Edit: 24-1-2013: A second article using PowerShell 3.0 is here
Edit: 30-1-2013: – A third article is using advanced PowerShell 3.0 is here.
Edit 28-8-2013: – A similar issue with the setting being removed is present in Windows Server 2012. Article with workaround is here.
The previous behaviour in Windows was to register all IP addresses that were entered on the network card’s property sheet into DNS if the “Register this connection’s address in DNS” option was selected (Which is the default).
For servers with a single NIC which has one IP bound to it this works great as we can dynamically register changes in IP addressing into DNS and all in the world is good. What happens though when you start to complicate matters and have additional IPs and additional NICs?
In the two NIC scenario, it is easy to set one NIC to register into DNS and then clear the register in DNS option for the second NIC. That allows for the IP on the first NIC to be registered and the IP on the second NIC will not. This would be a common scenario for a server that had multiple interfaces where one would be used for a management/backup purpose and end users should not be able to resolve the server’s name to the management IP as their traffic would not be allowed to route to that interface. That’s fine but what about the scenario of a single NIC with multiple IPs bound to it? An example would be a web server with multiple IPs for different web sites.
Previously, if you did not want the server to register all of its IPs into DNS, then the register in DNS option would have to be disabled and the administrator would have to manually maintain the DNS registration information in the DNS zone. If this was not done then all the IPs that were bound to the server would be registered in DNS and clients potentially would be returned an incorrect IP.
Windows 2008 and 2008 R2 now have the option to selectively register IPs into DNS. This capability was first released as an update for Windows 2008 and 2008 R2. After you install this hotfix, you can assign IP addresses that will not be registered for outgoing traffic on the DNS servers by using a new flag of the Netsh command. This new flag is the skipassource flag.
For example, the following command creates an IPv4 address that is not registered for outgoing traffic on the DNS servers:
Netsh Int IPv4 Add Address <Interface Name> <IP Address> SkipAsSource=True
"Interface Name" is the name of the interface for which you want to add a new IP address.
"IP Address" is the IP address you want to add to this interface.
Netsh Int IPv4 Add Address Team-1 172.16.5.10 SkipAsSource=True
How can I see what IPs have this flag set? To list the IPv4 addresses that have the skipassource flag set to true, run the following command:
Netsh int ipv4 show ipaddresses level=verbose
Note the “Skip As Source” entries in the below:
That’s all pretty neat but if you are are wondering what is my interface name check the GUI or run the following Netsh command to show the interfaces:
Netsh Interface Show Interface
Note the Interface Name column on the right hand side.
Which corresponds to the GUI:
Note that once you have configured the above, if you then go to the regular GUI and make changes there, the SkipAsSource flag is overwritten unless you have installed the update to correct this known issue.
Consider the following scenario:
You have a computer that is running Windows 7 or Windows Server 2008 R2.
You install hotfix 2386184 (http://support.microsoft.com/kb/2386184/ ) on the computer to enable the skipassource flag of the netsh command.
You assign many IP addresses to a network adapter on the computer by using the netsh command together with the skipassource flag.
You update some IP settings for the network adapter in the Network and Sharing Centre graphical user interface (GUI). For example, you edit the subnet mask of an IP address that has the skipassource flag set to true.
The issue occurs because the GUI does not recognize the skipassource flag, and the GUI uses an incorrect method to handle changes of IP settings. When IP settings are changed, the GUI deletes all the old IP addresses from the old list and then adds new IP addresses to the new list. Because the GUI does not know the skipassource flag, the GUI does not copy the flag when IP addresses are added to the list. Therefore, the skipassource flag is cleared.