Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win







The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.

Share tech news, updates, or what's on your mind.

Sign up to Post

My organization has a SonicWALL TZ600 firewall and two Server 2016 servers with the DNS role that handle DNS for our organization.

A previous IT administrator setup the SonicWALL TZ600 firewall so that it dynamincally assigns IP addresses to the Windows 10 client computers and assigns the following DNS server addresses: (the static IP address of one of the Server 2016 domain controllers)
Two other IP addresses are also assigned:

The reason that these public DNS server addresses are being used and we aren't using the DNS server IP addresses associated with our ISP is because we have a primary ISP and a fail over ISP connected to our firewall. That way if the primary ISP goes down then the secondary ISP will pick up in its place until the primary ISP comes back online. This is important since we have had several times where our primary ISP has gone offline.

However, I have been told in other postings here that the two DNS server addresses of & shouldn't be assigned to the Windows 10 client computers.

We need to make sure that our network is completely self sufficient so that if either one of the Server 2016 domain controllers/DNS servers go offline then the Windows 10 client computers will still be able to connect to websites on the internet even while the two servers are down.

So what is the right way to properly setup or organization's internal DNS?

Please let me know if any further information is needed.
Free Tool: SSL Checker
LVL 10
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

I need to add the following IP addresses to the A record of autodiscover.companyname.com within my Server 2016 AD domain:


What is the process to add all of these IP addresses to the DNS A record of autodiscover.companyname.com within my Server 2016 AD domain? All of these IP addresses need to be added, not just one.
I have a DC with a ldaps (636) and an external nat address through the firewall.

it has a self signed certificate from our in house certificate authority. and my hosted software is able to connect to it and allow my users to authenticate via LDAP just fine.

Except one.

the newest is requiring that we have a 3rd party certificate installed. So i purchased one, and added it to the personal store in the Certificate management area for the service account.  however didn't buy the extended validation option. so i think i have to buy another one.

if that is the case.. i would like to do it a bit differently.

if my server is server.mydomain.org
can i (after adding an external DNS alias for ldap.mydomain.org) purchase a cert for ldap.mydomain.org, and if so my reading leads me to believe that if i purchase the EV version of the cert, and put it in the personal store for the serivice account, is that all i need to do to get LDAPS using it ?

Outlook 2016 running on Windows 10 computers within my company's domain are having problems performing the initial Outlook Office 365 email setup.

All Windows 10 computers are using DHCP and are assigned the following DNS addresses through DHCP: (the DNS server address for a Server 2016 domain controller with the DNS server role)

So what I've been doing to fix this issue is temporarily assigning these computers the following static DNS server addresses:

This allows Outlook to connect to the Office 365 email servers and auto configure the user's Office 365 email accounts. Then once the Outlook email profile is configured I change these DNS server addresses back to using DHCP.

What DNS entries can I add to the Server 2016 DNS server so that the Windows 10 client computers will be able to connect to the Office 365 servers and perform the email auto configuration?

Please let me know if any further information is needed.
I have a 2008 R2 RRAS (routing and remote access server) and I'm connecting to it with a VPN connection.

Once connected, I get an IP address and my DNS is correct in that it's my DNS servers on my domain, but I can't resolve anything unless I use the FQDN like computer.mydomain.local.  

As a side note, my end user told me Linux shows no DNS server is affixed to the tunnel and Linux shows no gateway affixed to the tunnel.

Anyway, i need some help resolving this problem.

Where do I look?


We have a public website and it changed to new IP address. And A DNS record for the website is located at DNS1.

So user's path for DNS name resolution is;
User laptop------DNS2-------DNS1

DNS1 is configured as a forwarder in DNS2.

I just requested to change A record to DNS1 admin and he changed. I can resolve to new IP;
c:>nslookup website.com DNS1

But if I try to resolve with DNS2, it still returns the old IP address. It seems as DNS2 is not getting the change yet, TTL issue in cache.

Is there a way to delete only a single record for website.com?? It's AD integrated DNS server, I went to DNS concole> Advanced View> Cache Lookup, there was no record for website.com. I want to delete the record in DNS 2 and gets new DNS record from DNS1
in the Exchange queue find the message and don't send it.
the dns nslookup on the srvmail respond with the error unknow.
on the server dns respond wth the correct name
I have a domaincontroller in my network that also acts as a DNS server for my clients. DNS server is given out by the DHCP server.

Of course when the DNS server is down, our clients can't connect to the internet anymore.

I tried in the past to add a second google DNS to the DHCP, but that caused more problems than solutions.

Is there a way to enable a setting so the clients only connect to the internal DNS server when needed (like logging in) and use the google DNS for internet only?
Hi, I connected two asa5505 with a crossover cable to learn site2site vpn, I have these configures for both but it just not working, there are no activities on the outside interfaces. I have tested each asa5505 connected to my home LAN with internet access to make sure the interfaces are working. Thanks!

ASA Version 8.2(5)
hostname asa-a
domain-name asa-a.domain
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
interface Ethernet0/0
 switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
 nameif inside
 security-level 100
 ip address
interface Vlan2
 nameif outside
 security-level 0
 ip address
ftp mode passive
dns server-group DefaultDNS
 domain-name asa-a.domain
access-list outside_1_cryptomap extended permit ip
access-list inside_nat0_outbound extended permit ip
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1
timeout xlate 3:00:00
timeout conn …
Late this afternoon, we stopped getting incoming email to our on-premise Exchange 2010 server.  DNSStuff reports that port 25 is down when I run a test on the MX records. When I run a test using mxtoolbox, it reports for dmarc "dns record not found" and https "the certificate has a name mismatch" and for smtp "failed to connect".    When I run the Microsoft Remote Connectivity Analyzer, I drill down to find an error "Host name <my correct host name> doesn't match any name found on the server certificate CN=*.mapcoparking.com, OU=Domain Control Validated. "

I don't know where this CN=*.mapcoparking.com is coming from.  And possibly that is the problem?  I don't see this on the certificate that is installed on my Exchange server and is not my company name.  Any suggestions?  I have been going around and around with this for hours.
Q2 2017 - Latest Malware & Internet Attacks
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!


 I have SBS2011 network and no user can display pictures off their facebook.com all of a sudden no matter what browser they use.
 The only change that I can think of is that a few weeks ago, I removed ISP provided DNS server addresses from DNS manage in SBS2011 so that it uses root hints. For testing, I re-entered ISP DNS server addresses into forwarder of DNS manager for testing, but to no avail. I tried Google DNS server addresses too.
Since no one has any problem browsing any website, at this point, I decided to keep Forwarder tab empty.

 Has anyone experienced this problem?

Let's say I've bought a domain called "mynicedomain.org"

Now I want to have a mail service. Let's say office 365 or gsuite so I can have an email address called "ben@mynicedomain.org"

Beyond that I want to buy a web hosting (like GoDaddy) service to serve "http://mynicedomain.org".

Maybe I also want an intranet service hosted by AWS virtual machine at "http://wwwin.mynicedomain.org".

Can this be accomplished? If so how it works? Who is going to be nameserver for my domain?
I have an ASP website on Windows IIS at www.mysite.com and I want to create a Wordpress blog at www.mysite.com/resources/

This means all pages of the blog start at www.mysite.com/resources/


I have 2 options:
1) Host the blog on Windows IIS
2) The other option is to have the Wordpress blog hosted on Linux server at another IP address and have all pages at www.mysite.com/resources/ point to the Linux server.

How would I do this?  Which option is better and why?
Hello - My company uses Office365 for our email, and we want to add a second IP address to our main location(fail-over). The TXT record currently is:  'v=spf1 ip4:XXX.XX.XX.XXX include:spf.protection.outlook.com -all' . My question is, can I add another IP address in the DNS record for the second IP? Or should I create another TXT with the second IP address at the DNS host?

Thank you for your help!
I am sure i might be missing an easy solution, but thought i would ask here to save time.  

I am trying to get a URL that we are putting out to the public to redirect to another domain, but only for a single address, not the entire domain.   The issue is we have our main domain hosted by an external company but have many other web based apps that are hosted locally.   The one web server we created a different longer domain name in which the subdomain has a SSL certificate.  So i would like for the easy URL name to be put on documentation sent out to customers that can be redirected to another subdomain that has the cert.  

our core domain name  main.com   is hosted externally, but mail.main.com points to internal mail server, intranet.main.com points to intranet, etc.       We also have another domain registration  longnamemain.com.   On  longnamemain.com.  we have certificate for URL site.longnamemain.com.     On the renewal notice, I want to put renewal.main.com versus renewal.longnamemain.com.    How can i redirect renewal.main.com to renewal.longnamemain.com.  and not get a certificate error which is what happens now using a CNAME record.  

You might say, why not just use long domain, well there are certain reasons I do not want to use that.  

Thanks for any help.
Do I need to configure a Gateway Role if I am only having users connect to the farm from within the network?  We don't access the Farm from outside only internally.  The reason I ask is that it seems I am having issues connecting to the servers themselves when using RDP.  I have no HA and only 2 Host servers and the Connection Broker and have setup a RR NLB setup.  I have an existing 2003 TS environment and I have built the new 2012 Farm but don't want to confuse the end user with new names.  I plan on when going to production with the new system pointing the name they use now to the new servers.  Say Corp1 is what they are using, I want it to point to the new system.  I am guessing smoking the test farm collection and creating a new one with said old name as the new FARM name on 2012.  Does that make sense?
Getting a huge number of this error.

Log Name:      System
Source:        Schannel
Date:          10/17/2017 5:47:18 AM
Event ID:      36888
Task Category: None
Level:         Error
User:          SYSTEM
Computer:      DC.server.local
The following fatal alert was generated: 10. The internal error state is 1203.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" />
    <TimeCreated SystemTime="2017-10-17T09:47:18.432206200Z" />
    <Correlation />
    <Execution ProcessID="512" ThreadID="4052" />
    <Security UserID="S-1-5-18" />
    <Data Name="AlertDesc">10</Data>
    <Data Name="ErrorState">1203</Data>

We are in process of company acquisition and need to set up a forest trust - we are waiting for VPN tunnel to be created first

In terms of DNS we are currently using our ISP as forwarders (with root hints check box checked)

My question is do I still need to add conditional forwarders to the remote company in our DNS setup, or is this something we need to request from our ISP? (Our ISP manages the DNS for the remote company we are acquiring also)

Many thanks

What are the least expensive internet domain registration services?

I have a couple domain names I am interested in registering internet domain names and am looking for the least expensive way of doing this.
Concerto Cloud for Software Providers & ISVs
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Dear Experts, I got this error when configuring RODC, could you please suggest?

"you need to specify the source domain controller using its fully DNS host name "

I have two DC that are DNS servers in my WIndows 2012R2domain. I want them to synchronize but they are not. If I lookin the SOA the serials numers are not the same.

Is there a way to repair?

If I put a conditional forwarder in my DNS server and that conditional forwarder is able to hit a DNS record, but it uses its own conditional forwarder to resolve it. Would that be a problem for my DNS server to resolve to that record?

Basically it would take 2 forwards to get the record for that host file. We are trying to figure out why a conditional forwarder is able to resolve a record but not my DNS server.

So example:
My DNS server( uses conditional forwarder( is able to resolve "host"file that is on DNS server ( is a conditional forwarder for

I hope this makes sense.
We have 120 users on network with cyberoam ( 50 ING ) firewall  configured , from last 2 weeks we had issues like http websites not resolving getting error could not reach . But on other ISP it works fine.

Environment :
Cyberoam 50 ING Firewall with BSNL ISP configured  ....connected to Unmanaged switches
Internal AD integrated with DNS Server windows 2012 r2
All server + clients having primary dns server is windows server local IP address

But if do the nslookup domain name then it resolves fine but on browser it stucks. But sometime it works fine too.

ipconfig / flushdns
ipconfig / release
ipconfig / renew
ipconfig / registerdns
Winsock reset
Antivirus scan + malware scan , after malware scan it works for sometime and again it stucks. some of PC having the malware or spyware which blocks the http 80

everything did but http is not working . Only remains the Cyberoam Firewall firmware upgrade and restart of Windows 2012 server.

Please assist me to resolve this issue on urgent basis

Vijay Kadadi
A business client of mine has switched internet service providers and the new provider has installed a mikrotik rb2011il-in.

How do I configure DHCP options for Gateway, DNS using Webfig.  I cant find anything on the web about the task that is recent and from I can only assume is a hobby router
We are merging two domains into one.  We have a library, .lib domain that will be going away, and server objects merging into parent domain.  We want all the servers to maintain the .lib part of their name for application, web and certificate purposes.

We have the internal integrated AD DNS, and also an external DNS.  I assume on Internal - when objects are moved between domains, the .lib server will be removed and  the name will end in the only the primary domain.  I assume I can make .lib type Alias records for these pointing to new name.  For instance,  abc.lib.contoso.edu will become abc.contoso.edu when switching domains - and I can Alias abc.lib.contoso.edu to abc.contonso.edu.  Does that sound reasonable?

Then, on External DNS -- which is all manually can I just keep the abc.lib.contoso.edu with the same IP.  The 'real' server will be abc.contoso.edu -- but the IP will be the same.  Is there a need to setup a proper HOST record for abc.contoso.edu, then an Alias abc.lib.contoso.edu.  Can I just leave things exactly as they are and not worry about DNS replication, etc.. Essentially, can I just leave abc.lib.conoso.edu HOST record  - which is accurate now - the same after migration.  It's IP will NAT to proper server - IPs are staying all the same.  Will it matter that external HOST record is actually accurate as far as 'true' new server name?  Then there's nothing to replicate.






The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.