Share via

How to fix DNS Delegation test fails on all domain controllers

(Admin) Lucian Mariniuc 0 Reputation points
2025-12-05T21:26:18.57+00:00

Auth Basc Forw Del Dyn RReg Ext

PASS PASS PASS FAIL PASS PASS PASS

PASS PASS PASS FAIL PASS PASS PASS

PASS PASS PASS FAIL PASS PASS PASS

Moved from: Community Center | Not monitored

Windows for business | Windows Client for IT Pros | Devices and deployment | Other
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2025-12-05T21:26:28.66+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    To address the DNS delegation test failures on all domain controllers, you can follow these steps:

    1. Check DNS Server Configuration: Ensure that the DNS servers are correctly configured to handle delegation. This includes verifying that the delegated zones exist and are properly set up.
    2. Verify Resource Records: Ensure that the necessary resource records (like NS and A records) are present in the parent zone for the delegated zone. If they are missing, you may need to add them manually.
    3. Test Connectivity: Use the dcdiag command to test the DNS functionality on each domain controller. The command can be run as follows: 
         dcdiag /test:dns /s:<DCName> /DnsBasic
      Replace <DCName> with the name of your domain controller. This will help identify specific issues related to DNS.
    4. Check for Broken Delegations: If you suspect broken delegations, you can use the nslookup command to test the delegation path. This involves querying the DNS servers to ensure they can resolve names correctly.
    5. Fix Broken Delegations: If you find broken delegations, you can fix them by adding or updating the relevant A resource records in the parent zone.
    6. Restart DNS Services: Sometimes, simply restarting the DNS services on the domain controllers can resolve issues. You can do this using the following commands: 
         net stop netlogon && net start netlogon
   ipconfig /flushdns && ipconfig /registerdns
    7. Review Logs: Check the event logs for any DNS-related errors that might provide additional insights into the failures.

    By following these steps, you should be able to identify and fix the issues causing the DNS delegation test to fail on your domain controllers.

    References:

    0 comments
  2. Harry Phan 9,835 Reputation points Independent Advisor
    2025-12-05T23:20:25.29+00:00

    Hi (Admin) Lucian Mariniuc,

    The “FAIL” result in the Delegation (Del) test typically indicates that the parent DNS zone does not contain a proper delegation record pointing to your child domain’s authoritative DNS servers. To resolve this, please verify that the parent zone includes the correct NS records and that those records reference the valid IP addresses of your domain controllers. Additionally, ensure that the DNS servers hosting the parent zone can successfully resolve queries for the child domain. If you are using Active Directory–integrated DNS, confirm replication is healthy and that all domain controllers are properly registered. Running dcdiag /test:DNS /v can provide further diagnostic details to pinpoint misconfigurations.

    I hope this helps clarify the issue and guide you toward a resolution. If you find this answer helpful, please don’t forget to click “Accept Answer” 🙂.

    Harry.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.