Announcement

Collapse
No announcement yet.

DCDIAG DNS test - Broken Delegations

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • DCDIAG DNS test - Broken Delegations

    Hi,

    Forgive me if this is a repeat post but Iíve searched and only found three articles on Broken Delegations, Mr Google is not proving to be helpful although I suspect this is also down to my phraseology.

    Scenario; there are 4 UK sites running 2008 R2 and 14 remote offices throughout the globe running Svr 2003 SP1.
    UK is replicating nicely, next step is to install a second 2008 R2 DC on each site one by one - retiring the old 2003 before hand.

    This has worked on a few sites but this is the second time weíve seen this 'mydomin.com.mydomain.com' and broken delegation errors, the first time I removed and re-installed the DNS role which resolved the error although that didnít fix the issue this time!

    I know this is related to DNS although itís integrated and simply copied when building a new DC

    Working on the offending DC in Korea;

    3 DNS servers configured on the Server NIC
    X.4.0.23 UK
    X.7.3.10 Itself (Korea)
    X.20.1.7 UK

    Sites and Services shows the DC and its automatically generated replication partner. other tests pass bar Replication Latency Check which I suspect is down to a removed DC not replicating all its info back to the UK.

    DC01 + DC02 = 2003 server
    DC10 + DC11 = 2008 R2 server
    ===============================================

    TEST: Delegations (Del)
    Delegation information for the zone: mydomain.com.
    Delegated domain name: mydomain.com.mydomain.com.
    Warning: Delegation of DNS server chn-bei-dc01.mydomain.com. is broken on IP:X.7.1.3
    Error: DNS server: chn-bei-dc01.mydomain.com.

    IP:X.7.1.3 [Broken delegation]
    Warning: Delegation of DNS server uk-flt-dc10.mydomain.com. is broken on IP:X.4.0.23
    Warning: Delegation of DNS server uk-flt-dc10.mydomain.com. is broken on IP:3000::1:95b5:38cb:836:6eb7
    Error: DNS server: uk-flt-dc10.mydomain.com.

    IP:3000::1:95b5:38cb:836:6eb7 [Broken delegation]

    Warning: Delegation of DNS server uk-flt-dc11.mydomain.com. is broken on IP:X.4.0.24
    Warning: Delegation of DNS server uk-flt-dc11.mydomain.com. is broken on IP:3000::1:b83d:3ee0:fc4a:822c
    Error: DNS server: uk-flt-dc11.mydomain.com.

    IP:3000::1:b83d:3ee0:fc4a:822c [Broken delegation]
    Warning: Delegation of DNS server uk-slo-dc10.mydomain.com. is broken on IP:172.20.1.7
    Error: DNS server: uk-slo-dc10.mydomain.com.

    IP:172.20.1.7 [Broken delegation]

    TEST: Dynamic update (Dyn)
    Test record dcdiag-test-record added successfully in zone mydomain.com
    Warning: Failed to delete the test record dcdiag-test-record in zone mydomain.com
    [Error details: 9505 (Type: Win32 - Description: Unsecured DNS packet.)]

    TEST: Records registration (RReg)
    Network Adapter

    [00000007] Intel(R) PRO/1000 MT Network Connection:

    Matching CNAME record found at DNS server X.4.0.23:
    4a6c0cc8-4a4f-4232-a07e-574fcc52b45a._msdcs.mydomain.com

    Matching A record found at DNS server X.4.0.23:
    KOR-SOU-DC11.mydomain.com

    Matching SRV record found at DNS server X.4.0.23:
    _ldap._tcp.mydomain.com

    Matching SRV record found at DNS server X.4.0.23:
    _ldap._tcp.8be67c74-4af3-4eae-9b8c-c3dc49fb9ec1.domains._msdcs.mydomain.com

    Matching SRV record found at DNS server X.4.0.23:
    _kerberos._tcp.dc._msdcs.mydomain.com

    Matching SRV record found at DNS server X.4.0.23:
    _ldap._tcp.dc._msdcs.mydomain.com

    Matching SRV record found at DNS server X.4.0.23:
    _kerberos._tcp.mydomain.com

    Matching SRV record found at DNS server X.4.0.23:
    _kerberos._udp.mydomain.com

    Matching SRV record found at DNS server X.4.0.23:
    _kpasswd._tcp.mydomain.com

    Matching SRV record found at DNS server X.4.0.23:
    _ldap._tcp.Korea-X-7-3._sites.mydomain.com

    Matching SRV record found at DNS server X.4.0.23:
    _kerberos._tcp.Korea-X-7-3._sites.dc._msdcs.mydomain.com

    Matching SRV record found at DNS server X.4.0.23:
    _ldap._tcp.Korea-X-7-3._sites.dc._msdcs.mydomain.com

    Matching SRV record found at DNS server X.4.0.23:
    _kerberos._tcp.Korea-X-7-3._sites.mydomain.com

    Matching SRV record found at DNS server X.4.0.23:
    _ldap._tcp.gc._msdcs.mydomain.com

    Matching A record found at DNS server X.4.0.23:
    gc._msdcs.mydomain.com

    Matching SRV record found at DNS server X.4.0.23:
    _gc._tcp.Korea-X-7-3._sites.mydomain.com

    Matching SRV record found at DNS server X.4.0.23:
    _ldap._tcp.Korea-X-7-3._sites.gc._msdcs.mydomain.com

    Same records as above for the Servers X.7.3.10 + X.20.1.7

    Summary of test results for DNS servers used by the above domain

    controllers:
    DNS server: X.1.1.102 (us-chi-dc02.mydomain.com.)

    1 test failure on this DNS server

    DNS delegation for the domain mydomain.com.mydomain.com. is broken on IP X.1.1.102

    [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

    DNS server: X.16.0.10 (uk-bur-dc10.mydomain.com.)

    1 test failure on this DNS server

    DNS delegation for the domain mydomain.com.mydomain.com. is broken on IP X.16.0.10

    [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]

    there are more servers
    ===============================================

    Iím sure this is a DNS configuration issue and Iím missing a pointer or record of some sort?

    When I scan the DNS role I see a lot of Root Hint errors concerning IPv6
    IPv6 has been unchecked in the Network Settings and in DNS console.

    Any help advice is appreciatedÖ

    Many thanks
Working...
X