During a Netmon trace (or possibly in event logs) you may see Domain Name Service (DNS) queries and errors messages relating to blackhole.isi.edu.
For example, the following Warning event may be logged:
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
The Security System could not establish a secured connection with the server DNS/prisoner.iana.org. No authentication protocol was available. For more information, see Help and Support Center at http://support.microsoft.com.
Data: 0000: 8b 01 00 c0 ?..À
This behavior can occur when Windows 2000 tries to register the DNS PTR (reverse-lookup) record for a private network address. For example, if your server has a 10.0.0.x
Internet Protocol (IP) address, the primary DNS server for 10.in-addr.arpa (which is the reverse-lookup zone for the 10.x
address range) currently is blackhole.isi.edu. You should receive similar results for the 192.168.x
and the 172.16.0.0-172.31.255.255 address range as well.
To resolve this issue, use one of the following options.
Configure your local DNS server to have the reverse-lookup zone that the Windows 2000-based computers can use to register. For example, if your computers are using a 10.0.0.x
IP address, create a reverse-lookup zone of 10.in-addr.arpa on the local DNS server on which the Windows 2000-based computers are attempting to register.
This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
How to back up and restore the registry in Windows
Disable Windows 2000 from registering the PTR record, using the following steps:
- Start Registry Editor (Regedt32.exe).
- Locate the following registry key:
- On the Edit menu, click Add Value, and then add the following registry value:
Value Name: DisableReverseAddressRegistrations
Data Type: REG_DWORD
- Quit Registry Editor.
This option disables DNS dynamic update registration of PTR records by this DNS client. PTR records associate an IP address with a computer name. This entry is designed for enterprises in which the primary DNS server that is authoritative for the reverse-lookup zone cannot or is configured not to perform dynamic updates. It reduces unnecessary network traffic and eliminates event log errors that record unsuccessful attempts to register PTR records.
You can use the nslookup
command from a command prompt to try and verify the information. The following example returns primary name server = prisoner.iana.org:
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
Valid IP addressing for a private network