NSIT: Computing, Networks & Phones

Quick Links:

• About NSIT
• Announcements
• Contact Us
• Documentation
• IT Policies
• Rates

Search NSIT:

Home > Documentation > UCAD > Support for Administrators > Configure DNS with UCAD

University of Chicago Active Directory

Configure DNS with UCAD

The campus DNS infrastructure houses the uchicago.edu domain and is authoritative for this domain.

Desktop Computers

To set up a desktop computer, follow the Set up a computer in ad.uchicago.edu instructions.

Domain Controllers

For domain controllers, DDNS (Dynamic DNS) is supported on two UCAD Domain Controllers in the root domain. These two machines are:

128.135.119.193 (Alfalfa.ad.local)
128.135.168.161 (Buckwheat.ad.local)

Only domain controllers can have DDNS permissions. If you need to bring up a new domain controller, it is imperative that you notify the Enterprise Admin group in order to ensure a smooth promotion. Otherwise, SRV records will not be updated and the domain controller in question will be isolated from replication.

We implemented this configuration for DDNS in order to avoid supporting DDNS on the campus BIND DNS servers. The campus BIND servers are authoritative for any domain that exists in UCAD. However, the following four sub-zones for each domain are delegated to UCAD Active Directory integrated DNS servers:

_msdcs.mydomain.uchicago.edu
_tcp.mydomain.uchicago.edu
_udp.mydomain.uchicago.edu
_sites.mydomain.uchicago.edu

And for the root domain of the forest:

_msdcs.ad.local
_tcp.ad.local
_udp.ad.local
_sites.ad.local

SRV records for each domain controller are created in each sub-zone, with the actual host record existing on BIND in the domain for which the domain controller exists. For example, the host record for alfalfa.ad.local exists in the ad.local domain, not in uchicago.edu.

Once the initial creation of the record has occurred, it is not necessary for domain controllers to continue to try to update their SRV records unless there is a change of FSMO roles on the domain. Because errors will occur in the event logs due to the unorthodox configuration, it is a best practice to turn off DDNS on the domain controller. This requires turning off registration of DNS A (host) records.

Under the registry path HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters, add a value with the name "RegisterDnsARecords" with a type of "REG_DWORD" and set it to "0" (zero).

The DNS configuration for a domain controller should look similar to the image below:

Note that you must enter the DNS suffix for domain controllers, but not for client machines. Further information on this topic is available on Microsoft's website:

• HOW TO: Set Up the Domain Name System for Active Directory in Windows Server 2003
• Integrating Windows 2000 DNS into an existing BIND or Windows NT 4.0-based DNS namespace

Return to Support for System Administrators