Your network contains an Active Directory forest.
The forest contains two domainsnamed contoso.comand eu.contoso.com.
All domain controllersare DNS servers.
The domain controllersin contoso.com host the zone for contoso.com.
The domain controllersin eu.contoso.com host the zone for eu.contoso.com.
The DNS zone for contoso.comis configured as shown in the exhibit:

You need to ensure that all domain controllers in the forest host a writable copy of _msdcs.contoso.
com.
Which two actionsshould you perform?
(Each correct answer presents part of the solution. Choose two.)

A.
Create a zone delegation record in the contoso.com zone.

B.
Create a zone delegation record in the eu.contoso.com zone.

C.
Create an Active Directory-integrated zone for _msdcs.contoso.com.

D.
Create a secondary zone named _msdcs.contoso.com in eu.contoso.com.

Explanation:
http://technet.microsoft.com/en-us/library/cc753500.aspx
Create a Zone Delegation
You can divide your Domain Name System (DNS) namespace into one or more zones. You can delegate
management of part of your namespace to another location or department in your organization by delegating
the management of the corresponding zone.
When you delegate a zone, remember that for each new zone that you create, you will need delegation records
in other zones that point to the authoritative DNS servers for the new zone. This is necessary both totransfer
authority and to provide correct referral to other DNS servers and clients of the new servers that arebeing
made authoritative for the new zone.
http://blogs.chrisse.se/2011/04/10/are-you-storing-your-ad-integrated-dns-zones-in-the-dns-applicationpartitions-ncs/
Are you storing your AD-Integrated DNS Zones in theDNS Application Partitions (NCs)?
1. Background
Overview
A partition is a data structure within Active Directory used to distinguish data for different replication purposes.
Every domain controller contains the following three directory partitions: configuration, schema, and domain. A
directory partition is also called the “naming context”. Domain controllers in the same forest but in different
domains share the same configuration and schema data, but they do not share the same domain data.
..
Every object created in the domain naming context, which includes DNS zones and nodes (DNS names, e.g.,
microsoft.com), are replicated to all the GC’s in the domain.
By using application directory partitions to store the DNS data, essentially all DNS objects are removed from the
GC. This is a significant reduction in the number of objects that are normally stored in the GC
..
Additionally, an application directory partition that is replicated to all DNS servers in the forest can be used for
zones like _msdcs.<forestname> which should be visible to the entire forest.
This is ideal because all DC’s register their DsaGuid CNAME resource record in the _msdcs.<forestname>
zone.
…
http://standalonelabs.wordpress.com/2011/05/08/what-is-the-_msdcs-subdomain/
What is the _msdcs Subdomain?
Some of the materials I have read on Active Directory and DNS I feel have not done a clear job explaining
exactly what the _msdcs subdomain is and how it is used in an Active Directory forest.
The following is my explanation which I hope makes some sense out of the issue.
_msdcs and Domain Controller Location
First, all domains in an Active Directory forest have a subdomain beneath them called _msdcs. To illustrate, if I
create a domain called parent.local and a child domain called child.parent.local, those domains will each
contain a subdomain: _msdcs.parent.local and _msdcs.child.parent.local respectively. You can see the _msdcs
subdomain of a domain in my Active Directory forestbelow:

This subdomain is reserved for the registration of DNS records for Microsoft specific services. For example,
when looking for a domain controller, a client willneed to query a LDAP service record. Microsoft is not the only
software company who makes directory services software using the LDAP protocol. As such, there needs to be
a way for a client to specifically request a Microsoft LDAP server (in other words a domain controller). Because
the _msdcs domain is reserved specifically for Microsoft, clients can safely query this domain for LDAP service
records and know they will be receiving the record for a Microsoft domain controller.
Take a closer look at the _msdcs subdomain. You’ll see it actually has several subdomains of its own.

One of these subdomains is the “dc” domain. The dc._msdcs domain contains two other subdomains called
“_sites” and “_tcp.”
When a client is querying DNS for a domain controller, if the client does not know what site it belongs to, it will
request a _ldap service record from the _tcp.dc._msdcs.domain.tld zone.
If the client does know what site it belongs to, itcan query for a _ldap record in the subdomain for that site. For
example, _tcp.Default-First-Site-Name._sites.dc._msdcs.child.parent.local using the example pictured above.
_msdcs Subdomain of the Forest Root Domain
The _msdcs subdomain of the forest’s root domain isa little special.
First, if you look at the records registered in theroot of the zone, you may see several CNAME (or alias)
records. There is a CNAME record for each domain controller in the forest and this record maps the GUID of
the domain controller to the fully-qualified domainname of the domain controller. These records are used by
Active Directory for replication purposes. All writable domain controllers must register a record in this zone for
proper replication.

Now, take a look at the _msdcs domain under the forest root domain in the DNS Server Manager. Notice how it
is depicted as a gray icon.

This signifies _msdcs is a delegated domain. Recallthat delegations are used to specify the IP address of
another DNS server that will host the zone. In the case of the _msdcs domain, the delegation does not actually
specify a different DNS server, but instead points to the local server as you can see from the properties of the
delegation in the screen shot below:

So, what is the point of delegating this subdomain to the same server? Well, essentially by specifyingthe
_msdcs domain as a delegation, you remove it from the parent zone on the DNS server allowing you to create
an independent _msdcs zone. The screen shot below highlights this _msdcs zone:

Because this is now a separate zone, it is possibleto change it’s replication scope. By default, the replication
scope is set to all DNS servers in the forest.

In contrast, the parent domain’s replication scope is set to only the DNS servers in the domain by default.
Now, the _msdcs subdomain of the forest root has its own subdomain underneath it called “dc,” like we looked
at earlier, where DCs for the domain register theirservice records. But, because the _msdcs subdomainof the
forest root domain is replicated to all DNS serversin the forest, it also make the perfect place for services that
are needed throughout the forest to register their DNS records as well. For example, say the global catalog.
Looking at the subdomains in the _msdcs domain, you’ll see in addition to the “dc” domain, there is a
subdomain called “domains” and another subdomain called “gc.”

The domains._msdcs domain contains subdomains corresponding to all domains in the forest (labeled by the
domain’s GUID). In these subdomains are service records for the DCs in those domains.
The gc._msdcs domain contains two subdomains of itsown called “_sites” and “_tcp.” These function thesame
way as the “_sites” and “_tcp” subdomains in the dc._msdcs domain function. When a client needs to find a
global catalog in the forest, it can query for an _ldap record in the _tcp.gc._msdcs.forestroot.tld zone if it does
not know what site it is in or it can query for a global catalog in a specific site by requesting an _ldap record in
the _tcp.SiteName._sites.gc._msdcs.forestroot.tld zone.
I also want to make it clear, that because the _msdcs subdomain of the forest root is replicated to all DNS
servers in the forest, this means every DNS server is authoritative for the _msdcs.forestroot.tld zone.
That concludes this look at the _msdcs domain. I hope this description was helpful.