none
which "properties" to configure in DNS? RRS feed

  • Question

  • i noticed this today, in a DNS settings, there is this in "Forward Lookup Zones" subfolders named "_msdcs.domain.com" and "domain.com". both of them have "properties" to configure specially the part on zone transfers and name servers.

    is it required to configure both of them? if yes, why separate "properties" when the values are always the same?

    Thursday, July 27, 2017 6:10 AM

Answers

  • Hi,

     _msdcs.domain.com was a Active Directory integrated DNS zone.

    To facilitate locating Windows Server 2003-based domain controllers, in
    addition to the standard _Service._Protocol.DnsDomainName format, the Net
    Logon service registers SRV records that identify the well-known server-type
    pseudonyms "dc" (domain controller), gc (global catalog), pdc (primary
    domain controller), and "domains" (globally unique identifier, or GUID) as
    prefixes in the _msdcs subdomain

    domain.com was a customize zone in your AD DC.

    why separate "properties" when the values are always the same?

    In my lab,them were  not always the same status. You could set them separately for different requirement.

    Best Regards,

    Frank


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Reno Mardo Sunday, July 30, 2017 7:42 AM
    Thursday, July 27, 2017 10:14 AM

All replies

  • Hi,

     _msdcs.domain.com was a Active Directory integrated DNS zone.

    To facilitate locating Windows Server 2003-based domain controllers, in
    addition to the standard _Service._Protocol.DnsDomainName format, the Net
    Logon service registers SRV records that identify the well-known server-type
    pseudonyms "dc" (domain controller), gc (global catalog), pdc (primary
    domain controller), and "domains" (globally unique identifier, or GUID) as
    prefixes in the _msdcs subdomain

    domain.com was a customize zone in your AD DC.

    why separate "properties" when the values are always the same?

    In my lab,them were  not always the same status. You could set them separately for different requirement.

    Best Regards,

    Frank


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Reno Mardo Sunday, July 30, 2017 7:42 AM
    Thursday, July 27, 2017 10:14 AM
  • i have AD integrated DNS servers and explicitly sets these tabs to point only to my known servers. paranoid yes ;-)
    Sunday, July 30, 2017 7:41 AM
  • oic.

    well i configure them both to be the same anyway to avoid confusion. but it did help me find the offending server living in the _msdcs subdomain.

    Sunday, July 30, 2017 7:42 AM