_gc and _ldap SRV records

Whats the difference or adverse affects of just making a secondary copy of the root domain zone on every dns server in a multi domain forest as that zone contains the _MSDC.<forestrootdomaimzone instead of partitioning just the _MSDC zone?

Also, how do you do that in win2k because windows dns doesn't seem to treat _MSDC as a "real" zone file or domain but like a subfolder?

Thanks

Message

From: Almeida Pinto, Jorge de [mailto:ActiveDir-owner (AT) mail (DOT) activedir.org] Behalf Almeida Pinto, Jorge de

Sent: Friday, July 29, 2005 10:13 AM

To: ActiveDir (AT) mail (DOT) activedir.org

Subject: RE: [ActiveDir] _gc and _ldap SRV records

creating a separate zone for _MSDCS.<ForestRootDomain>.<tldis especially interesting in multiple domain forests. In single domain forests it is not needed as all DCs in the domain with DNS already get the info through the zone <ForestRootDomain>.<tld>. Although not needed I always configure a separate zone for _MSDCS.<ForestRootDomain>.<tldif someone for some reason wants to create an additional domain in the forest

#JRGE#

From: ActiveDir-owner (AT) mail (DOT) activedir.org on behalf of M (AT) cox (DOT) com

Sent: Fri 7/29/2005 3:19 PM

To: ActiveDir (AT) mail (DOT) activedir.org

Subject: RE: [ActiveDir] _gc and _ldap SRV records

So reading this am I correct in this interpretation? I should remove the _msdcs domain from xyz.root and instead create a new zone called _msdcs, cycle netlogon to force registration of records?

:m:dsm:cci:mvp

From: ActiveDir-owner (AT) mail (DOT) activedir.org [mailto:ActiveDir-owner (AT) mail (DOT) activedir.org] Behalf Almeida Pinto, Jorge de

Sent: Thursday, July 28, 2005 3:09 PM

To: ActiveDir (AT) mail (DOT) activedir.org

Subject: RE: [ActiveDir] _gc and _ldap SRV records

Each DNS zone representing an AD domain has a _MSDCS DNS subdomain. All DCs register belonging to a certain domain register their DNS domain wide records in their own _MSDCS DNS subdomain. However each DC and GC also register forest wide records (e.g. CNAME and _GC, etc). It is a best practice to create a separate DNS zone for _MSDCS.<ForestRootDomain>.<tld>. In W2K3 it is also a best-practice to set the replication scope for that zone to all DCs with DNS in the forest. In W2K this is not possible so in the forest root domain make the zone AD-I and for the DNS servers in the other domains in the forest create a secondary zone of this zone.

And yes, assuming replication is complete all the records in the _MSDCS.<ForestRootDomain>.<tldzone should be on each DNS server that hosts this zone

Cheers

#JRGE#

From: ActiveDir-owner (AT) mail (DOT) activedir.org on behalf of Creamer, Mark

Sent: Thu 7/28/2005 8:52 PM

To: ActiveDir (AT) mail (DOT) activedir.org

Subject: [ActiveDir] _gc and _ldap SRV records

A question about DNS SRV records for my DCs and Global Catalog serversshould every AD-integrated

DNS server in my entire forest have _gc and _ldap records for every GC and DC in the forest?

It looks like the records listed vary from one domain to another in my DNS, and I wonder if they

should all have the same records regardless of the forest domain the DNS server is in

Thanks,

Mark

This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated.