This article provides information on deleting and recreating the _msdcs DNS zone on a Windows DNS server.
In an Active Directory (AD) domain, the _msdcs DNS zone stores several types of resource records pertaining to domain controllers (DCs). If this zone is not present or not functioning properly, domain members may not be able to locate a DC and thus may not be able to access resources in the domain.
When troubleshooting an issue involving the _msdcs zone, if all other steps fail to resolve the problem, it may be necessary to delete and recreate the zone. This article provides the procedure for doing so.
Caution: This is a destructive process and should only be followed as a last resort to delete and recreate DNS.
Note: If the _msdcs zone appears to be missing entirely, it may instead exist as a folder inside the domain forward lookup zone. Verify whether this is the case before proceeding.
- Before deleting the zone, back up the existing data:
- For non-AD-integrated zones, a backup can be made by simply copying the contents of the %windir%\System32\dns folder.
- AD-integrated zones are stored in Active Directory. To back them up, back up the system state of a DC that is also a DNS server.
Once a backup has been made, perform the following steps to delete and recreate the _msdcs zone:
- Open the DNS console (Start -> All Programs -> Administrative Tools-> DNS).
- Right-click the _msdcs zone or folder and select Delete. Confirm that you wish to delete the zone or folder.
- If _msdcs existed as a separate zone, right-click Forward Lookup Zones in the left pane and select New Zone. Use the wizard to create the zone. Name the new zone _msdcs.domain, where domain is the full DNS name of your AD domain. For example, if your domain is named mydomain.local, name the new zone _msdcs.mydomain.local.
If _msdcs existed as a folder inside the domain forward lookup zone, right-click that zone in the left pane and select New Domain. Name the new domain (folder) _msdcs and click OK.
- Right-click your server in the left pane and select All Tasks -> Restart to restart the DNS Server service.
- Open a command prompt and run the following commands:
net stop netlogon
net start netlogon
- Wait a few minutes and refresh the DNS console. The new _msdcs zone or folder should now be populated with a number of records and subfolders.
- If there are multiple DCs in the domain, perform step 5 on each one to register that DC's resource records in the new zone or folder.
For general steps for troubleshooting DNS issues, refer to this TechNet article.