If you run the SBS 2011 Best Practices Analyzer (BPA), you may see the following warning:
No DNS name server records.
Source: 74
Issue: There are no DNS name server (NS) resource records for the delegated _msdcs forward lookup zone.
Well, that’s nice. But you may ask yourself: What does this mean? Why did it happen? and Do I need to fix it?
The short answer is that this often occurs as a result of doing a migration to SBS 2011. If your SBS 2011 server is a standalone server (not in a multi DC environment), then it’s not a big concern. You could probably just click on “Exclude this Result” to hide/ignore the warning from appearing when you run future BPA reports.
But if you’re like me, you want to resolve the issue, if possible, instead of just ignoring it.
The warning is caused by the fact that BPA is looking for a _msdcs sub zone under your domain.local zone in DNS. Here’s an example where it is missing:
An excellent tutorial on resolving this issue in detail is available on the Official Windows Server Essentials and Small Business Server Blog site. It also covers the situation where the _msdcs.domain.local zone is missing.
In my case, I already have a separate _msdcs.domain.local zone. So all that I need to do is to manually create the _msdcs zone and restart the Netlogon service. So, let’s get to work:
- Right click on your domain.local zone and select New Delegation, then click Next
- Type in _msdcs for the delegated domain name, and click Next
- Click Add, and then enter either the FQDN of your server (sbs1.kwsupport.local in my case) and click Resolve, or you can just enter your server’s IP address.
- In either case, once you have created the new zone, and finished, you will see the new _msdcs zone listed
- Finally, open up Services.msc and click to restart the Netlogon service, and you’re done.
Rerun the BPA and you will see that this warning message no longer appears!
Hope this helps you!