4 Jan. 2011 / Last Updated on 31 Oct. 2009]

This article explains how you can prevent NetLogon service from registering A record for Domain Name and Global Catalog.

By default, Windows Server running Domain Controller role registers A Record for Domain Name and Global Catalog in the DNS Servers. There are certain situations where you would want to disable the registration of the records mentioned below:

  • DomainName.Com    A   IP_Address
  • gc._msdcs.DomainName.Com     A    IP_Address

You can use the below mentioned registry entry on the domain controllers to dis-allow registration of these records:

  • KEY Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters
  • Entry Name: RegisterDnsARecords
  • Data: DWORD
  • Value: 1 (Register A Records), 0 (Do not register A Records)

Note: This regsitry entry does not exist by default.

Featured Links