• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 437
  • Last Modified:

Yellow icon Folders under the DNS Zone

In some DNS zones, I have seen Yellow icon Folders under the DNS Zone, an if I click on the folder, I see records in the right pane of the DNS console. I posted this question few weeks ago, and Chris-Dent gave me an answer to it, but didn't know how it got created.
While testing it again, I found that when you right click on the zone/create new domain, it will create the yellow icon Folder. and if you right-click the Yellow icon Folder you still can create other records.
My question is what is the purpose of creating the Yellow icon Folder then creating the record, instead of creating the record right in the existing zone?

Thanks
0
jskfan
Asked:
jskfan
  • 6
  • 6
1 Solution
 
Chris DentPowerShell DeveloperCommented:

You should find that if you create a record with a period (dot) in it that you end up with a sub-folder.

For example:

1. Right click and select New Host (A) Record
2. Enter the name "TestHost.TestFolder"

The record will display as "TestHost.TestFolder.domain.com" and you should see that you have a yellow folder called "TestFolder", which is the sub-domain and TestHost beneath that.

Chris
0
 
Chris DentPowerShell DeveloperCommented:

Oh and there's no need to create the TestFolder sub-domain as a separate step. The folders are just how MS have chosen to display sub-domains in their console.

Chris
0
 
jskfanAuthor Commented:
but in fact there is no real subdomain with that name. I mean it's not like they installed a domain controller and made it a child domain for an existing domain. I believe it's just a "DNS Sub-Zone" if I can name it this way.
I also have the same folders but they are a real child domains. they physically have a DC to logon to
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
Chris DentPowerShell DeveloperCommented:

There is a DNS sub-domain with that name. You seem to be getting confused because you're linking DNS concepts with AD too much.

AD uses DNS, but it doesn't define how DNS works or the structures it holds. It's better to think of AD working within DNS (because AD was designed to), rather than DNS doing things specifically for AD.

So if you had this host record:

host.domain2.domain1.com

We could say that:

com is a sub-domain of "."
domain1 is a sub-domain of com
domain2 is a sub-domain of domain1

None of these have to have anything to do with Active Directory.

As far as DNS is concerned AD is irrelevant. You might store a zone in AD, but that's a function performed by MS's DNS Service. It isn't something which comes as part of the DNS system (as a system defined by RFCs), it may as well be a text file for all DNS cares.

The areas of DNS AD does use, the Service Records, are clearly defined in RFCs. A Domain Controller and AD simply make use of this known extension to provide locators for specific services (such as LDAP, Global Catalogs, Kerberos services, etc).

In short, DNS is an entirely separate topic from AD. Some of the concepts overlap, such as hierarchical naming, but only because AD was designed to use DNS as it's primarily name resolution service.

Chris
0
 
jskfanAuthor Commented:
it could be that they represent a name for a domain eg: XX.YY.com created in DNS, but there is no Domain Controller to logon to with XX.YY.com.
0
 
Chris DentPowerShell DeveloperCommented:

Still too much mixing with AD :)

It represents a DNS domain xx.yy.com (a sub-domain of yy.com), but that's where it stops for DNS. That may or may not be an AD domain, it's not something DNS will care about. You could look and see if it has lots of AD related service records, that would pretty much give it away.

Chris
0
 
jskfanAuthor Commented:
<<<That may or may not be an AD domain>>>
that's what I was looking for.
0
 
jskfanAuthor Commented:
the nslookup command you gave the other day   NSLookup ............_msdc
if it doesn't give me the DC for that namespace, I pretty much cross it out from AD concept.
0
 
Chris DentPowerShell DeveloperCommented:

It's a moderately reasonable assumption, but it's based on another assumption: That the AD domain is correctly updating DNS. Still, not much else you can do so it's not an unreasonable approach.

Chris
0
 
jskfanAuthor Commented:
IN DNS , you can create a zone named google.com or cnn.com, and create a record for the server that google use, but you still are just giving a user a phone book entry (the ip address) when they type googole.com on their browser.
you don't have an AD domain for google.com.
0
 
Chris DentPowerShell DeveloperCommented:

Correct.

Even with AD that's all DNS does, returns IP addresses for names. Service Records, MX records are marginally more complex, but ultimately they get back to IP addresses for names.

Chris
0
 
jskfanAuthor Commented:
thanks
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 6
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now