DNS Delegation Error

Chris Currell
Chris Currell used Ask the Experts™
I have an SBS 2011 server I am trying to retire. In preparation of this job I have been running some DNS checks, I seem to have a DNS Delegation issue and have no idea how to correct this. We have two domain controllers, wmkl-sbs and DC1.

Here is the specific error I am seeing. I have also attached a bunch a zip file that contains a bunch of text file from other tests and information that I think might be helpfulDNS-Tests.zip in finding a answer to this.

 TEST: Delegations (Del)
                  Delegation information for the zone: WMKL.local.
                     Delegated domain name: _msdcs.WMKL.local.
                        DNS server: dc1.wmkl.local. IP: [Valid]
                        DNS server: wmkl-sbs. IP: [Valid]
                     Delegated domain name: wmkl.local.WMKL.local.
                        Warning: Delegation of DNS server dc1.wmkl.local. is broken on IP:
                        Error: DNS server: dc1.wmkl.local. IP:
                        [Broken delegation]
                        Error: DNS server: sbs.wmkl.local. IP:
                        [Missing glue A record]
                        Warning: Delegation of DNS server wmkl-sbs.wmkl.local. is broken on IP:
                        Error: DNS server: wmkl-sbs.wmkl.local. IP:
                        [Broken delegation]

Thank you for your time and help
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
nociSoftware Engineer
Distinguished Expert 2018

Every DNS domains starts with a SOA (Start of Authority] RR. (Resource Record).
And has a few NS records associated with it.

The NS records point to the DNS servers that are the servers for this domain.

The main cause of the problem is reveled by this name:  wmkl.local.WMKL.local.
There is a domain name with wmkl.local (lowercase) WITHOUT the terminating .
(That causes the parent domain to be tacked onto the name hence the name wmkl.local.WMKL.local.)

Presumably the other records for this domain is missing.   ( btw: convention in DNS is to use Lowercase only, the DNS name system is case agnostic so:
BLABLA == blabla == BlaBla = BlAbLa etc....
Top Expert 2014
Check in your forward lookup zone for WMKL.local whether you have a delegation for wmkl.local (looks like a grayed-out icon).  If so, you can delete it (it shouldn't be there).

Regarding some config that I observed.
It appears that you have configured as a forwarder on WMKL-SBS.WMKL.local - that will just cause slowdowns in name resolution unless WMKL-SBS.WMKL.local is configured with zones that aren't represent on dc1.wmkl.local.
Having 4 forwarders is excessive I think.  Use a DNS benchmark utility (like https://www.grc.com/dns/benchmark.htm?data1=v1v2v2v2) to test different ones and pick a couple that are at or near the fastest (modify the testing list to include the ones you already have configured as forwarders and see how well they perform in the comparison as well).

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial