none
Internal top level AD domain is corp.company.com, how do we now add company.com zone to achieve split brain DNS? RRS feed

  • Question

  • When "parent" domain name is external DNS (company.com), and "child" domain is internal AD (corp.company.com) with real DCs and all that jazz - What is best method to add the external company.com zone to internal AD DNS? Can't simply create parent zone and delegate child because of error that child already exists. Two DCs, DNS installed on both, AD-integrated. One AD domain (corp), no children.

    Thanks,

    Joan

    Tuesday, April 11, 2017 6:03 PM

All replies

  • That does not work. Same result: child zone gets created under it and can't be delegated. Delegation is not related to AD integrated.
    Tuesday, April 11, 2017 6:41 PM
  • What is the event id, can you please refer here. From there we can find out the root cause.

    This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing! http://sesaitech.blogspot.in/

    Tuesday, April 11, 2017 6:45 PM
  • No event id. The message upon attempting to delegate child zone (after clicking Finish) is "A DNS domain or delegation by this name already exists. To change an existing delegation, right click on the delegation and select properties. To change a DNS domain into a delegation, delete the domain and then create the delegation."

    This is a known. My issue is that the child is our top-level (parent) AD domain. In fact, it is our only AD domain. So if I delete child domain zone, I am deleting the ONLY DNS zone that has the AD records.

    I'm wondering if the solution is indeed to delete the child zone, wait for deletion to replicate to the second DC, then delegate the child, then recreate the child zone and the AD DNS records for it as described here: http://www.bhcblog.com/2009/04/23/fixing-active-directory-dns-_msdcs-_sites-_tcp-_udp/

    OR, is there a less destructive way?

    Joan

    Tuesday, April 11, 2017 7:14 PM
  • Hi,

     Do nslookup of top level and child domain results and find what are all the records need to check upon in order to fix this.


    This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing! http://sesaitech.blogspot.in/

    Tuesday, April 11, 2017 7:18 PM
  • NMKselvaraj, thank you for trying to help but you do not understand my question.

    Joan

    Tuesday, April 11, 2017 7:29 PM
  • NMKselvaraj, I figured out my issue. I realized that the message "To change a DNS domain into a delegation, delete the domain and then create the delegation" meant the corp subfolder under the company.com zone, not the actual top-level child zone corp.company.com that has all the domain records and the _msdcs delegated folder created when AD installed.

    I deleted the corp subfolder under the company.com zone and was able to finish the delegation wizard without error. dcdiag /test:dns on both DCs (after waiting for replication) passed.

    Joan

     
    • Proposed as answer by John Lii Monday, April 24, 2017 6:39 AM
    Tuesday, April 11, 2017 8:33 PM
  • Awesome, finally you have fixed. :)

    This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing! http://sesaitech.blogspot.in/

    Tuesday, April 11, 2017 8:55 PM
  • Hi,

    Just want to confirm the current situations.

    Please feel free to let us know if you need further assistance.

    Best Regards,

    John


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, April 24, 2017 6:38 AM
  • John, all good. I was confused about DNS delegation message and thinking too literally. In case others are confused or literal thinkers like me:

    If corp.company.com domain already exists, leave it alone. Don't touch it. Add the company.com zone. When company.com zone is created, a "corp" subfolder under company.com also gets created. Delete that subfolder. Then right click company.com and click Delegate. You will now be able to specify corp for the delegated domain without error and the subsequently created subfolder will be gray.

    Joan

     
    Monday, April 24, 2017 3:47 PM
  • Hi Joan,

    >>You will now be able to specify corp for the delegated domain without error and the subsequently created subfolder will be gray.

    You are correct.

    And when client query FQDN from corp.company.com, DNS server will forward query request.

    Best Regards

    John


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Alvwan Sunday, May 7, 2017 1:48 PM
    Tuesday, April 25, 2017 5:19 AM