none
Looking to understand _msdcs DNS zones. RRS feed

  • Question

  • Hi all,

    I'm trying to get my head around the _msdcs zones in DNS and how they are used, how they should be setup, things to watch out for etc.

    Using the example of a domain called test.local built from Windows Server 2008 R2. Domain/Forest Functional Levels are the default 2003.

    In DNS there is a zone called _msdcs.test.local

    I understand this zone contains info related to the domain, so for example location of Global Catalogue servers, site layout, SRV records etc. I'm reasonably comfortable with this even if I don't understand all the contents 100%.

    Under the test.local zone, there is a grey _msdcs zone. I do not understand what this zone is and what it should look like. I've created labs, looked at production environments I work with and so on. The contents are one or more Name Server records that are defined in the _msdcs zone properties, but I can't spot a pattern.

    What is this zone used for and what should be in it? Is there any good practice around working with this zone?

    Should it contain a NS record for all the DCs in the domain for example?

    Any advice is gratefully received.

    C.

    Tuesday, March 31, 2015 11:16 AM

All replies

  • The grey one is a zone delegation, that's why you find DCs name inside of it

    You wouldn't demand your Doctor a therapy just because you told him "I don't feel very well"
    You wouldn't expect your accountant to know how much your taxes are just because you told him "I have earned some money"
    Do not expect any IT Pro to suggest you a solution just because you said "It doesn't work"

    Tuesday, March 31, 2015 1:09 PM
  • I understand this zone contains info related to the domain, so for example location of Global Catalogue servers, site layout, SRV records etc. I'm reasonably comfortable with this even if I don't understand all the contents 100%.

    Reading the Wiki I started here about DC Locator would help in understanding how these records are used: http://social.technet.microsoft.com/wiki/contents/articles/24457.how-domain-controllers-are-located-in-windows.aspx

    Under the test.local zone, there is a grey _msdcs zone. I do not understand what this zone is and what it should look like. I've created labs, looked at production environments I work with and so on. The contents are one or more Name Server records that are defined in the _msdcs zone properties, but I can't spot a pattern.

    That is a zone delegation. It mainly to delegate the name resolution to specific DNS servers.

    I usually proceed like the following:

    • Create _msdcs.test.local DNS zone on a DC if it is not already created on one of the DCs and make it AD-Integrated and replicated to all the DCs in the forest
    • Once the replication is done, I remove the DNS delegation of the zone

    This posting is provided AS IS with no warranties or guarantees , and confers no rights.

    Ahmed MALEK

    My Website Link

    My Linkedin Profile

    My MVP Profile

    Tuesday, March 31, 2015 2:24 PM