Forum Discussion

N1ckBurns's avatar
N1ckBurns
Copper Contributor
Apr 01, 2022

DNS Zone Errors - Active Directory Zone was not found/is not available

I have a client that I am trying to clean up and straighten out their DNS.  Running the DCdiag DNS test and BPA on each server brings up a number of errors, and I am at my wit’s end trying to resolve them.  DNS seems to be functioning correctly for the time being, but I want to resolve any issues ahead of my next project.

  • The primary DNS Zone is called “domain.com”
  • “domain.com” is a parent domain with 2 child domains – “child1.domain.com” and “child2.domain.com”
  • All domains are contained in the Forest “domain.com” with 2-ways trusts
  • There are 8 total DCs/DNS servers – 3 “domain.com”, 3 “child1.domain.com” and 2 “child2.domain.com”
  • DNS Zones are Active Directory Integrated (though I am skeptical for the child domains)
  • Replication is set to ALL DNS servers in this Forest
  • There are no conditional forwarders configured

 

Best Practices Analyzer Results

  • Error DNS:  The DNS Server <IPaddressOfClientDNS> on <primaryNIC> must resolve names in the primary DNS domain zone (error occurs for each DNS Server configured on the NIC).
  • Error DNS:  Zone <child1 or child2>.domain.com is an Active Directory integrated DNS Zone and must be available.

There are no BPA errors on the 3 parent “domain.com” servers, only the “child1” and “child2” servers.

Each DC/DNS server has a single NIC, single IP address.  The client DNS servers are pointed at opposing DC/DNS servers within the same domain and the loopback is configured as a third option.

 

DCDiag DNS Test Results

  • The SOA record for the Active Directory zone was not found (shows on all “child1” and “child2” DCs)
  • Warning: The Active Directory zone on this DC/DNS server was not found (probably a misconfiguration)  (shows on all “child1” and “child2” DCs)
  • Root zone on this DC/DNS server was not found (shows on all 8 DCs)

 

I am including a screen grab of the DNS tree structure.  I think the problems are related to the organizational structure and/or delegation, but this is over my head now.

  • Note that “domain.com” shows a “zone” folder icon.  “child1” and “child2” are nested inside “domain.com” and have a standard folder icon.

Also note the delegated “_msdcs” folder under “domain.com” – contains 3 NS records for the “domain.com” DCs.  The “_msdcs” folders under the child domains are not delegated and contain no NS records – only a “dc” and “pdc” folder. 

 

  • I have a customer with a same setup like you have, the child domains do not have a NS record in them too and all Domain Controllers of every domain is mentioned as the Name Server in the parent domain. (The SOA record is also there)

    Do you have all Domain Controllers present with a Name Server (NS) record in the parent domain? (And in the Name Servers tab of the parent domain properties of course)

Resources