It started as a simple diagnostic: dcdiag /c
when it ran it gave me the following error from the DNS portion of the DCDIAG test
delegation is broken for foo.com.foo.com on dns server on dns server 192.168.1.1
and
delegation is broken for foo.com.foo.com on dns server on dns server 192.168.1.2
Those IP's correspond to the two domain controllers on the network.
So now I am left wondering. What is a broken delegation and more importantly, how do I fix it?
The delegation test checks for broken delegations by ensuring that all NS records in the Active Directory domain zone in which the target domain controller resides have corresponding glue A records.
Try:
1) Setup DNS servers in TCP/IP config for your servers as folowing: own IP as primary DNS, other DC as secondary DNS (check http://support.microsoft.com/kb/825036 for details). Never use ISP (or other external) DNS as DNS server at any DC in TCP/IP settings
2) ipconfig /registerDNS on both servers
3) netdiag /fix
For me, someone had simply added an A HOST record under the wrong place.
IE if your domain was Test.Microsoft.internal, someone had created a sub domain in DNS called "internal", with a sub domain called "microsoft", and within that a sub domain called "Test" - hence you then get [computername].test.microsoft.internal.test.microsoft.internal The DCDIAG dns test will then give you the "delegation is broken for ..." error for each and every Name Server for your DNS zone.
E.G. This was in my tree view in DNS:
Took me a while to figure this out, as it's somewhat misleading. Deleting the emboldened domains resolved the error message. Otherwise it wasn't really that important, but the error makes it sound like it is!