This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 81%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA7%3C/text%3E%3C/svg%3E)
Hi,
I fed up with dynamic DNS records created by member servers and issues caused by the fact that server owner completely do not understand it and screams when such DNS record is scavenged, not sure about the reason. Neverheless, I would like to disable it for all servers using static IP address configuration.
I can do it in GPO "Dynamic update" = disabled (https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.DNSClient::DNS_RegistrationEnabled)
Before that I can find and convert all existing dynamic records to static to avoid DNS Scavending.
My question: what can I break? :) especially I'm thinking of Windows clusters.
what I know from https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/enable-disable-dns-dynamic-registration
is that there are 2 services responsible for DNS registration:
DHCP Client for all Windows (A and PTR)
Netlogon for Domain controllers only - I do not plan to disable it of course. My DNS servers run on DC server, there is no standalone DNS.
My GPO will be applied only on member servers.
In the DNS console for each records that you want to change to static, open the properties and uncheck the Delete this record when it becomes stale and the record will be converted into a static record.
From the brief testing I've completed the record doesn't get changed back to dynamic.
Gary
That one I know. My question was if there any any Windows related mechanism like cluster service which may suffer from disabling Dynamic updates (even if I convert all records to static before).
Not that I'm aware of, as the dynamic DNS records are based on updates being sent to the DNS server and once the record is static any updates are ignored. The only possible issue would be if you a clustered solution that changes the IP address of the services when failing over between nodes but I'm not aware of any that fit into this category.
Gary.
Just checking if there's any update or progress on this one?
Yes, MS support suggested generally we can convert all dynamic (non-dhcp) DNS records except cluster's DNS records (CNO/VCO) and disable dynamic updated on Windows member servers.
DNS records for clusters are registered by cluster service, completely different mechanism not affected by "Dynamic update" setting in GPO.
What is interesting DNS updates are perfomed by DHCP Client service :)
Hi there,
Clearing the DNS server will remove any invalid addresses, whether because they're outdated or because they've been manipulated. It's also important to note flushing the cache doesn't have any negative side effects.
Below are the services that are responsible for Host A record registration on a DC:
-Netlogon service
-DNS server service (if the DC is running DNS server service)
-DHCP client or DNS client (2003/2008)
---------------------------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept it as an answer–