unregistering member server ip in AD DNS

[nsglists]

I have this exchange server which is part of the Win2K3 domain. It has a static IP. The domain has a DNS integrated AD. So when clients are added, they automatically register their IP in the AD DNS. Now for this particular exchange server DNS entry, I wanted to assign a different IP address in the DNS server (mainly to make it routable since we have a complicated network setup with firewalls, proxy servers et. al.

So I manually change the IP in the DNS server and on the exchange server, I uncheck the option to,
"register this connection's address in DNS"
I reloaded the zone, restarted the DNS services on the client and the server. It stays good for a while (a day at most!!) and after that the original IP on the server gets registered again, even though I have unchecked the option to register te IP in DNS.

On the DNS server, I went into the security tab for the DNS entry, and for the domain\exchange-server$ entry gave only read permissions (it had full permission before). Even this did not help.

What do I do.
Please advice.
Thanks.

 

[ShackDaddy]

Try disabling the DHCP Client service on the Exchange Server. That's the service that is responsible for registering with DDNS. All DC's need to have it running, but if the Exchange Server isn't a DC (and you should breathe a sigh of relief if it isn't) then you should be able to disable this service.

 

[nsglists]

Thanks. Will try that!!

 

[ITPangaeaArchitect]

The netlogon service will also register this...along with DHCP client...dhcp client itself should work though...

That check box doesn't work well...

there is a reg value to disable this as well..

look into disable netlogon registration....

you could also potentially have conflicting objects in domaindnszones or forestdnszones, which may be causing you to grab replication of the zone from another DC where the original dns entries are..hence overwriting your changes..

thats easily identifiable though, simply search AD using ldp or a vbscript and look for the string characters of CNF...if you find these on your DNS zones in AD, this is likely the problem...

-Brandon Wilson
MCSE00/03, MCSA:Messaging00, MCSA03, A+
Sr. Infrastructure Management Analyst
Distributed Systems Engineering
ACS, Inc.

 

[nsglists]

Thanks for all the help!!

 

[nsantin]

You can also try this registy tweak:

If you want to choose which DNS server does not add NS records corresponding to themselves to any Active Directory-integrated DNS zone, use Registry Editor (Regedt32.exe) to configure the following registry value on each affected DNS server:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters

Registry value: DisableNSRecordsAutoCreation
Data type: REG_DWORD
Data range: 0x0 | 0x1
Default value: 0x0
This value affects all Active Directory-integrated DNS zones. The values have the following meanings:
Value Meaning
----------------------------------------------------------------------
0 DNS server automatically creates NS records for all Active
Directory-integrated DNS zones unless any zone, that is hosted
by the server, contains the AllowNSRecordsAutoCreation
attribute (described earlier in this article) that does not
include the server. In this situation, the server uses the
AllowNSRecordsAutoCreation configuration.

1 DNS server does not automatically create NS records for all
Active Directory-integrated DNS zones, regardless of the
AllowNSRecordsAutoCreation configuration in the Active
Directory-integrated DNS zones.