unauthorized Same as parent entry

  • Thread starter Thread starter dodes1
  • Start date Start date
D

dodes1

We're running MS Server 2003 flavor of DNS.
Configured Dynamic but not AD enabled.

Question is this: Is there a way to block a system from being added as
a Host A - Same as parent entry in DNS?

We keep getting an address that doesn't even belong to our address
space sho
wing up in our DNS.

Thanks
 
In
dodes1 said:
We're running MS Server 2003 flavor of DNS.
Configured Dynamic but not AD enabled.

Question is this: Is there a way to block a system from
being added as a Host A - Same as parent entry in DNS?

We keep getting an address that doesn't even belong to
our address space sho
wing up in our DNS.
Click to expand...

The (same as parent folder) record is registered by Netlogon and should only
be created for Domain Controllers. If you are not running an AD domain then
there is nothing I can tell you to stop the record because the Netlogon
service which creates the record does not run without a domain. If you are
getting one of these records created then you should track down the machine
that is creating it. I have seen cases of XP clients registering Netlogon
registrations, but you stated you do not have a domain, and as I stated the
Netlogon Service only runs when it is a member of a domain. Otherwise, the
Netlogon service is disabled and will not start, even if you try.
 
Let me clarify Kevins post.
the same as parent records are helper records for DNS queries that only
specify the domain. abc.com
The query result will be a domain controller host record. I don't know the
extent to which these records are queried. I suspect they are not used
much, but would would not want to remove them and force the system to not
register them, then see what systems break.
The netlogon service is responsible for registering these records based on
the contents of the netlogon.dns file.
The netlogon.dns file is created/modified when the domain controller is
promoted or demoted. This includes promoting and demoting to GC status.
There is nothing preventing you from manually editing this file (its just a
text file) and removing the same as parent entries.
Better yet scan all your netlogon.dns files (one on every DC) to locate the
bogus record and remove it.
Then investigate why it was there in the first place.
You may find the NIC (on that DC) has 2 logical IP addresses assigned. Or
perhaps it has a loopback adapter installed with the bogus IP address.
 
In
Glenn L said:
Let me clarify Kevins post.
the same as parent records are helper records for DNS
queries that only specify the domain. abc.com
The query result will be a domain controller host record.
I don't know the extent to which these records are
queried. I suspect they are not used much,
Click to expand...

Let me clarify further, he stated he didn't have AD, but it is only domain
controllers that register these records. They are required and are used
quite regularly by group policies. The IP of the record must point to the
interface on a domain controller that has file sharing enabled so the SYSVOL
DFS share at \\dnsdomainname\SYSVOL can be resolved. Group policies are
applied from the \\dnsdomainname\SYSVOL\dnsdomainname\policies share. Group
policies are not applied from the machine name IP address. Changing this so
the record points to say a web server, will cause errors and the inability
for GPOs to be applied.
 
I think he meant his zone is not AD integrated rather than not having an AD
domain inplace when he said "We're running MS Server 2003 flavor of DNS.
Configured Dynamic but not AD enabled.", .
 
Back
Top