Can you have multiple subdomain referral records in Azure DNS?

Question

Can you have multiple subdomain referral records in Azure DNS?

Cruz, Alfredo 0

I'm able to add the following example in Azure DNS:

parent zone: mycompany.ca

a.b.c.mycompany.com NS azure1.dns.co,

child zone: a.b.c.mycompany.com

There are no b.c.mycompany.com nor c.mycompany.ca zones

I'm just wondering if this is what is causing this alert:

Status: Degraded

Last update: Current DNS zone contains one or more delegation records for child DNS zone. However, this DNS zone also contains records below delegation record that should only be present in the child zone. Please remove or move the delegated records (except glue records)

I don't see A records in the parent domain that should be in the child domain.

Thanks,

Alfredo

UJTyagi-MSFT 1,095 Reputation points Microsoft Employee

2023-07-12T07:38:39.3533333+00:00
Hi Cruz, Alfredo,

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

I understand that you are facing issues with you Azure DNS Zone.

This is my understanding of your query, kindly correct me if my understanding needs clarification.

You have configured the Parent zone as mycompany.ca, Kindly confirm if zone name is mycompany.com and .ca is a typo.

You have configured a.b.c.mycompany.com as child zone, kindly note a.b.c.mycompany.com can be a child zone of mycompany.com parent zone only , and not of zone mycompany.ca.

Similarly, mycompany.ca parent zone's child zone could be a.b.c.mycompany.ca and not a.b.c.mycompany.com.

I assume your parent zone is mycompany.com and you child zone is a.b.c.mycompany.com as per the clarification given in above points. Kindly correct me if i misunderstood the problem.

As i see you don't need to add the zones b.c.mycompany.com nor c.mycompany.com zones, before making a.b.c.mycompany.com to work. As i tried in this in lab and zone was added without any degradation, i could see a delegation NS record for a.b.c under the Parent zone mycompany.com.

Kindly note while adding any record like A record - for example - xyz.a.b.c.mycompany.com - 1.2.3.4, kindly add that record under child zone a.b.c.mycompany.com as below.

Kindly avoid adding the record as xyz.a.b.c as A record under mycompany.com.

This is what looks like the error is saying - "Current DNS zone contains one or more delegation records for child DNS zone. However, this DNS zone also contains records below delegation record that should only be present in the child zone. Please remove or move the delegated records (except glue records)"

I emulated this scenario in my lab, and it was working for me as you can see only record added under child domain was resolving.

Kindly refer the below links which can be helpful.

https://learn.microsoft.com/en-us/azure/dns/tutorial-public-dns-zones-child

https://learn.microsoft.com/en-us/azure/dns/dns-domain-delegation

If the below answer addressed your query, please don’t forget to click "Accept the answer" and Up-Vote for the same,

which might be beneficial to other community members reading this thread.

And, if you have any further query do let us know.

Thanks,

Ujjawal Tyagi
GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator

2023-07-17T15:23:32.8766667+00:00

@Cruz, Alfredo , Just checking in to see if you had a chance to see the below answer. To help the community find the right answers, please do mark the post which was helpful by clicking on Accept Answer.

And, if you have any further questions do let us know.
GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator

2023-07-21T14:43:20.3866667+00:00

@Cruz, Alfredo , Just checking in to see if you had a chance to see the below answer. To help the community find the right answers, please do mark the post which was helpful by clicking on Accept Answer.

And, if you have any further questions do let us know.

1 answer

Your answer

GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator

2023-07-17T15:23:32.8766667+00:00

@Cruz, Alfredo , Just checking in to see if you had a chance to see the below answer. To help the community find the right answers, please do mark the post which was helpful by clicking on Accept Answer.

And, if you have any further questions do let us know.
GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator

2023-07-21T14:43:20.3866667+00:00

@Cruz, Alfredo , Just checking in to see if you had a chance to see the below answer. To help the community find the right answers, please do mark the post which was helpful by clicking on Accept Answer.

And, if you have any further questions do let us know.

Answer 1

Hello @Cruz, Alfredo ,

Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

I understand you received an alert for Azure DNS as following "Status: Degraded : Current DNS zone contains one or more delegation records for child DNS zone. However, this DNS zone also contains records below delegation record that should only be present in the child zone. Please remove or move the delegated records (except glue records)".

A Degraded status indicates that the resource health check has detected a delegation issue with your DNS zones. Correct the delegation configuration and wait 24 hours for the status to change to Available.

You can find more details about this issue in the below troubleshooting guide:

https://learn.microsoft.com/en-us/azure/dns/dns-troubleshoot#degraded

In the above troubleshooting guide, you can find an example of an unhealthy zone with inconsistencies that could cause the zone to be in Degraded status.

User's image

How can you fix it? - To resolve, locate and remove all records except glue records under NS delegation records in your parent zone.

What are glue records? - These are records under the delegation record, which help direct traffic to the delegated/child zones using their IP addresses and are configured as seen in the following:

User's image

How to locate unhealthy delegation records? - A script has been created to find the unhealthy delegation records in your zone. The script will report records, which are unhealthy.

Save the script located at: Find unhealthy DNS records in Azure DNS - PowerShell script sample.
Execute the script as mentioned in the script editor. Script can be edited to meet your requirements.

Kindly let us know if the above helps or you need further assistance on this issue.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Share via

Can you have multiple subdomain referral records in Azure DNS?

1 answer

Your answer