We run Active directory on windows server 2008 and 2008 R2 in 2008 AD mode.
Our DNS is part of the AD and runs on the same servers as the Global Catalogue.
My predecessor created the environment within domain.local (domain is a substitution, .local is not)
In the forward lookup zones we have a container called domain.local and this contains a working _msdcs container.
However at the top level we have a container called _msdcs.domain.net (note its the same domain but .net tld rather than .local) this container mostly contains the same records as the working _msdcs container inside domain.local but with some minor differences.
Example of layout in DNS manager (Not enough reputation points to post an image)
+ Forward Lookup Zones
- _msdcs.domain.net
+ dc
+ domains
+ gc
+ pdc
- domain.local
- _msdcs
+ dc
+ domains
+ gc
+ pdc
I want to find what is using it? I want to know how it got there? and I want to delete it or fix it.
All the MS documentation I can find on _msdcs describes its use and what it contains but not why there would be a separate one at the top of my forward lookup zone for a domain other than my AD's.
================
Update
Looks like the AD has been renamed using rendom but not cleaned up / completed.
To confirm this use sysinternals Active Directory Explorer (BE CAREFUL THERE BE DRAGONS IN THIS TOOL)
then look in this container (not all containers shown, asuming your domain is domain.local)
-servername [servername.domain.local]
-CN=Configuration,DC=domain,DC=local
-CN=Partitions
CN=DOMAIN
for an attribute called msDS-DnsRootAlias
In my case this showed domain.net
Not certain how to fix but that's for another Question.
Best Answer
If anything thinks your domain is domain.net instead of domain.local (really you shouldn't use .local, but that's another conversation entirely), it will look for your DCs at _msdcs.domain.net.
There is no telling what this might break (kerberos comes to mind, as well as dynamic DNS updates), so I'd imagine little or nothing is using it. However, if you like, do a packet capture (use wireshark, or better yet clone the port and use wireshark on something else so you don't have to run wireshark on a production server) filtering for DNS records, and search the resultant data for queries involving _msdcs.domain.net. If you happen to find one, inspect the device querying to see what it is that is so misconfigured.
Perhaps you also have, or had, an AD domain with that name. If so, and it no longer exists, you can purge those records. This will make your life easier when eventually someday you migrate away from .local.