How to Prevent Domain Controllers from Dynamically Registering DNS Names

Applies to: Windows Servers

IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows Registry


By default, the Netlogon service on a domain controller registers dynamic Domain Name Service (DNS) records to advertise Active Directory directory service services. This behavior can be disabled with a registry setting.

More Information

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

The Netlogon service registers these records when a domain controller is restarted, when the Netlogon service is restarted, and once each hour to ensure the records are registered correctly. Some DNS servers that do not support dynamic updating (RFC 2136) may generate errors. If all DNS entries are entered manually and dynamic DNS is not used, the following registry setting prevents the Netlogon service from registering the Active Directory directory service DNS records:


The default value data for the UseDynamicDns REG_DWORD value is 0x1. Changing the UseDynamicDns REG_DWORD value to 0x0 disables dynamic registration and the records specified in %windir%\system32\config\netlogon.dns folder must be manually registered.