Link to home
Create AccountLog in
Avatar of slhbsm
slhbsm

asked on

Broken AD Integrated DNS Zone

I have an existing active directory integrated DNS zone - let's call it company.com

I was trying to create a subdomain A record using dnscmd, and used the following commands

    dnscmd /zoneadd sub.company.com /DsPrimary /DP /domain
    dnscmd /recordadd sub.company.com webserver A 192.168.50.150

I realize now that this is incorrect syntax, however, I cannot delete this single subdomain. When I try to delete sub.company.com in the DNS GUI, it appears to delete, but the AD DNS servers still answer queries for the webserver.sub.company.com A record - even though it doesn't exist. I've tried a zone reload, server reboot, to no avail.

The only information I've seen about cleaning up bad records in an AD integrated zone is this from Microsoft:

    https://support.microsoft.com/en-us/kb/305967

This involves deleting the zone and adding it back in. As this zone is critical to a number of applications, and we have 7 domain controllers in 5 locations, it's a scary proposition.

Does anyone know how I can clean up the sub.company.com zone without deleting and recreating the entire company.com zone?
Avatar of footech
footech
Flag of United States of America image

I have to ask, are you sure the servers are returning this info?  Perhaps your cache just hasn't cleared.  Are you using nslookup?  Make sure you've ipconfig /flushdns on your machine.

I've done the exact steps you described above, and after deleting the zone, queries for the record come back with none found.
ASKER CERTIFIED SOLUTION
Avatar of slhbsm
slhbsm

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of h1r0
h1r0

Have you checked all of your DNS servers - the changes should be replicating. But you may want to verify.  Run a Dcdiag and post the sanitized results
Thanks for posting back what worked for you.
Avatar of slhbsm

ASKER

Worked