Home / server / Questions / 53690
Accepted
Jan Jungnickel
Asked: 2009-08-14 03:54:11 +0800 CST

Prevent Windows 2008 Server from polluting BIND

  • 772

We have a Windows 2008 Server running as DC. DNS is provided by a standalone machine running ISC BIND v9. The zone is configured to accept dynamic updates from the Windows machine. This is needed - the DC needs to update resource records in the zone.

This is all working well, the windows machine registers all necessary resource records in the BIND zone. But - it also registers the IP-Adresses of all non-localhost Interfaces as A Record for the whole zone, which interferes with other services.

Assuming the server has three interfaces with IP-Adresses IPA, IPB and IPC. Without dynamic updates the zone will have a single (added by hand) 'A' record:

domain.com IN A SOMEIP

This is the desired state.

With dynamic updates the zone will have four 'A' records:

domain.com IN A SOMEIP
domain.com IN A IPA
domain.com IN A IPB
domain.com IN A IPC

How can we setup the Windows or BIND Machine to keep dynamic updates while avoiding this issue?

windows-server-2008 active-directory bind

1 Answers

  1. Best Answer

    Per default, Windows tries to register the IPs of every network connection on the DNS server. To prevent this follow this procedure:

    • Open the properties of the network connection which should not be registered at the DNS server.
    • Select "TCP/IPv4"
    • Click "Properties"
    • Click "Advanced"
    • Select "DNS"
    • Uncheck "Register this connection's addresses in DNS"

    Do this for every NIC you don't want in your DNS.

    • 3