Hi team,
I've been attempting to establish a domain with an disjointed namespace between DCs to support an SDLC within a single domain. Essentially the DNS root and R/W DCs will be secured and RODCs with subdomains will be established in different environments. each environment will have a separate but matched principles of administration through a common delegated admin model. However, I wish to keep DNS records isolated from different environments, only to be resolved through zone delegation to the relevant DCs for each environment.
I have setup a playpen to validate the configuration with two DCs and enabled, and commissioned the msDS-AllowedDNSSuffixes and updated the second DCs HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NV Domain to match. I have added the zone delegation to the first DC and created a new DNS partition and zone to hold these records.
I noticed that upon reboot the second DC has created subdomain records for _sites and _tcp records, unexpectedly. upon reversing the configuration and removing the msDS-AllowedDNSSuffixes records, rebooting both DCs, i notice the RootDSE namingContexts is not updated to remove the now superflous subdomain record. How should this record be removed?
Many thanks