TTL Set in the DC Locator DNS RecordsID: oval:org.secpod.oval:def:19554 | Date: (C)2014-05-29 (M)2023-07-04 |
Class: COMPLIANCE | Family: windows |
The TTL Set in the DC Locator DNS Records machine setting should be configured correctly.
Specifies the value for the Time-To-Live (TTL) field in Net Logon registered SRV resource records. These DNS records are dynamically registered by the Net Logon service, and they are used to locate the domain controller (DC). To specify the TTL for DC Locator DNS records, click Enabled, and then enter a value in seconds (for example, the value "900" is 15 minutes). If this setting is not configured, it is not applied to any DCs, and DCs use their local configuration.
Fix:
(1) GPO: Computer Configuration\Administrative Templates\System\Net Logon\DC Locator DNS Records\TTL Set in the DC Locator DNS Records
(2) KEY: HKLM\Software\Policies\Microsoft\Netlogon\Parameters\DnsTtl
Platform: |
Microsoft Windows Server 2008 R2 |