Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 75
  • Last Modified:

DNS Error in Win 2008 R2

I am going through the roles enabled on my DCs. I am running the best practice analyzer and I am getting this failure for my DNS. Attached screenshot that says my "Zone_msdsc.XXXX.org was not. When I look at my "Forward Lookup Zones" in DNS manager I see XXXX.ORG with _msdcs as a sub folder (also in the screenshot). All my servers and workstations are in the XXXX.ORG folder. Should I change this?
0
InSearchOf
Asked:
InSearchOf
  • 5
  • 4
2 Solutions
 
Adam BrownSr Solutions ArchitectCommented:
It's best to maintain _msdsc as a separate zone than as a folder inside the root zone for your domain. The way to change this is to delete the folder, create a new Forward Lookup Zone called _msdsc.domain.com, then run the following commands on the DC:
ipconfig /flushdns
ipconfig /registerdns
net stop netlogon
net start netlogon

Open in new window

0
 
InSearchOfAuthor Commented:
I forgot to upload the screenshot. Here it is.
DNS-BP-Error.docx
0
 
Adam BrownSr Solutions ArchitectCommented:
Yep. Delete the folder for _msdsc in your domain FLZ and create it again as a separate zone. Once you flush and re-register DNS, then restart netlogon, that error should go away.
0
Microsoft Certification Exam 74-409

VeeamĀ® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
InSearchOfAuthor Commented:
How about what is in there now?
0
 
Adam BrownSr Solutions ArchitectCommented:
Clear that out, recreate the folder as a zone, and the DC will repopulate the necessary data when it registers itself in DNS. You'll want to make sure you're running the commands I gave on all DCs in the environment, as well.
0
 
InSearchOfAuthor Commented:
This is what I have in that folder.
msdcs.docx
0
 
Adam BrownSr Solutions ArchitectCommented:
That's normal. All of that is SRV records that allow clients to locate the DCs. Those will be repopulated automatically after registering DNS on the DCs.
0
 
InSearchOfAuthor Commented:
Great. I will do this  after hours just to be on the safe side. I will post back tomorrow. Thanks for the help.
0
 
DrDave242Commented:
For what it's worth, this is simply a bug in the BPA that I've run across a number of times. Either configuration will work: you can have _msdcs as a separate zone or as a subfolder inside the domain forward lookup zone. Configuring it as a separate zone allows it to be stored in a different application directory partition so that it can be replicated separately from the domain zone, but in terms of query and response functionality, the two configurations are identical.

For some reason, the BPA only checks for _msdcs as a separate zone and returns that error if it doesn't find it.
0
 
InSearchOfAuthor Commented:
- Thanks for the FYI on the BPA bug.

- I have not had a chance to recreate the folder.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now