Ci dessous, MS explique comment désactiver ce système de mise à jour automatique du DNS par Winlogon pour les infos du DC.
Mes connaissance ne me permette pas de dire si je dois virer ce système automatique (à priori oui, tant que mes DCs ne changent pas d'IP, mais bon ...)
http://support.microsoft.com/?scid [...] #appliesto
The Net Logon service
By default, the Net Logon service registers certain SRV, CNAME, and A resource records every hour, even if some or all these records are correctly registered in DNS. The list of records that the Net Logon service tries to register is stored in the %systemroot%\System32\Config\Netlogon.dns file. This log file lists records that are required to be registered for this domain controller.
The Net Logon service does not provide a mechanism to control registrations that it performs on a per-adaptor basis. This section describes how to enable and disable the following items:
• All registrations
• Net Logon service A registrations
All registrations
To disable all registrations that are performed by the Net Logon service, use the following registry subkey. (A restart of the Net Logon service is required, although a restart of the computer is preferred.)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\UseDynamicDns
Data type: REG_DWORD
Range: 0 - 1
Default value: 1
This value determines whether the Net Logon service on this domain controller uses DNS updates. The Net Logon service can use DNS updates to register DNS names that identify the domain controller. Whenever an authorized zone server requests an update, DNS updates provide automatic updates of zone data, such as DNS names, on the zone's primary server. DNS supplements the static, manual method of adding and changing zone records. The dynamic update protocol is defined in RFC 2136.
Value Meaning
-------------------------------------------------------------
0 The Net Logon service does not use DNS updates. Records
specified in the Netlogon.dns file must be registered
manually in DNS.
1 The Net Logon service uses DNS updates to register
the names that identify this domain controller.
You might disable the Net Logon service's use of DNS updates if your DNS servers do not support DNS updates or to remove the network traffic that is associated with periodic registration of the Net Logon service's DNS records.
This entry is supported on domain controllers only. Windows 2000 does not add this entry to the registry. You can add it by editing the registry or by using a program that edits the registry.
To make the changes to this value effective, delete the %systemroot%\System32\Config\netlogon.dnb file, and then restart the Net Logon service. A restart of Windows 2000 is preferred.
Net Logon service A registrations
By default, the Net Logon service on a domain controller registers SRV, domain A, and global catalog A resource records every hour. SRV records are mapped to an FQDN, and A resource records are mapped to an IP address.
Registration of domain A resource records for all adaptors by the Net Logon service and subsequent re-registration every hour, by default, can be problematic if clients resolve the domain name to an unreachable IP address.
The following registry subkey enables or disables the registration of A resource records by the Net Logon service for a domain controller. The domain A resource records are not required by Windows 2000, but they are registered for the benefit of Lightweight Directory Access Protocol (LDAP) implementations that do not support SRV records.
This RegisterDnsARecords registry value disables all A resource record registrations that are performed by the Net Logon service. These records include the gc._msdcs.DnsForestName records. Registration of gc._msdcs.DnsForestName records is required and must be performed manually if the RegisterDnsARecords registry value is set to disabled.
For additional information about registering these A resource records, click the following article number to view the article in the Microsoft Knowledge Base:
258213 (http://support.microsoft.com/kb/258213/) Registration of gc._msdcs.<DnsForestName> records in DNS is required
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\RegisterDnsARecords
Data type: REG_DWORD
Range: 0 - 1
Default value: 1
This value determines whether this domain controller registers DNS A (IP address) records for the domain. If this domain controller is a global catalog resource, this entry also determines whether the domain controller registers global catalog DNS A resource records.
Value Meaning
-------------------------------------------------------------
0 Does not register DNS A resource records. LDAP implementations
that do not support SRV records will not be able to
locate the LDAP server on this domain controller.
1 Registers DNS A resource records.
Note This entry is used only when it appears in the registry of a domain controller. You might set this value to 0 if DNS does not complete its updates because it cannot update A resource records. DNS stops updating when an update try does not succeed.
Windows 2000 does not add this entry to the registry. You can add it by editing the registry or by using a program that edits the registry.
To make the changes to this value effective, you must restart the Net Logon service. A restart of Windows 2000 is preferred.