DNS delegation not working


B

Bill

I have two domains, parent and child, and want to delegate
the child domain as a separate DNS namespace. I've DNS
running on a DC in the child domain and the parent
domain. I've delegated the child domain in DNS from the
parent domain zone and added the DNS server of the child
domain to the delegated zone's properties NS tab. I've
also added a NS record to the parent zone's properties NS
tab. From the child domain I want to forward back to the
parent domain for resolution, which is working fine, but
when trying to resolve names of clients in the child
domain, it does not work. I read something about glue
records, one of them being an A record, but am unsure how
that is supposed to be added. I've created an A record in
the parent domain of the DNS server of the child domain,
but am not sure if that is right. Is anyone aware of
something I've done wrong or am missing?

thank you,
Bill
 
Ad

Advertisements

A

Ace Fekay [MVP]

In
Bill said:
I have two domains, parent and child, and want to delegate
the child domain as a separate DNS namespace. I've DNS
running on a DC in the child domain and the parent
domain. I've delegated the child domain in DNS from the
parent domain zone and added the DNS server of the child
domain to the delegated zone's properties NS tab.

That's all you should do...
I've
also added a NS record to the parent zone's properties NS
tab.

Not necessary. The delegation take care of all of this.
From the child domain I want to forward back to the
parent domain for resolution, which is working fine, but
when trying to resolve names of clients in the child
domain, it does not work. I read something about glue
records, one of them being an A record, but am unsure how
that is supposed to be added.

Don't need it. You would use a Stub zone with an A record, but that
feature's only available with W2k3 DNS.
I've created an A record in
the parent domain of the DNS server of the child domain,
but am not sure if that is right.

Don't need it. The delegation should work.
Is anyone aware of
something I've done wrong or am missing?

thank you,
Bill

I'm starting to think you may have performed the delegation incorrectly.
When you delegate, you rt-click on your parent zone, new delegation, then
all you type in is the child zone name prefix and not the whole zone name,
such as for child1.yourdomain.com, all you type in is 'child1' (without the
quotes) and the wizard will add the zone suffix of 'yourdomain.com'. Then
set a forwarder from the child to the parent, then set a forwarder from the
parent to the ISP.

Here's more info....
255248 - HOW TO Create a Child Domain in Active Directory and Delegate the
DNS Namespace to the Child Domain:
http://support.microsoft.com/?id=255248

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
B

Bill

something just isn't clicking. the old zone looked fine,
but I've deleted the old zone and recreated a new one. I
added only the child domain name "hbg" and the parent
domain was appended thru the wizard, but clients are still
unable to use DNS to resolve hostnames of records in the
child domain. I've also restarted the DNS server service
on both DNS servers, one in the parent and one in the
child domain. The DNS server is able to resolve names of
clients in its domain, so it is not the problem. I'm not
sure where else to look.
 
K

Kevin D. Goodknecht [MVP]

In
Bill said:
something just isn't clicking. the old zone looked fine,
but I've deleted the old zone and recreated a new one. I
added only the child domain name "hbg" and the parent
domain was appended thru the wizard, but clients are still
unable to use DNS to resolve hostnames of records in the
child domain. I've also restarted the DNS server service
on both DNS servers, one in the parent and one in the
child domain. The DNS server is able to resolve names of
clients in its domain, so it is not the problem. I'm not
sure where else to look.
Can the parent resolve the name of the child DNS server? i.e.
"dc.child.parent.com"?
If it cannot you can create a glue record on the parent for the child DNS by
creating a forward lookup zone named "dc.child.parent.com" then create one
blank host in the zone pointing to the IP of the child DNS.
 
B

Bill

that's an interesting thought...there was already a zone
there, not created by me, that had an A record for the DNS
server in the child domain. There is also an SOA record
there that points to a DNS server in the parent domain and
has a list of NS records in its properties. I've created
the blank A record pointing to the child domain and have
cleaned up some of the other records in there and am now
able to ping the fqdn of the dns server in the child
domain, but....am still unable to ping any hosts the child
domain DNS server has in its zone.

-----Original Message-----
In Bill <[email protected]> posted a question
Then Kevin replied below:
Can the parent resolve the name of the child DNS server? i.e.
"dc.child.parent.com"?
If it cannot you can create a glue record on the parent for the child DNS by
creating a forward lookup zone
named "dc.child.parent.com" then create one
 
K

Kevin D. Goodknecht [MVP]

In
Bill said:
that's an interesting thought...there was already a zone
there, not created by me, that had an A record for the DNS
server in the child domain. There is also an SOA record
there that points to a DNS server in the parent domain and
has a list of NS records in its properties. I've created
the blank A record pointing to the child domain and have
cleaned up some of the other records in there and am now
able to ping the fqdn of the dns server in the child
domain, but....am still unable to ping any hosts the child
domain DNS server has in its zone.
If the child DC is pointing to the parent for DNS, and the delegation isn't
in place it will register its records in the parent zone.
You can leave the zone intact but you have to point all clients to the
parent DCs for DNS.
Otherwise Delete the child subzone in the parent zone and create a
delegation for the child name.
You can also have the parent host the child zone, in a separate zone with
the full child name "child.parent.com" if you do this make the delegation
point to both the Child DC and the parent DC name. Then point all client to
both the child and parent DCs for DNS.
I know this can sound confusing, but if you go think about it over a cup of
coffee (not beer you won't be thinking about DNS over a beer)

Keep this in mind DNS starts at the root which is the "." you don't see in
you browser, then it goes to the top level domain (com), then the second
level domain (parent) then to the third level domain (child) when all put
together it looks like this "child.parent.com." (notice the trailing dot
after the com) if you have a "." zone you have to build DNS from there and
delegated unknown domains to other DNS server that know the "." zone. That
is what the root hints do, and is why you don't get the root hints if you
have a "." zone.
 
Ad

Advertisements

B

Bill

thx for your help, I appreciate the insight. Just to
clear it up, typically I shouldn't require the subzone for
delegation to work, it was only a suggestion to help since
my delegation isn't working? I should probably delete
that subzone to lessen the confusion and see how it works,
but the person who created it will probably bark. Thanks
again for your help and I think I will make that beer
intead of coffee.
 
A

Ace Fekay [MVP]

In
Bill said:
that's an interesting thought...there was already a zone
there, not created by me, that had an A record for the DNS
server in the child domain. There is also an SOA record
there that points to a DNS server in the parent domain and
has a list of NS records in its properties. I've created
the blank A record pointing to the child domain and have
cleaned up some of the other records in there and am now
able to ping the fqdn of the dns server in the child
domain, but....am still unable to ping any hosts the child
domain DNS server has in its zone.

After the delegation, the child zone should show up as a gray folder which
has info on the DNS servers in the child domain. Did you delete that?


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
A

Ace Fekay [MVP]

In
Bill said:
thx for your help, I appreciate the insight. Just to
clear it up, typically I shouldn't require the subzone for
delegation to work, it was only a suggestion to help since
my delegation isn't working? I should probably delete
that subzone to lessen the confusion and see how it works,
but the person who created it will probably bark. Thanks
again for your help and I think I will make that beer
intead of coffee.

Can we see a screen shot of the parent DNS zone?
You can mail it to me and Kevin. Just replace my actual first name and last
name in my email address.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
K

Kevin D. Goodknecht [MVP]

In
Bill said:
thx for your help, I appreciate the insight. Just to
clear it up, typically I shouldn't require the subzone for
delegation to work, it was only a suggestion to help since
my delegation isn't working? I should probably delete
that subzone to lessen the confusion and see how it works,
but the person who created it will probably bark. Thanks
again for your help and I think I will make that beer
intead of coffee.
Yea, me too.
A person may not have created it, the Child DC probably did.
That being said, how could you have created the delegation if there is a
subzone?
That's why the delegation isn't working, the machines using the parent DNS
can't find the zone on the child DC.

Just to make sure is the child zone named correctly on the child DNS
I think you may have incorrectly named either the zone or the delegation.
You posts are kind of confusing so it is hard to say.
 
B

Bill

There is both a delegated zone (grayish) and a subzone of
the parent, both with the same name, child1.domainname.com
I deleted the original delegated zone and recreated it.
The subzone currently exists as well, and I was wandering
if its existence is interfering with the delegated zone
ability to work.
 
Ad

Advertisements

K

Kevin D. Goodknecht [MVP]

In
Bill said:
There is both a delegated zone (grayish) and a subzone of
the parent, both with the same name, child1.domainname.com
I deleted the original delegated zone and recreated it.
The subzone currently exists as well, and I was wandering
if its existence is interfering with the delegated zone
ability to work.

Delete the subzone then the delegation will work.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top