Some of the materials I have read on Active Directory and DNS I feel have not done a clear job explaining exactly what the _msdcs subdomain is and how it is used in an Active Directory forest.
The following is my explanation which I hope makes some sense out of the issue.
_msdcs and Domain Controller Location
First, all domains in an Active Directory forest have a subdomain beneath them called _msdcs. To illustrate, if I create a domain called parent.local and a child domain called child.parent.local, those domains will each contain a subdomain: _msdcs.parent.local and _msdcs.child.parent.local respectively. You can see the _msdcs subdomain of a domain in my Active Directory forest below:
This subdomain is reserved for the registration of DNS records for Microsoft specific services. For example, when looking for a domain controller, a client will need to query a LDAP service record. Microsoft is not the only software company who makes directory services software using the LDAP protocol. As such, there needs to be a way for a client to specifically request a Microsoft LDAP server (in other words a domain controller). Because the _msdcs domain is reserved specifically for Microsoft, clients can safely query this domain for LDAP service records and know they will be receiving the record for a Microsoft domain controller.
Take a closer look at the _msdcs subdomain. You’ll see it actually has several subdomains of its own.
When a client is querying DNS for a domain controller, if the client does not know what site it belongs to, it will request a _ldap service record from the _tcp.dc._msdcs.domain.tld zone.
If the client does know what site it belongs to, it can query for a _ldap record in the subdomain for that site. For example, _tcp.Default-First-Site-Name._sites.dc._msdcs.child.parent.local using the example pictured above.
_msdcs Subdomain of the Forest Root Domain
The _msdcs subdomain of the forest’s root domain is a little special.
First, if you look at the records registered in the root of the zone, you may see several CNAME (or alias) records. There is a CNAME record for each domain controller in the forest and this record maps the GUID of the domain controller to the fully-qualified domain name of the domain controller. These records are used by Active Directory for replication purposes. All writable domain controllers must register a record in this zone for proper replication.
Now, take a look at the _msdcs domain under the forest root domain in the DNS Server Manager. Notice how it is depicted as a gray icon.
This signifies _msdcs is a delegated domain. Recall that delegations are used to specify the IP address of another DNS server that will host the zone. In the case of the _msdcs domain, the delegation does not actually specify a different DNS server, but instead points to the local server as you can see from the properties of the delegation in the screen shot below:
So, what is the point of delegating this subdomain to the same server? Well, essentially by specifying the _msdcs domain as a delegation, you remove it from the parent zone on the DNS server allowing you to create an independent _msdcs zone. The screen shot below highlights this _msdcs zone:
Now, the _msdcs subdomain of the forest root has its own subdomain underneath it called “dc,” like we looked at earlier, where DCs for the domain register their service records. But, because the _msdcs subdomain of the forest root domain is replicated to all DNS servers in the forest, it also make the perfect place for services that are needed throughout the forest to register their DNS records as well. For example, say the global catalog.
Looking at the subdomains in the _msdcs domain, you’ll see in addition to the “dc” domain, there is a subdomain called “domains” and another subdomain called “gc.”
The gc._msdcs domain contains two subdomains of its own called “_sites” and “_tcp.” These function the same way as the “_sites” and “_tcp” subdomains in the dc._msdcs domain function. When a client needs to find a global catalog in the forest, it can query for an _ldap record in the _tcp.gc._msdcs.forestroot.tld zone if it does not know what site it is in or it can query for a global catalog in a specific site by requesting an _ldap record in the _tcp.SiteName._sites.gc._msdcs.forestroot.tld zone.
I also want to make it clear, that because the _msdcs subdomain of the forest root is replicated to all DNS servers in the forest, this means every DNS server is authoritative for the _msdcs.forestroot.tld zone.
That concludes this look at the _msdcs domain. I hope this description was helpful.