How do GC's register _MSDCS info in the DNS root from a child doma

[Guest]

If a child DC/GC is configured to resolve it's DNS via a DNS server in it's
child domain, you still get things like DC GUIDS and GC entries showing up in
the root DNS _MSDCS zone. I cannot see how this can be populated without
pointing the DC at the root DNS server as the primary DNS resolver. Does
anyone know how these records get registered, does AD do something clever
internally?

 

[chriske911]

Ewan expressed precisely :

If a child DC/GC is configured to resolve it's DNS via a DNS server in it's
child domain, you still get things like DC GUIDS and GC entries showing up in
the root DNS _MSDCS zone. I cannot see how this can be populated without
pointing the DC at the root DNS server as the primary DNS resolver. Does
anyone know how these records get registered, does AD do something clever
internally?

probably the dns zones are being replicated amongst them selves
so adding a new entry in a child domain automatically triggers an
update of the zone all around

grtz

 

[Jorge_de_Almeida_Pinto]

If a child DC/GC is configured to resolve it's DNS via a DNS
server in it's
child domain, you still get things like DC GUIDS and GC
entries showing up in
the root DNS _MSDCS zone. I cannot see how this can be
populated without
pointing the DC at the root DNS server as the primary DNS
resolver. Does
anyone know how these records get registered, does AD do
something clever
internally?

As the child DNS zone is delegated from the parent domain DNS servers
to the Child domain DNS servers, the child domain DNS servers are or
using internal root hints or forwarders.

Cheers,

 

[Joe Richards [MVP]]

The DC/GC knows that it needs to register in that zone. It asks the DNS Server
it knows about for the SOA for that zone and goes directly to that server(s) and
registers.

 

[Guest]

Hi Joe,

Thanks for the response, my confusion though is that if the child DC points
to a child DNS zone for resolution the SOA for that zone will be a child DNS
server. However the child DC somehow knows the existance of the root zone
and a route to follow in order to register it's AD GUID in the _MSDCS zone on
a "root" DNS zone server? I don't see how it does this??

I'd be interested to hear if you have any ideas?

Cheers,
Ewan

 

[Joe Richards [MVP]]

You point DCs to DNS servers, not zones. The fact that a server has its address
in a specific zone doesn't mean it can't ask that DNS Server for the SOA of
another zone.

All DCs know the root domain of the forest and from that can ascertain the root
DNS zone and ask for its SOA. Assuming the DNS server they are configured for
has knowledge of that zone (and with AD it better or else all sorts of things
will break say like Kerberos) it can tell the client where to go for that zone.

I would recommend purging all of the records for a DC in the various zones and
then using ipconfig to force a registration. When you do that, do a network
trace and watch the actual traffic, that should answer your questions.

joe