This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello,
A couple of days ago I was puzzled by the following event in my domain controller's System log:
The dynamic registration of the DNS record 'gc._msdcs.mydomain.com. 600 IN A 10.1.1.2' failed on the following DNS server:
**DNS server IP address: 81.211.90.x**
Returned Response Code (RCODE): 5
Returned Status Code: 9017
For computers and users to locate this domain controller, this record must be registered in DNS.
USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service.
Or, you can manually add this record to DNS, but it is not recommended.
ADDITIONAL DATA
Error Value: DNS bad key.
As far as I understand it my own domain controller (10.1.1.2) tried to register its srv record on some host on the internet (81.211.90.x**) - I just can't imagine what could have caused the domain controller (which is the FSMO holder itself!) to act as a dns client for some other DNS server???
Thank you in advance,
Michael
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 16%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHX%3C/text%3E%3C/svg%3E)
Hello,
Thanks Dave for the provided solution. Have we checked about this? Does this question have any update or has this issue been solved? If we resolved it using the provided solution, please "accept it as answer" to help other community members find the helpful reply quickly.
For any question, please feel free to contact us.
Best regards,
Hannah Xiong
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
I'd check domain controller should has own static ip address plus loopback listed for DNS and no others such as router or public DNS
--please don't forget to Accept as answer if the reply is helpful--
Of course it's set only to its own ip!
Please run;
then put unzipped text files up on OneDrive and share a link.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 80%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
Hi,
It seems a wrong DNS record mapped on external IP.
Did you enable scavenging and only secure DNS update ?
Don't forget to mark this reply as answer if it help you to fix your issue
Hello Michael,
Thank you so much for posting here.
Have you checked the provided information? Hope they will be helpful to you.
Here are some discussions about this issue. We could kindly have a check whether it helps.
https://social.technet.microsoft.com/Forums/windowsserver/en-US/0507f7cc-c426-439b-a0c6-d36cda2dfee8/event-5774-netlogon?forum=winserverNIS
Thanks again.
Best regards,
Hannah Xiong