Unable to delegate subdomain for other DNS Server

FC88 1 Reputation point
2021-04-20T13:49:29.833+00:00

Hello everyone,

I have a DNS server with one domain (xyz.com), were now I am trying to delegate on a subdomain (foo.xyz.com) of that domain, to point to another DNS server to answer all queries of that subdomain.

So I setup the following:

89572-screenshot-1132.jpg

But still I am unable to query it from primary DNS server. If I query from DC directly to that DNS server, I can resolve all names of that subdomain, but through the dc.xyz.com, nothing:

89591-screenshot-1133.jpg

Note that dns.foo.xyz.com is not a Windows Server, it's a pfsense firewall unit.

Anyone knows what can be or even if there is a missing step here?

Thanks in advance!

Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,023 questions

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sunny Qi 10,906 Reputation points Microsoft Vendor
    2021-04-21T09:30:28.49+00:00

    Hi,

    Thanks for posting in Q&A platform.

    Based on provided information, I did some test in my lab, and attaching the test result for your reference.

    Windows server with AD DS and DNS role:

    FQDN: DC1.sunny.com
    IP: 192.168.0.101

    Another Windows server with DNS role:

    FQDN: newdhcp.sunny.com
    IP: 192.168.0.41

    Make sure that there is a Host Record of newdhcp in DC1

    89886-image.png

    Configure New Delegation on DC1

    89699-image.png

    89700-image.png

    Insert FQDN of the DNS server which you want it host the subdomain:

    89911-image.png

    89921-image.png

    89912-image.png

    On another DNS server (newdhcp), under forward lookup zone create a new primary zone with zone name: sub.sunny.com. And then add a host record in this zone for testing.

    89838-image.png

    Test from DC1, delegated zone can be resolved successfully

    89888-image.png

    Test from another windows machine, delegated zone can also be resolved successfully:

    89895-image.png

    Best regards,
    Sunny

    ----------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
    0 comments
  2. Sunny Qi 10,906 Reputation points Microsoft Vendor
    2021-04-21T09:40:31.897+00:00

    In your scenario, since dns.foo.xyz.com is not a Windows Server, I'm not sure is the configuration on that DNS server is same as Windows server. I would also suggest you could contact pfsense firewall unit support for further help.

    And based your provided screenshot of nslookup results, I noticed that IP of DNS server "dc.xyz.com" and DNS server "dns.foo.xyz.com" aren't in the same subnet, please make sure that these 2 DNS servers can connect each other successfully firstly.

    Regarding of windows DNS delegation, please refer to my test results for my first reply.

    Best Regards,
    Sunny

    ----------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  3. FC88 1 Reputation point
    2021-04-21T14:16:59.903+00:00

    @Sunny Qi Both dc1 and pfsense dns server, are not in the same subnet but those can communicate without issues (there is no firewall rules blocking access between those).

    Note that I've run nslookup command from the dc1 OS, to query directly the pfsense dns server.

    I didnt found yet anyone trying to made the samething. =/

    To use this feature the remote dns server needs to be "compatible" in order to query that dns server, from dns manager?

    P.S. thanks a lot for the step by step process to setup a delegate dns server!!!!!

  4. marafado88 1 Reputation point
    2021-05-05T14:31:03.11+00:00

    Hello @Sunny Qi ,

    Thank you for let me know that it was possible to add the DN name of the DNS server that way, didnt knew.

    I have recreated that delegated subdomain, and this time I add the FQDN for the pfsense DNS server IP, and now I can resolve that DNS server name, but still no luck with other devices in that network:

    From the DC OS:

    94024-image.png
    94034-image.png

    0 comments