none
_msdcs dns zone Placement RRS feed

  • Question

  • Hi,

    By default when you promote a server to a domain controller, there are two zones in the "Forward Lookup Zone" folder, _msdcs.<domain-name> zone folder and <domain-name> zone folder.  Is there any real advantage or is it recommended to move the _msdcs.<domain-name> so that it appears under the <domain-name> zone folder.

    Thanks,

    P

    Friday, November 13, 2015 9:28 PM

Answers

  • Windows 2000 placed _msdcs in the same zone as the domain, whereas 2003+ breaks it out to its own zone and places a delegation back to itself in the domain's zone. 

    The reason for this is so that the replication scope can be set differently. Otherwise it really makes no difference from an actual functionality or end-client perspective.


    Mike Crowley | MVP
    My Blog -- Baseline Technologies

    • Proposed as answer by Mike Crowley Saturday, November 14, 2015 12:05 AM
    • Marked as answer by savednotes Saturday, November 14, 2015 5:38 AM
    Saturday, November 14, 2015 12:02 AM

All replies

  • Windows 2000 placed _msdcs in the same zone as the domain, whereas 2003+ breaks it out to its own zone and places a delegation back to itself in the domain's zone. 

    The reason for this is so that the replication scope can be set differently. Otherwise it really makes no difference from an actual functionality or end-client perspective.


    Mike Crowley | MVP
    My Blog -- Baseline Technologies

    • Proposed as answer by Mike Crowley Saturday, November 14, 2015 12:05 AM
    • Marked as answer by savednotes Saturday, November 14, 2015 5:38 AM
    Saturday, November 14, 2015 12:02 AM
  • Just want to make sure. A consultant made me question myself as he recommended that the folder should be removed so that it gets regenerated to the domain's zone folder. From his perspective he claims that the performance will improve. Any thoughts ?
    Saturday, November 14, 2015 1:41 AM
  • No, that's incorrect. it is a separate zone by default/design. if you delete it, you'll take down AD. I'd ask for specifics on how it somehow improves performance.

    Mike Crowley | MVP
    My Blog -- Baseline Technologies

    Saturday, November 14, 2015 3:51 AM
  • Just want to make sure. A consultant made me question myself as he recommended that the folder should be removed so that it gets regenerated to the domain's zone folder. From his perspective he claims that the performance will improve. Any thoughts ?

    Mike is spot on. The _msdcs zone has records that are relevant to the entire forest, not just the root domain. By breaking it out in to a separate zone, you can mark the _msdcs.<root-domain>.<tld> zone as replicated forest-wide and keep the root domain zone replicated within a narrower scope.

    Thanks,
    Brian

    Consulting | Blog | AD Book

    Saturday, November 14, 2015 4:56 AM
  • Let me clarify on the steps he wanted to perform.

    1. delete the _msdcs zone folder from the "Forward Lookup Zone" and also the sub folder inside the domain zone's folder.

    2. restart the DNS and netlogon service.

    3. perform ipconfig /flush and /registerdns

    After a few minutes the _msdcs zone folder will be recreated but instead of the folder appearing in the "Forward Lookup Zone" it will be a sub-folder in the Domain Zone's folder.

    Thanks for the input.  I'll leave it as is. Also, he said following the mentioned steps will improve DNS queries. (which doesn't make sense to me.  So I thought to come on the forums to get others opinions)

    Saturday, November 14, 2015 5:38 AM