We build a set of virtual appliances used throughout the company. The networking on the VM is set to NAT to prevent external DNS records from being created, unfortunately at least once a month someone switches it to bridged so other people can connect.
The problem with this is they all have the same hostname, as soon as the external DNS record is created everyone is routed to this new address causing issues until we track down the culprit and change it back to NAT or change the hostname.
Is there a method in a 2008 R2 AD environment to blacklist a hostname and prevent a DNS record from being created? DNS is configured so a record can be created by anyone with a network device which makes it messy. Adding an A record pointing to 127.0.0.1 won't work as people work with the VM from outside it with a client.
This is a multi-domain environment and the root domain has DNS restricted, if there's a way to force the VM to request a DNS record in that space that could work.
Edit: To clarify, the DNS record is created via DHCP
