Back

Configuring Multi NIC Domain Controllers for Single IP

stylebackground white Insure that all the NICS only point to your internal DNS servers only and none others such as your ISPs ...

3 min read
Published on Apr 6, 2013
Configuring Multi NIC Domain Controllers for Single IP
  • Insure that all the NICS only point to your internal DNS server(s) only and none others, such as your ISP’s DNS servers’ IP addresses.

  • In Network & Dialup properties, Advanced Menu item, Advanced Settings, move the internal NIC (the network that AD is on) to the top of the binding order (top of the list). http://windows.microsoft.com/en-US/windows-vista/Change-the-order-of-network-protocol-bindings

  • Disable the ability for the Internet NIC to register. The procedure, as mentioned, involves identifying the Internet NIC’s GUID number. This link will show you how: 246804 - How to Enable-Disable Windows 2000 Dynamic DNS Registrations (per NIC too): http://support.microsoft.com/?id=246804

  • Disable NetBIOS on the outside NIC. That is performed by choosing to disable NetBIOS in IP Properties, Advanced, WINS, disable NetBIOS

  • Disable the “File and Print Service” and disable the “MS Client Service” on the Internet NIC. That is done in NIC properties by unchecking the respective service under the general properties page. If you need these services on the outside NIC (which is unlikely), which allow other machines to connect to your machine for accessing resource on your machine (shared folders, printers, etc.), then you will probably need to keep them enabled.

  • Uncheck “Register this connection” under IP properties, Advanced settings, in IP4 and IP6 “DNS” tab.

  • Delete the Internet NIC IP address, disable Netlogon registration, and manually create the required records:

  • In DNS under the zone name, (your DNS domain name), delete the Internet NIC’s IP references for the “LdapIpAddress”. If this is a GC, you will need to delete the GC IP record as well (the “GcIpAddress”). To do that, in the DNS console, under the zone name, you will see the _msdcs folder. Under that, you will see the _gc folder. To the right, you will see the IP address referencing the GC address. That is called the GcIpAddress. Delete the IP addresses referencing the Internet NIC.

  • To stop these two records from registering that information, use the steps provided in the links below: Private Network Interfaces on a Domain ontroller Are Registered in DNS http://support.microsoft.com/?id=295328 The one section of the article that disables these records is done with this registry entry:

    HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetlogonParameters

    DnsAvoidRegisterRecords

    Data type: REG_MULTI_SZ

    Values (2 lines):

    LdapIpAddress

    GcIpAddress

  • Then you will need to manually create these two records in DNS with the IP addresses that you need for the DC. To create the LdapIpAddress, create a new host under the domain, but leave the “hostname” field blank, and provide the internal IP of the DC, which results in a record that looks like:

    • (same as parent) A 192.168.5.200 (192.168.5.200 is used for illustrative purposes
  • You need to also manually create the GcIpAddress as well, if this is a GC. That would be under the _msdcs._gc SRV record under the zone. It is created in the same fashion as the LdapIpAddress mentioned above.

  • In the DNS console, right click the server name, choose properties, then under the “Interfaces” tab, force it only to listen to the internal NIC’s IP address, and not the IP address of the Internet NIC.

  • Since this is also a DNS server, the IPs from all NICs will register, even if you tell it not to in the NIC properties. See this to show you how to stop that behavior (this procedure is for Windows 2000, but will also work for Windows 2003): 275554 - The Host’s A Record Is Registered in DNS After You Choose Not to Register the Connection’s Address: http://support.microsoft.com/?id=275554

Learn about our Managed Service & Cloud Consulting services.

This post has matured and its content may no longer be relevant beyond historical reference. To see the most current information on a given topic, click on the associated category or tag.

Related Posts

CMMC compliance for DoD contractors

CMMC Compliance Requirements for DoD Contractors and Subcontractors in the Defense Industry

CMMC compliance is mandatory for DoD contractors and subcontractors. Learn about certification levels, requirements, and the consequences of failing to meet compliance.

Apr 24, 2025
6 min read
How to prepare for a CMMC compliance audit

CMMC Compliance Audit Preparation: A Complete Checklist for Small Businesses

Preparing for a CMMC compliance audit is critical for DoD contractors. Use this checklist to perform a gap analysis, assess CMMC readiness, and prepare for a Level 2 assessment.

Apr 23, 2025
8 min read
FAR CUI vs CMMC Understanding

FAR CUI vs CMMC Understanding the Differences and Overlaps

FAR CUI and CMMC both focus on protecting sensitive federal data, but they have key differences. Learn how they work together and whether FAR CUI compliance aligns with CMMC.

Apr 15, 2025
10 min read
What Is a POAM?

What Is a POAM?

Learn how a Plan of Action and Milestones (POAM) helps meet NIST 800-171 & DFARS compliance. Understand its role in FedRAMP, security categorization, and risk mitigation.

Apr 8, 2025
8 min read
Best Cybersecurity Practices for Achieving CMMC Compliance

Best Cybersecurity Practices for Achieving CMMC Compliance

Achieving CMMC cybersecurity compliance requires strong security controls. Learn best practices for securing your IT environment, protecting CUI, and implementing MFA.

Apr 7, 2025
6 min read
8 Pranks for Windows 11 - Happy April Fools!

8 Pranks for Windows 11 - Happy April Fools!

Happy April Fools Day The day of the year when some IT staff think it might be humorous to do something to generate hundreds of support tickets for ...

Apr 1, 2025
3 min read

Ready to Secure and Defend Your Data
So Your Business Can Thrive?

Fill out the form to see how we can protect your data and help your business grow.

Loading...
Secure. Defend. Thrive.

Let's start a conversation

Discover more about Agile IT's range of services by reaching out.

Don't want to wait for us to get back to you?

Schedule a Free Consultation

Location

Agile IT Headquarters
4660 La Jolla Village Drive #100
San Diego, CA 92122

Secure. Defend. Thrive.

Don't want to wait for us to get back to you?

Discover more about Agile IT's range of services by reaching out

Schedule a Free Consultation