I was trying to create a conditional forwarder on my work DNS servers and kept hitting this cryptic error message:
I was trying to create a conditional forwarder called
some.sub.zone.com. At first I thought maybe I had this as an existing zone or perhaps as a stub zone – but nope, I don’t have that. Some forum posts mentioned the lack of root hints could lead to this error, but that doesn’t make sense to me – why would I need root hints for this? Next I created a test conditional forwarder to some random domain name and that worked – so surely it wasn’t a server issue.
I recreated this in my test lab and found the problem. The issue is that I am trying to create a forwarder to
zone.com already exists on the DNS server. I was under the impression you could have conditional forwarders even for zones you host, but nope that’s a no can do. From the official docs here’s a para of interest:
A DNS server cannot forward queries for the domain names in the zones it hosts. For example, the authoritative DNS server for the zone microsoft.com cannot forward queries according to the domain name microsoft.com. The DNS server authoritative for microsoft.com can forward queries for DNS names that end with example.microsoft.com, if example.microsoft.com is delegated to another DNS server.
The emphasis is mine and that’s the work-around to use here. You have two options – either delete the
zone.com zone from your DNS servers and then create a conditional forwarder for
some.sub.zone.com; or create a delegation for
some.sub.zone.com – you could do that to yourself too – and then create the conditional forwarder.
Here’s a screenshot from my test lab –
some.sub delegation is to my server itself. You don’t need to create a zone for the delegation to succeed. The delegation is just a one way pointer of sorts telling the server to ask the delegated server for any queries concerning this sub zone – it basically tells the server hosting
zone.com that it is no longer responsible for
some.sub.zone.com (even though the delegation points back to itself!). Once that is done the server will allow you to create a conditional forwarder for