DisableNSRecordsAutoCreation with Dnscmd

Published on Tuesday, 2 May 2017

This post explains how to restrict automatic NS resource record registration in Windows Server DNS using Dnscmd. This prevents Windows Server DNS to automatically create NS records for zones that it hosts on the server.

This registry key restricts the DNS server to create name server resource records (NS records) automatically while loading it's DNS zones. By default the name server automates the creation of name server resource records upon loading its zones.

If the registry value is set to 1, the DNS server is restricted from registering NS resource records for authoritative zones. Also existing Name server (NS) records for the authoritative zones that are located on the DNS server are deleted automatically.

Enable DisableNSRecordsAutoCreation with Dnscmd

To enable DisableNSRecordsAutoCreation on the command line use the following command:

Dnscmd /config /DisableNSRecordsAutoCreation 1

Protip: enabling this DisableNSRecordsAutoCreation setting disables the auto creation of NS records zones that it hosts.

When you just want to know the current status of the setting, run:

Dnscmd /info /DisableNSRecordsAutoCreation

And you can always disable it: Dnscmd /config /DisableNSRecordsAutoCreation 0