Solved

Remove a broken delagated domain

Posted on 2011-02-15
20
949 Views
Last Modified: 2012-06-27
When running Dcdiag.exe /test:DNS /DnsDelegation I get an error broken delagated domain referencing a dns name space I created.  how do I get rid of that delagation?
0
Comment
Question by:dmwynne
  • 11
  • 8
20 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34900459
Try to connect to ForestDNSZones or DomainDNSZones using ADSI Editor (depends on DNS zone replication scope) and try to remove that orphaned DNS zone.

How to connect to thi naming contexts:

Look for
For Option 1: [ForestDNSZones]
For Option 2: [DomainDNSZones]
in this MS article at
http://support.microsoft.com/kb/867464

Before you will do that, do your DC's System State Backup and be careful

Regards,
Krzysztof
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34901074

The delegation will exist as a greyed-out folder in MS DNS within an existing zone.

It's less likely to be an orphaned object in AD, that wouldn't present as a broken delegation.

Chris
0
 
LVL 14

Author Comment

by:dmwynne
ID: 34901126
I had that folder and I deleted it.
0
 
LVL 14

Author Comment

by:dmwynne
ID: 34901226
I should say I had that folder before I posted this and already have deleted it.

When I loaded the forestdnszones in adsiedit I do see an entry DC=..in progress + a string of numbers and then the dns zone.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34901269

It's likely to be a tombstoned entry, dcdiag shouldn't be able to find that.

Chris
0
 
LVL 14

Author Comment

by:dmwynne
ID: 34901685
I removed the new domain folder I had created under my primary ad integrated dns zone and not dcdiag runs fine but shouldn't I be able to create a new domain under my primary dns domain and then add records to it.  when I tried I got  a message stating that this server is not authoritative for the domain.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34901936

Hmm exactly what are you adding in relation to the current zone? Just "New Domain" (to create a delegation)?

Did you create the child zone separately first?

One more question, 2008 or 2008 R2? The DNS console has made itself progressively "helpful" between versions, in some cases to the extent that it's counter productive.

Chris
0
 
LVL 14

Author Comment

by:dmwynne
ID: 34902045
2008 R2.  You are going to be sorry you asked what am I trying to do.

I have my main domain say widgets.com.  I have the need to create a dns namespace called widgetstest.widgetscom.  This is just a dns namespace/zone not an actual windows domain.  In that zone I need a wildcard record *.widgetstest.widgets.com.  the machine that the wildard entry will point to is actually in a windows child domain of widgets.com.

So far I have not been able to get this to work.  I have tried many ways.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34904484

Okay, that sounds fine.

You don't have to create that as a separate zone, but you can if you wish.

If you want it within the zone, you'd simply create a Host (A) record with this name:

*.widgetstest

The grey box should make that into *.widgetstest.widgets.com.

If you want it to be a zone, create a new zone called widgetstest.widget.com, then add a Host (A) record for * and the appropriate IP. You may find that step creates the delegation for you, you'd only need alter that if you have more name servers for the new zone.

Chris
0
 
LVL 14

Author Comment

by:dmwynne
ID: 34909381
I created as you stated but the name does not resolve, cannot ping and nslookup from the DC/DNS server gives non-existent domain.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 14

Author Comment

by:dmwynne
ID: 34909544
Also I added a primary no AD integrated zone.  Added a cname wildcard record and also another cname record.  The wildcard does not work the other cname does.  This is from the DC/DNS server.
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 34909644

You can't wildcard a CNAME, it must be an A record.

That is, you can do this:

*.widgetstest.widget.com.   Host (A)   1.2.3.4

And "anything.widgetstest.widget.com" will resolve to 1.2.3.4. But you can't use a CNAME with the wildcard it won't process it.

Chris
0
 
LVL 14

Author Comment

by:dmwynne
ID: 34909885
OK I added it as an A record and still cannot ping it.

On a side note in my sub-domain I do have a wildcard setup as a cname and it works.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34909936

Can you screen-shot your new zone at all?

Chris
0
 
LVL 14

Author Comment

by:dmwynne
ID: 34910154
I can't post online but could email it to you.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34910544
It's not ideal, but I can't see it being much more than a tiny little error, DNS just isn't that deep most of the time.

My e-mail address is in my profile (in a slightly abstract format), if I find anything in it I'll be sure to document everything here with obscured names.

Chris
0
 
LVL 14

Author Comment

by:dmwynne
ID: 34917121
OK, I managed to get what I needed working to work.  I will post details later.  Thanks for help.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34917146

And I'd forgotten I was supposed to reply. I'd be keen to hear what it was since the screenshot you set had everything looking right.

Chris
0
 
LVL 14

Author Comment

by:dmwynne
ID: 34929565
I ended up creating a delagation from the parent domain to the child domain.  I then created a primary non active directory integrated zone in the child domain.  On the parent domain contrller/dns server you can see the greyed folder for the zone that was delagated.

I added an A record for the host I wanted the wildcard to point to but I left the host blank.  I added another A record for *.childdomain.domain and pointed that to the same host.

Not sure why that worked.
0
 
LVL 14

Author Closing Comment

by:dmwynne
ID: 34929588
This helped me and I also put the full solution under my comment.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now