Solved

Remove a broken delagated domain

Posted on 2011-02-15
20
951 Views
Last Modified: 2012-06-27
When running Dcdiag.exe /test:DNS /DnsDelegation I get an error broken delagated domain referencing a dns name space I created.  how do I get rid of that delagation?
0
Comment
Question by:dmwynne
  • 11
  • 8
20 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34900459
Try to connect to ForestDNSZones or DomainDNSZones using ADSI Editor (depends on DNS zone replication scope) and try to remove that orphaned DNS zone.

How to connect to thi naming contexts:

Look for
For Option 1: [ForestDNSZones]
For Option 2: [DomainDNSZones]
in this MS article at
http://support.microsoft.com/kb/867464

Before you will do that, do your DC's System State Backup and be careful

Regards,
Krzysztof
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34901074

The delegation will exist as a greyed-out folder in MS DNS within an existing zone.

It's less likely to be an orphaned object in AD, that wouldn't present as a broken delegation.

Chris
0
 
LVL 14

Author Comment

by:dmwynne
ID: 34901126
I had that folder and I deleted it.
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 
LVL 14

Author Comment

by:dmwynne
ID: 34901226
I should say I had that folder before I posted this and already have deleted it.

When I loaded the forestdnszones in adsiedit I do see an entry DC=..in progress + a string of numbers and then the dns zone.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34901269

It's likely to be a tombstoned entry, dcdiag shouldn't be able to find that.

Chris
0
 
LVL 14

Author Comment

by:dmwynne
ID: 34901685
I removed the new domain folder I had created under my primary ad integrated dns zone and not dcdiag runs fine but shouldn't I be able to create a new domain under my primary dns domain and then add records to it.  when I tried I got  a message stating that this server is not authoritative for the domain.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34901936

Hmm exactly what are you adding in relation to the current zone? Just "New Domain" (to create a delegation)?

Did you create the child zone separately first?

One more question, 2008 or 2008 R2? The DNS console has made itself progressively "helpful" between versions, in some cases to the extent that it's counter productive.

Chris
0
 
LVL 14

Author Comment

by:dmwynne
ID: 34902045
2008 R2.  You are going to be sorry you asked what am I trying to do.

I have my main domain say widgets.com.  I have the need to create a dns namespace called widgetstest.widgetscom.  This is just a dns namespace/zone not an actual windows domain.  In that zone I need a wildcard record *.widgetstest.widgets.com.  the machine that the wildard entry will point to is actually in a windows child domain of widgets.com.

So far I have not been able to get this to work.  I have tried many ways.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34904484

Okay, that sounds fine.

You don't have to create that as a separate zone, but you can if you wish.

If you want it within the zone, you'd simply create a Host (A) record with this name:

*.widgetstest

The grey box should make that into *.widgetstest.widgets.com.

If you want it to be a zone, create a new zone called widgetstest.widget.com, then add a Host (A) record for * and the appropriate IP. You may find that step creates the delegation for you, you'd only need alter that if you have more name servers for the new zone.

Chris
0
 
LVL 14

Author Comment

by:dmwynne
ID: 34909381
I created as you stated but the name does not resolve, cannot ping and nslookup from the DC/DNS server gives non-existent domain.
0
 
LVL 14

Author Comment

by:dmwynne
ID: 34909544
Also I added a primary no AD integrated zone.  Added a cname wildcard record and also another cname record.  The wildcard does not work the other cname does.  This is from the DC/DNS server.
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 34909644

You can't wildcard a CNAME, it must be an A record.

That is, you can do this:

*.widgetstest.widget.com.   Host (A)   1.2.3.4

And "anything.widgetstest.widget.com" will resolve to 1.2.3.4. But you can't use a CNAME with the wildcard it won't process it.

Chris
0
 
LVL 14

Author Comment

by:dmwynne
ID: 34909885
OK I added it as an A record and still cannot ping it.

On a side note in my sub-domain I do have a wildcard setup as a cname and it works.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34909936

Can you screen-shot your new zone at all?

Chris
0
 
LVL 14

Author Comment

by:dmwynne
ID: 34910154
I can't post online but could email it to you.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34910544
It's not ideal, but I can't see it being much more than a tiny little error, DNS just isn't that deep most of the time.

My e-mail address is in my profile (in a slightly abstract format), if I find anything in it I'll be sure to document everything here with obscured names.

Chris
0
 
LVL 14

Author Comment

by:dmwynne
ID: 34917121
OK, I managed to get what I needed working to work.  I will post details later.  Thanks for help.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34917146

And I'd forgotten I was supposed to reply. I'd be keen to hear what it was since the screenshot you set had everything looking right.

Chris
0
 
LVL 14

Author Comment

by:dmwynne
ID: 34929565
I ended up creating a delagation from the parent domain to the child domain.  I then created a primary non active directory integrated zone in the child domain.  On the parent domain contrller/dns server you can see the greyed folder for the zone that was delagated.

I added an A record for the host I wanted the wildcard to point to but I left the host blank.  I added another A record for *.childdomain.domain and pointed that to the same host.

Not sure why that worked.
0
 
LVL 14

Author Closing Comment

by:dmwynne
ID: 34929588
This helped me and I also put the full solution under my comment.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
RRAS AND DNS 15 46
changing harddisk on computer in corporate 10 46
Nimble Storage 3 69
Additional DC vs Child Domain 12 23
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question