Is This DNS Configuration Normal or a Mistake?

By
Anthony Fisher
-
0
8
Asked By TechNinja42 On

I stumbled upon something unusual in our internal Active Directory-integrated DNS zone and I'm trying to determine if it's normal or if it was likely set up incorrectly. In the zone 'example.local', we have the standard apex NS records, which point to our domain controllers:
- @ -> dc-a.example.local
- @ -> dc-b.example.local
- @ -> dc-c.example.local

However, there are also extra NS records where the hostname matches the zone name:
- example.local -> dc-a.example.local
- example.local -> dc-b.example.local
- example.local -> dc-c.example.local

These records are nested under DN 'DC=example.local,DC=example.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=example,DC=local'. Running 'dcdiag /test:dns' flags this as a broken delegated domain called 'example.local.example.local'.
I'm wondering if anyone's encountered something like this auto-generating for a legitimate cause, such as having the same AD domain name and DNS name, or due to tools like Umbrella, DNS forwarding, or migration processes? Or could this have been an error from someone manually creating NS records incorrectly?

3 Answers

Answered By ADGuru_2010 On

I can relate! It sounds like you've encountered typical typos. I suggest using PowerShell commands to uncover those records, especially if they’re hard to spot in the console. Once you’ve identified them, you should be safe to delete those misconfigured records. Just make sure to back everything up beforehand, just in case!

Answered By DomainExplorer87 On

This usually happens if someone creates a DNS entry through the console incorrectly. For instance, if they entered 'hostname.domain.local' instead of just 'hostname', it appends the domain automatically, leading to records like 'hostname.domain.local.domain.local'. While it tries to be helpful by creating necessary subdomains, this is what results in your broken delegation error. It's worth walking through your DNS console to find these records.

Answered By ServerWhisperer99 On

This scenario typically arises when the parent zone thinks a child zone should be handled by a specific nameserver, but that nameserver lacks corresponding records, causing frustrating and intermittent resolution failures. In 2026, it’s tough since modern browsers and operating systems have aggressive DNS caching, so the errors only occur for a fraction of users at any time.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.