Share via

_msdcs zone under forward lookup zone missing

Tom Jacob Chirayil 121 Reputation points
2021-02-03T22:17:59.137+00:00

Hi there,

Need some expert advice regarding our DNS zones.

We have our local active directory domain, with 3 DCs. One DC is running Windows Server 2016. Two other DCs running Windows Server 2012 R2. We also have some additional forward lookup zones configured. All are Active Directory Integrated zones.
The question is regarding _msdcs.localdomain.local.

Ideally, there should be an _msdcs zone under forward lookup zones there should be a delegation to this zone from the localdomain.local. I am attaching a screenshot of our current DNS zones.
63626-image.png

As you can see, there is no _msdcs zone under forward lookup zones. The 2016 domain controller is one which we recently upgraded. It was a 2008 R2 server before. I demoted 2008 R2 server, created a new server with the same name and IP Address and promoted it as a domain controller.

The DNS resolutions, replication everything seems to be working fine. We have an on-premise Exchange Server as well. No DNS issues are being reported. As far as I know, the original domain install was on Windows 2000 and the domain controllers has been updated to 2003, 2008 R2, 2012 and 2016.

Just want to know if I leave this as it is, will it cause any problem? Is there any way we can get this back to the recommended hierarchy?

Windows for business | Windows Client for IT Pros | Networking | Network connectivity and file sharing
Accepted answer
  1. Anonymous
    2021-02-04T06:56:25.947+00:00

    Hi ,

    Based on my understanding, you have 3 DC but only (windows server 2016)one DC's _msdcs zone is missing. Is that right? Please feel free to let me know if I have any misunderstanding.

    Please try to manually rebuild _msdcs zone and then restart NETLGON service.

    For more details, you can refer to the following article:

    Rebuild the _msdcs DNS zone

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Best Regards,

    Candy

    --------------------------------------------------------------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Tom Jacob Chirayil 121 Reputation points
    2021-02-04T20:19:00.493+00:00

    Hi @Anonymous ,

    It is the same on all the DCs (which are also the DNS Servers). The DNS on all the 3 DCs shows like the screenshot attached.

  2. Anonymous
    2021-02-05T02:48:23.077+00:00

    Because the zone already exist under the domain.local zone, do I need to really delete the zone before restarting the netlogon service?

    Don't need to delete it. Manually re-create _msdcs zone, then you will see picture below:

    64275-image.png

    The following article talking about how to backup DNS zone:

    DNS Backup and Restore using command
    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    0 comments
  3. Stefano Colombo 221 Reputation points
    2021-12-07T09:03:40.83+00:00

    we have the opposite issue.
    The _msdcs.domain.local just under the forward lookup zone exist but the _msdcs zone under domain.local is missing
    HOw can we fix it ?

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.