The basic use case is this: we want an Active Directory server running in an AWS VPC that can serve machine within the VPC, and in other locations. The AD DC has an Elastic IP to allow external entities to access it, specifically the DNS. However, due to the way Elastic IPs work the Windows network stack sees its IP as being in the 10.0.0.0/16 range of the VPC, and so, the dynamic updating of the DC’s DNS entries results in all the address pointers being to this private IP.
What is happening here is the NetBIOS stack is doing its routine updates of the DNS, and it is pulling the private IP from the network stack. This isn’t a NIC dynamic DNS update as you may expect. You can however disable this behaviour by following the instructions here, which require you to create a registry entry for the IP of the server:
HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters
Registry Value: PublishAddresses
Registry Value Type: REG_MULTI_SZ
Registry Value Data:<IP addresses>This could be baked into a usercode startup script if required for multiple server images.
Note, this is a more advanced configuration change which needs to be documented in case it causes issues in the future.