Hi, does anyone know if the A record of your dns domain name (e.g. A record 'company.local'), should point to your authoritative dns servers or to your Windows domain controllers?
I'm talking about a DNS domain on a company intranet (e.g. 'company.local'), where DNS domain name = windows domain name, but where the domain controllers aren't running dns anymore.
Microsoft domain controllers (which are usually also the dns servers) always create A records for the domain name itself. E.g. if your Windows domain name is 'mycompany.local' and you have 2 domain controllers, then you will find 2 A records in dns zone mycompany.local:
mycompany.local A ip-of-domaincontroller1
mycompany.local A ip-of-domaincontroller2
But why do they do this: is it to be able to find the domain controllers of windows domain mycompany.local (which can also be found by looking at certain SRV rr), or is it to be able to find the dns servers which are authoritative of dns domain mycompany.local (which can also be found by looking at NS rr)?
When you have an 'all Microsoft' environment, this doesn't really matter. But I'm asking this question because we have a mixed environment: we switched from Microsoft DNS to a non-Microsoft DNS server (BIND). And currently the A record of the dns/windows domain contains 6 entries: 3 pointing to domain controllers and 3 pointing to dns servers...
In my opinion this is a messy situation, and 3 of them should/could be removed, but of course I don't want to cause operational problems so I want to be sure before I change anything.
So the question is: what information should the A record of the Windows domain actually contain:
- the IP of our Windows domain controllers (which are not running DNS anymore)?
- the IP of our (BIND) dns servers?
I looked at Microsoft documentation but didn't find the right answer (yet), so I'm hoping someone in here has the right answer.
Thanks in advance, Bart