A Quick Tip To Prevent Registration Of A and GC Records For Domain Controllers

by [Published on 4 Jan. 2011 / Last Updated on 31 Oct. 2009]

This article explains how you can prevent NetLogon service from registering A record for Domain Name and Global Catalog.

By default, Windows Server running Domain Controller role registers A Record for Domain Name and Global Catalog in the DNS Servers. There are certain situations where you would want to disable the registration of the records mentioned below:

  • DomainName.Com    A   IP_Address
  • gc._msdcs.DomainName.Com     A    IP_Address

You can use the below mentioned registry entry on the domain controllers to dis-allow registration of these records:

  • KEY Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters
  • Entry Name: RegisterDnsARecords
  • Data: DWORD
  • Value: 1 (Register A Records), 0 (Do not register A Records)

Note: This regsitry entry does not exist by default.

See Also

The Author — Nirmal Sharma

Nirmal Sharma avatar

Nirmal Sharma is a MCSEx3, MCITP, and was awarded Microsoft MVP in Directory Services. In his spare time, he likes to help others and share some of his knowledge by writing tips and articles for various online communities. Nirmal can also be found contributing to PowerShell based Dynamic Packs for ADHealthProf.ITDynamicPacks.Net solutions.

Featured Links