> Shouldn't it list other DCs for this child domain?
Yes. What do you get if you run ‘dnscmd.exe rootDC#5.rootdomain.com
/enumrecords rootdomain.com. childdomain.rootdomain.com. /glue’ ? Is there any
difference if you target rootDC#4 or rootDC#6?
For reference, ours looks like:
D:\Temp>dnscmd.exe rootDC1.foo.bar. /enumrecords foo.bar. child.foo.bar. /glue
Returned records:
@ 0 NS childDC1.child.foo.bar.
0 NS childDC2.child.foo.bar.
0 NS childDC2.child.foo.bar.
childDC1 3600 A 10.1.1.1
childDC2 3600 A 10.1.1.2
childDC3 3600 A 10.1.1.3
Command completed successfully.
From: [email protected] [mailto:[email protected]] On
Behalf Of Michael Leone
Sent: Tuesday, February 2, 2016 1:41 PM
To: [email protected]
Subject: [NTSysADM] Re: Missing DNS Glue records
On the root domain.
I go into DNS. I go to the root domain.Inside of there is an entry for the
child domain. If I click on it, it shows
(same as parent folder) NS Root-DC-#5
(the one where the DNS tests list as having broken delegation)
And that's all it says. That can't be right, can it? I need something else
here, but I dunno what. In Properties, I see a section for "Name Servers", and
it lists just this one DC. Shouldn't it list other DCs for this child domain?
On Tue, Feb 2, 2016 at 3:16 PM, Michael Leone
<[email protected]<mailto:[email protected]>> wrote:
From the looks of it, the child domain seems fine, replicating among
itself. it's the interaction with the root domain that seems all
screwed up.
There are 3 root DCs in this site.
dcdiag says:
The DNS tests say that all tests pass on 2 of them (#4 and #6); but
DNS delegation is broken on #5 ...
On Tue, Feb 2, 2016 at 2:37 PM, Michael Leone
<[email protected]<mailto:[email protected]>> wrote:
> SO I apparently have a big problem. We run a parent-child domain
> structure here. And today I noticed that I was having replication
> failures between the DCs in the root domain and some of the DCs in the
> child domain.
>
> I do dnslint on the DC in the child domain, all is fine. I do dnslint
> on the DC in the root domain, and I get errors. Specifically, missing
> glue records for all 6 DCs in the child domain.
>
> I don't know how they could have disappeared. I know we demoted a DC
> in the child domain a couple weeks ago, but that was a graceful
> demotion, and showed no errors. Nothing was done in the root domain
> (we actually haven't done anything manual to it in years). But
> something screwed up royally, obviously.
>
> And I'm not sure where to go here. I get that I need to create A
> records in my DNS (dunno how they disappeared), but I don't know how
> to do that, since they are for the DCs in the child domain.
>
> And this has to be done at the root domain level, unless I am totally
> mis-understanding.
>
> Any help greatly appreciated. Apparently replication has been screwed
> up for 12 or 13 days now.
