Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Remove a broken delagated domain

Posted on 2011-02-15
20
Medium Priority
?
958 Views
Last Modified: 2012-06-27
When running Dcdiag.exe /test:DNS /DnsDelegation I get an error broken delagated domain referencing a dns name space I created.  how do I get rid of that delagation?
0
Comment
Question by:dmwynne
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 8
20 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34900459
Try to connect to ForestDNSZones or DomainDNSZones using ADSI Editor (depends on DNS zone replication scope) and try to remove that orphaned DNS zone.

How to connect to thi naming contexts:

Look for
For Option 1: [ForestDNSZones]
For Option 2: [DomainDNSZones]
in this MS article at
http://support.microsoft.com/kb/867464

Before you will do that, do your DC's System State Backup and be careful

Regards,
Krzysztof
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34901074

The delegation will exist as a greyed-out folder in MS DNS within an existing zone.

It's less likely to be an orphaned object in AD, that wouldn't present as a broken delegation.

Chris
0
 
LVL 14

Author Comment

by:dmwynne
ID: 34901126
I had that folder and I deleted it.
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
LVL 14

Author Comment

by:dmwynne
ID: 34901226
I should say I had that folder before I posted this and already have deleted it.

When I loaded the forestdnszones in adsiedit I do see an entry DC=..in progress + a string of numbers and then the dns zone.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34901269

It's likely to be a tombstoned entry, dcdiag shouldn't be able to find that.

Chris
0
 
LVL 14

Author Comment

by:dmwynne
ID: 34901685
I removed the new domain folder I had created under my primary ad integrated dns zone and not dcdiag runs fine but shouldn't I be able to create a new domain under my primary dns domain and then add records to it.  when I tried I got  a message stating that this server is not authoritative for the domain.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34901936

Hmm exactly what are you adding in relation to the current zone? Just "New Domain" (to create a delegation)?

Did you create the child zone separately first?

One more question, 2008 or 2008 R2? The DNS console has made itself progressively "helpful" between versions, in some cases to the extent that it's counter productive.

Chris
0
 
LVL 14

Author Comment

by:dmwynne
ID: 34902045
2008 R2.  You are going to be sorry you asked what am I trying to do.

I have my main domain say widgets.com.  I have the need to create a dns namespace called widgetstest.widgetscom.  This is just a dns namespace/zone not an actual windows domain.  In that zone I need a wildcard record *.widgetstest.widgets.com.  the machine that the wildard entry will point to is actually in a windows child domain of widgets.com.

So far I have not been able to get this to work.  I have tried many ways.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34904484

Okay, that sounds fine.

You don't have to create that as a separate zone, but you can if you wish.

If you want it within the zone, you'd simply create a Host (A) record with this name:

*.widgetstest

The grey box should make that into *.widgetstest.widgets.com.

If you want it to be a zone, create a new zone called widgetstest.widget.com, then add a Host (A) record for * and the appropriate IP. You may find that step creates the delegation for you, you'd only need alter that if you have more name servers for the new zone.

Chris
0
 
LVL 14

Author Comment

by:dmwynne
ID: 34909381
I created as you stated but the name does not resolve, cannot ping and nslookup from the DC/DNS server gives non-existent domain.
0
 
LVL 14

Author Comment

by:dmwynne
ID: 34909544
Also I added a primary no AD integrated zone.  Added a cname wildcard record and also another cname record.  The wildcard does not work the other cname does.  This is from the DC/DNS server.
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 34909644

You can't wildcard a CNAME, it must be an A record.

That is, you can do this:

*.widgetstest.widget.com.   Host (A)   1.2.3.4

And "anything.widgetstest.widget.com" will resolve to 1.2.3.4. But you can't use a CNAME with the wildcard it won't process it.

Chris
0
 
LVL 14

Author Comment

by:dmwynne
ID: 34909885
OK I added it as an A record and still cannot ping it.

On a side note in my sub-domain I do have a wildcard setup as a cname and it works.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34909936

Can you screen-shot your new zone at all?

Chris
0
 
LVL 14

Author Comment

by:dmwynne
ID: 34910154
I can't post online but could email it to you.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34910544
It's not ideal, but I can't see it being much more than a tiny little error, DNS just isn't that deep most of the time.

My e-mail address is in my profile (in a slightly abstract format), if I find anything in it I'll be sure to document everything here with obscured names.

Chris
0
 
LVL 14

Author Comment

by:dmwynne
ID: 34917121
OK, I managed to get what I needed working to work.  I will post details later.  Thanks for help.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34917146

And I'd forgotten I was supposed to reply. I'd be keen to hear what it was since the screenshot you set had everything looking right.

Chris
0
 
LVL 14

Author Comment

by:dmwynne
ID: 34929565
I ended up creating a delagation from the parent domain to the child domain.  I then created a primary non active directory integrated zone in the child domain.  On the parent domain contrller/dns server you can see the greyed folder for the zone that was delagated.

I added an A record for the host I wanted the wildcard to point to but I left the host blank.  I added another A record for *.childdomain.domain and pointed that to the same host.

Not sure why that worked.
0
 
LVL 14

Author Closing Comment

by:dmwynne
ID: 34929588
This helped me and I also put the full solution under my comment.
0

Featured Post

Protect Your Retail Business and Reputation

Wi-Fi access doesn't just impact your business & customer experience, it can also affect your security.  Join us for an informative webinar to learn more about the top threats and trends impacting retail today, and the key solutions to protecting retail networks and reputations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question