how to have domain joined PCs register their A records in a DNS sub domain below the domain they are joined to

MikeP 21 Reputation points
2020-11-03T15:03:19.503+00:00

Trying to find out if the following scenario is possible in DNS:

I have a Windows Domain (my.ad). When the my.ad domain joined PCs start up they register their A records in the my.ad domain in DNS. (ie. A = pc01.my.ad). I would like them instead to only register their A record in a DNS sub-domain named site1 (A = pc01.site1.my.ad). There is no Windows subdomain created for the site1.my.ad. It is only a DNS sub-domain off the my.ad DNS domain. I know I can accomplish this by changing the clients DNS suffix in TCP configuration and then telling it to register to that DNS suffix. The issue with this is it also creates 2 PTR records in the reverse lookup zone This causes issues because then the client system has 2 PTR records in DNS. When I do reverse lookups I randomly get one of the 2 host names. I want to only resolve the pc01.site1.my.ad hostname though when I do a reverse lookup against its IP.

In my ideal world I would like the client to only register an A and PTR record in the DNS domain of the DNS suffix I specified to use (site.my.ad). I know I could achieve this by creating a Windows sub-domain for site1.my.ad but I have no need from a second/sub Windows domain from a management perspective and that would mean creating more Domain controllers to service the sub-domain and having the clients join the sub-domain instead. I'm looking for other ways to achieve the desired outcome without building out another Windows domain.

Any help would be greatly appreciated.

Thanks,
Mike

Windows for business | Windows Client for IT Pros | Networking | Network connectivity and file sharing
0 comments No comments
{count} votes

Accepted answer
  1. Anonymous
    2020-11-04T05:59:20.887+00:00

    Hi Mike,

    The issue with this is it also creates 2 PTR records in the reverse lookup zone This causes issues because then the client system has 2 PTR records in DNS. When I do reverse lookups I randomly get one of the 2 host names.

    Unfortunately, this is a by design behavior for domain joined machine and there is no build-in way could achieve your goal directly. As the picture below:

    37276-image.png

    In such scenes, you just have two choices:

    1.Client machine doesn't join to domain and need to both enable nonsecure and secure for forward Lookup zone and Reserve Lookup zone:

    37382-image.png

    37317-image.png

    2.Creating a Windows sub-domain for site1.my.ad and clients join the sub-domain.

    Best Regards,

    Candy


    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.