Preventing Private NIC Registration in DNS

A student from a class I taught a few weeks ago wrote to me asking the following question.

“I was in your networking class a couple of weeks ago for the Networking Infrastructure.  Our AD server has dual NICs with one NIC on an isolated VLAN with the SAN.  How do we keep the IP of the isolated VLAN from auto-populating into DNS?  This is causing traffic to route out that NIC but can’t go anywhere.”

Great question. If any of you have to deal with this sort of scenario, here’s what I’d suggest.

Via Control Panel, you can get to the Network and Sharing Center, then from there get the Status of the NIC which connects to your isolated VLAN (e.g. Local Area Connection 2, or whatever it’s called).

From the connection status you can get the Properties. Then from the Properties, you can choose Internet Protocol Version 4 (TCP/IPv4) and obtain this item’s Properties.

In the Internet Protocol Version 4 (TCP/IPv4) Properties, hit the Advanced… button. In the resulting Advanced TCP/IP Settings dialog there should be three tabs: IP Settings, DNS, and WINS. Pull the DNS tab.

At the bottom of the DNS property sheet in the Advanced TCP/IP Settings of your isolated VLAN connection, there should be a check box labeled “Register this connection’s addresses in DNS.” Please uncheck that box, and hit OK, OK, Close, and Close to close the dialogs. Then close the Network and Sharing Center.

To test this, you could do an “ipconfig /registerdns” at a cmd prompt for that server. If necessary, you could manually remove the entries from the DNS zone. The records for that NIC should not be re-added by the server as long as that “Register this connection’s addresses in DNS” setting is not set – it’s unchecked.

That’s it really.

Any time you have multiple network interfaces in a machine (e.g. server or multi-homed workstation, or notebook with wired and wireless) it’s good to be aware of what the machine is receiving and registering (advertising) via each network interface.

Author: Brad Werner

In this article

Join the Conversation