Can I delete the '_msdcs.domain' zone?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Good Morning,
I have a 4010 DNS error in the event viewer(I have another post about this).
It can not load the RR records in the previous mentioned zone(I believe they
are the CNAME records of all of the servers and the domain). After digging
around I have found some references that I may have a corrupted DNS zone.
Can I delete that very important zone and then immediately have the 6 servers
reregister the records in that zone (IPCONFIG flushDNS and registerDNS; And
then net stop/start netlogon)? It is kind of scarey! Is there a way to back
up that zone so I can recreate it if there is a problem? Is there a safe way
of doing this? Thanks for any help.
 
TheMechanic said:
Good Morning,
I have a 4010 DNS error in the event viewer(I have another post about
this). It can not load the RR records in the previous mentioned
zone(I believe they are the CNAME records of all of the servers and
the domain). After digging around I have found some references that
I may have a corrupted DNS zone. Can I delete that very important
zone and then immediately have the 6 servers reregister the records
in that zone (IPCONFIG flushDNS and registerDNS; And then net
stop/start netlogon)? It is kind of scarey! Is there a way to back
up that zone so I can recreate it if there is a problem? Is there a
safe way of doing this? Thanks for any help.
Click to expand...

Change the zone to standard priomary, which removes the zone from Active
Directory. Set the zone to allow dynamic updates and run those commands.

Before you put the zone back into AD, use ADU&C in Advanced view, to open
the System\MicrosoftDNS container, and delete any objects with that name.
Connect to all DCs to verify these objects are not present.
 
Thanks Kevin for the info. I changed the zone from AD to Primary and back to
AD safely using your directions. It didn't fix the 4010 errors. Are these
errors something not to worry about. It only happens on the reboot. I can
do the 'Ipconfig /flush & Resgister DNS AND the net logon stop/start' and I
do not get any errors. The netdiag and the dcdiag, also works without error.
Got me? Now that I am writing about it, it seems like it is trying to load
the zone data from the active directory before the DNS service is started.
Immediately after the 5 server errors and the 1 domain error (All 4010), the
DNS server starts. I changed the netlogon service to depend on DNS but that
didn't seem to help. What service is trying to load the DNS records?

Thanks a lot.

Steve
 
TheMechanic said:
Thanks Kevin for the info. I changed the zone from AD to Primary and
back to AD safely using your directions. It didn't fix the 4010
errors. Are these errors something not to worry about. It only
happens on the reboot. I can do the 'Ipconfig /flush & Resgister DNS
AND the net logon stop/start' and I do not get any errors. The
netdiag and the dcdiag, also works without error. Got me? Now that
I am writing about it, it seems like it is trying to load the zone
data from the active directory before the DNS service is started.
Immediately after the 5 server errors and the 1 domain error (All
4010), the DNS server starts. I changed the netlogon service to
depend on DNS but that didn't seem to help. What service is trying
to load the DNS records?

Thanks a lot.
Click to expand...

At startup if you only have one DC you can expect DNS errors because the
zone is stored in Active Directory but, Active Directory has not quite
started yet.
If you had two DC you wouldn't see these errors unless something was wrong.
 
Back
Top