The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.

Share tech news, updates, or what's on your mind.

Sign up to Post

-we recently migrated dhcp from 2008r2 to 2012r2
-we have 3 dc's each: one is the dhcp (with dns and gc) and the other 2 have  dns + gc
-we are a one domain site, but have quite a few computers that are non-domain joined (Workgroup with the domain suffix though)
-before the migration, dhcp would update the dns on the non-domain joined computers
-after the migration, our domain pc's dns gets dynamically updated but the non-domain pc's aren't being updated
-created dedicated user account and put in  "dnsproxygroup" for our dhcp server
-set OpenACLOnProxyUpdates 1" (on all dns server)
-zones set to "allow secure and not secure"

I have seen lots of answers but nothing seems to work
[Webinar] Learn How Hackers Steal Your Credentials
[Webinar] Learn How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

I'm having issues with active directory. I first noticed that I was unable to use gpupdate. Then I attempted to remove a machine from the domain and re-add it and was unable to do so. I also get a permission denied error on my shared printers.

I do not think the problem lies in DNS. When I try to add machines to the domain the resulting error shows the SRV record was queried and the domain controller was identified. but could not be contacted. I've checked the Host (A) records in DNS and they are fine, I've also tried adding a manual entry to the hosts file on the client machine.
Hi Experts,

I have run Best Practice Analyser on all 4 of my DNS servers. 3 of the DNS are compliant.
But one of the DNS servers is having issues with eight different IPv6 addresses. The warning message that is stated is: "DNS: Root Hint 2001:500:9f::42 must respond to NS queries for the root zone".  

On each DNS server there are no IPv6 addresses in the Root Hints and IPv6 is not enabled in the server's TCP/IPv6 properties.

How can I get rid of these errors so that the DNS server becomes Compliant for Best Practices?
Recently in my organization migrated server 2008 to 2012,but in all systems primary dns ip is 192.*.*.14,now my server migrated ip address is 192.*.*.13,so how did i change in all clients sys ip primary is 192.*..*.13.and another doubt at a time all actieve directory users password are need to change at a time and set Unique password.
Hi All,

I have found myself to be very lacking in memory when it comes to Cisco IOS and after far too many hours of trying and reading website and documents I have decided to ask an expert!

I need help with the following setup:

Cisco 897VA router
WAN on G8:
Direct Connection to fibre Media Converter.  (no vLan tagging required)
CE of Router needs to be
Gateway or PE is, DMZ from ISP is
I have Static IP Addresses assigned by the provider pointing at ( only using 2 at the moment .225/.226.
External DNS
External Nat

LAN 2 Ports to be used G1 & G2

G1 is the port facing the main network and servers and will be the gateway for all PC's inside.
IP is to be
Internal DNS
Internal NAT

G2 is to be the Wifi. Original Setup before router replacement was on Private WIFI on vLan100 and Public WIFI was on vLan101)
Internal NAT
vLan101 had internet access only no internal access with ip of 192.168.101.x for the WIFI and external DNS
vLan100 had access to internal systems and internet with IP of for interface and for the WIFI.  The WIFI, accessed and the 2 internal DNS for internet and internal access.

Both WIFI used the router for DHCP, no DHCP for internal computers. IP Range was 192.168.{100/101}.100-125 for each

Internal network was vLan1

Access was allowed for 80/443/25/3389 …
In case you did not see it, below is the apology statement from Marketo regarding their outage yesterday.
Dear Marketo Customers and Partners:

Today, for a number of hours, our main web site, Marketo.com along with a small number of other Marketo domain properties were rendered inaccessible, preventing log in to our application. While the issue is now largely resolved, and I can assure you that the core Marketo application continued to operate in the background and your data was never at risk. I want to sincerely apologize to you and on behalf of the entire Marketo team as we take any disruption to your service very seriously.

I also want to be completely transparent with you on what happened and assure you that it won't happen again.

We renew thousands of domain name properties we own every year with precision, yet the auto renew process for registering our main domain, Marketo.com, failed. This catalyzed a cascading series of issues, but ultimately human and process error are to blame and again, we take full responsibility.

While our global support team in Ireland was working with our DNS registrar in the very early morning hours, members of our customer and partner community helped pinpoint specific issues that aided us significantly. While this does not absolve Marketo of responsibility for this serious situation, I would like to thank the individuals who assisted us. We greatly appreciate your support during a trying time.

For our global customers, please…
I setup a Exchange 2016 Server in-house and cannot figure out why the Outlook Test Email AutoConfiguration on all in-house network clients and from the Exchange Server Management Shell Test-Outlook WebServices keep failing.  All workstations are Outlook 2016 and at first I also had a problem seeing the public folders but they are now viewable.  Something is goofy and I've triple checked everything and I can't figure it out.  Outlook says downloading address book for days.

Outlook had no problems when adding a profile finding the account automatically.  I've flushed DNS on all computers, rebooted, and tried a new Outlook profile - no chanage.  

OWA and ECP (Exchange Admin Center) work internal and external.  Cell phones have no problems adding accounts.  External DNS is setup.

Any assistance would be greatly appreciated.  I've tried so many fixes from other web site posts, articles, and many from other posts on Experts-Exchange.

Please see attached images to see failure messages and external DNS setup.

I have a server 2012 R2 and have RDS installed. Its a single server that has all the roles, DC, DHCP, DNS, File, RDS,  i installed a 90day cert from comodo . If i go to a windows 7 machine and go to https://rds.domain.com/RDWeb and login when i run an app i get this error
"Your computer can't connect to the remote computer because the Remote Desktop Gateway server is temporarily unavailable" Try Reconnecting later or contact experts-exchange for assistance. "

If i do this from the server itself the apps open fine.

                           ROUTING TABLE:
#    Dest IP      Mask  Gateway IP  Metric Device Use Edit Drop
1    32     1   poe0  0    
2   24  1   enet0 137888
3  default          0 Node1            2   poe0  105886

                            WAN CONNECTION TABLE:
PVC VPI/VCI IP Address          Subnet      GateWay      DNS Server    Encapsulation Status
PVC0  0/35     PPPoE       Up

                        *NEW* CONFIGURATION:
                           ROUTING TABLE:
#    Dest IP      Mask  Gateway IP  Metric Device Use Edit Drop
1  10.216.xxx.xxx  ??     1   poe0  0    
2   24  1   enet0 137888
3  default          0 Node1            2   poe0  105886

Can anybody - please - help me with a correct Mask (??)? :)

Hi all,

This is our setup:
- Sonic Firewall TZ300
- Barracuda Email security
- Server 2012 r2 with Exhange 2016
Latest updates are installed.

OWA works fine, outlook anywhere works fine.
Application Symprex for email signatures has an error trying to connect locally
MigrationWiz for migrating mailboxes doesn't work either.

Checking testconnectivity.microsoft.com results in error. Contacted above application providers: could be the problem with autodiscover.

Error is:
Attempting to test potential Autodiscover URL https://autodiscover.domain.nl:443/Autodiscover/Autodiscover.xml
       Testing of this potential Autodiscover URL failed.
      Additional Details
Elapsed Time: 1860 ms.
      Test Steps
      Attempting to resolve the host name autodiscover.domain.nl in DNS.
       The host name resolved successfully.
      Additional Details
IP addresses returned: (correct of course)
Elapsed Time: 730 ms.
      Testing TCP port 443 on host autodiscover.domain.nl to ensure it's listening and open.
       The port was opened successfully.
      Additional Details
Elapsed Time: 510 ms.
      Testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks.
      Additional Details
Elapsed Time: 619 ms.
      Test Steps
      The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.domain.nl on port 443.
       The Microsoft Connectivity …
Free Tool: IP Lookup
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Hi Experts.

I'm trying to figure out why/where  DNS traffic coming from a DNS/DC server to a now decommissioned server. I've checked the Forwarders on the properties of the DNS server and there are none, though according to network team there is a high amount of DNS traffic.

Are there any tools I could use local on the DNS server to determine this?
I can ping by IPaddress but not by Hostname

I have a computer that I can ping by IP address, but I cannot ping it by host name.

The computer IP address is obtained via DHCP.
 if I ping IP address using -a , I can obtain Hostanme

When using NSlookup computername , I get the:
Name: computername.domainname.

when using Nslookup Ipaddress, I get the:

Name: computername.domainname.
Address: IP address

Any idea why I cannot ping by Hostname ?

Thank you
I am looking for some clarification on the proper configuration of my DNS amd my email server.

Here is the setup:
I am using Comcast as my ISP and have an Exchange server running in my SBS2008. I have a static IP address assigned by Comcast and have registered a domain name pointing to it ( [b]abc.net[/b)]. I also have a company domain name that is abc.com. This domain points to an outside web and email server. I am using the Windows POP3 Connector to retrieve emails from the abc.com server and putting them into the Exchange mailboxes. (I know, nobody likes the POP3 Connector...) Then I am using the in house Exchange server to send emails directly from the domain <b>name@abc.com</a>

The problem:
Lately, I have been getting the error from Gmail accounts that I try to send to saying that the Reverse DNS for IPv6 is not properly configured, and that I must fix this before Gmail will accept emails from abc.com.

The question:
This is where it becomes a bit confusing for me. What is the proper way to set up the DNS configuration, and where. Currently, I have asked Comcast to set up the Reverse DNS for abc.net back to my IPv4 and IPv6 addresses, but Gmail is still blocking me. Should I also, or in place of, asked them to set the Reverse DNS for abc.com to my server, instead? Or is this something I should be doing on my SBS2008 DNS?
Hello Lync / SfB experts.

I have a problem trying to fix a Skype for Business deployment.
Everything work fine internally. But internal users can't receive any message from external users.
External users will not see the internal users status (online/busy/offline).
For example if an internal user try to add a normal external Skype user, the external user accept the request, but the request will never be forwarded to the internal user. The external user will never be able to see the internal user status.

So I have checked basically all I could.

The external DNS record :

[Pointing to the EDGE server]
SIP.company.com / Public IP : OK / Port : 443-444-5061 / Protocol : TCP-TLS / Internal IP : OK (EDGE Server)
_SIP._TLS.company.com / CNAME to SIP.mycompany.com

[Pointing to the REVERSE PROXY server]
WEBEXT.company.com / Public IP : OK / Port : 80-443 / Protocol : HTTP(S) / Internal IP : OK  (Reverse Proxy Server)
LYNCDISCOVER.company.com / Public IP : OK / Port : 80-443 / Protocol : HTTP(S) / Internal IP : OK  (Reverse Proxy Server)
MEET.company.com / Public IP : OK / Port : 80-443 / Protocol : HTTP(S) / Internal IP : OK  (Reverse Proxy Server)
DIALIN.company.com / Public IP : OK / Port : 80-443 / Protocol : HTTP(S) / Internal IP : OK  (Reverse Proxy Server)

The Autodiscover test from the Microsoft Connectivity Analyzer is good :

The manual SIP connectivity test (by entering manually the SIP address and port) is also good.…
Dear All,

Outlook 2013 Clients are getting following message after starting their outlook,

The name of the security certificate is invalid or does not match the name of the site error?

I have check my internal URL and external URL, both are fine and properly configured.
i have check DNS records its correct.
i have checked serviceBindingInformation and found  correct

when opening XML file, getting following message

<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Error Time="10:14:11.2991610" Id="25892145">
<Message>Invalid Request</Message>

Please advice, is there is problem with redirection or any thing else is missing

I just installed a new server with Server 2012 r2 Essentials, at first all seemed to be going well and I was able to additionally install Exchange 2013 SP1 on an additional server, joined that to the domain on the r2 Essential box and was able to link the two together in the Dashboard.

I additionally added the DHCP role to the 2012 r2 as I wanted to use a fixed IP address on the server to allow users to connect remotely and I got that set up and a scope defined and DHCP was up and running.

Not long after that the server started to have issues users would report that they could not connect to websites and occasionally to server shares.  After a lot of faffing about I decided the issue must be the Server's NIC was faulty. So I switched to the 2nd network socket (Dell PowerEdge 330 server) and after that things seemed to be running a lot better but after a while the issues came back and I now think the issue is that when DNS was configured when the original NIC was faulty even though we are now using the non-faulty NIC the DNS settings are still not configured correctly.

Can someone advise what the best way is to get the DNS settings back to a workable state.  I did a dcdiag on the 2012 Essentials box and get this:


Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = ServerName
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

Hi All,

Can anyone here please assist me in troubleshooting as to why my Outlook Web Access is randomly signing me off while reading or typing email ?

I also cannot access the below OWA option with HTTP ERROR 500:
Change OWA Account settings: https://owa.domain.com/ecp/?rfr=owa&owaparam=modurl%3D0&p=account
Change AD Password: https://owa.domain.com/ecp/?rfr=owa&owaparam=modurl%3D0&p=PersonalSettings/Password.aspx
Enable OWA Add On: https://owa.domain.com/ecp/?rfr=owa&owaparam=modurl%3D0&p=installed

However, when I manually type in the Public IP address or the server name instead of owa.domain.com, I can access the server with no problem.

This is my current deployment of the Exchange Server 2013 Standard Edition in my domain:

AD Site: Default-First-Site-Name
PRODMAIL14.domain.com [old CAS & MBX server]
PRODMAIL20-VM.domain.com [new CAS & MBX server]

AD Site: Head_Office
PRODMAIL42-VM.domain.com [CAS & MBX server]
PRODMAIL30-VM.domain.com [MBX server]

I have just created multiple A Record for OWA.domain.com and Autodiscover.domain.com pointing to my existing 3x CAS-MBX Exchange 2013 server roles.

Public DNS (A) records Round Robin:
OWA.domain.com – Public IP address of PRODMAIL14, PRODMAIL20-VM and PRODMAIL42-VM
Autodiscover.domain.com – Public IP address of PRODMAIL14, PRODMAIL20-VM and PRODMAIL42-VM

Internal DNS (A) records Round Robin:
OWA.domain.com – Public IP address of PRODMAIL14, PRODMAIL20-VM and PRODMAIL42-VM
We use a DNS DName entry to force YouTube Moderate Search settings for our users.  the DName translates "youtube.com" to "restrictmoderate.youtube.com."  After upgrading to MS server 2016 (with AD integrated DNS) the DName entries do not appear function.  When I attempt to visit "www.youtube.com" the page returns "This Site can't be reached," "www.youtube.com's server DNS address could not be found."  

The YouTube site suggests that I create a CName entry for the Domain, but Microsoft will not support a CName entry in a DNS zone of the same name - that's why we used a DName entry.  An "A" record will not work either.  Using the IP returned from an NSLookup request (against my 2012 R2 servers) in my browser returns a Google search page, not a YouTube page.  So an IP mapping doesn't help.

Using the NSlookup tool, I can successfully resolve my DName entries against my remaining 2012 R2 Domain Controllers, but not against any of my 6, 2016 DC's.

I found a KB article that addresses this behavior in 2012 R2, but says nothing about server 2016.  The KB is KB3133954.

Please help.  How do I configure a DName Alias on a 2016 server running AD integrated DNS and make it work?
We have two dns servers on our domain, they worked fine until recently. Not sure what has happened, but some clients  either can't go to sites at all or it is very slow getting there. Often a symptom is "resolving host" message when they go to internet.  We've found that manually making them go through google dns server solves the problem. Questions: (1) what kind of problems are we likely to run into by making everyone go through google dns? (2) what could be causing our dns servers to be so inconsistent?
What, When and Where - Security Threats from Q1
What, When and Where - Security Threats from Q1

Join Corey Nachreiner, CTO, and Marc Laliberte, Information Security Threat Analyst, on July 26th as they explore their key findings from the first quarter of 2017.

Where within the Gmail admin console can the external DNS mail exchange (MX) records be changed for an organization using Gmail for its email?
What is the process to determine which company hosts an organization's external DNS MX records?

I have recently installed a HP Server 2012 server and all has been running okay till one day it would not access the internet. The internal network is working okay and all the other workstations are connecting to the internet fine. I can rdp to the Server with no issues, updates are all installed, all setting are still as they were.

What I have noticed is that there seem to be two network connections (see attached file) there is only one network card in this Server.
hello dears,
this is my first question so I beleive everyone will guide me on solving the issue.

Subdomains (child domains) objects Missing from Active Directory Users and Computers in the parent domain.

I have one parent domain ( name it domain_parent) with 2 DCs (DC1 and DC2)
and two child domains, each child domain has one DC (DC3 and DC4)

all are windows 2012 R2 servers

and all DCs in all domains are global catalog servers

the replication is OK, I can search all objects from all domains by using Active Directory administrative center, repadmin result stating that the replication was successful

I beleive that the issue is related to DNS, but i do not know where exactly, the DC1 has a primary DNS and child domains are active directory integrated.

from network properties, the DNS servers are set as follow:
DNS Server : the IP of itself
DNS Server1: the IP of DC3
DNS Server2: IP of DC1
DNS Server1: the IP of DC4
DNS Server2: IP of DC1

can anyone please guide me on what is the issue and how I can resolve it?

thank you
is it possible to get 100% fail over 100 % availablity using f5 to two IIS servers configured for load balancing in round robbin.

Each request to check if a server is active and route the call to the other server if one is down, without any downtime.

Also is it possible to queue a call if both servers are down and wait a certain period of time and make the call to the first available server?

We have an internal windows active directory domain called Catfood.com. We also have an external website called the same Catfood.com but it is hosted on an external cloud provider.

We have created a website on the cloud called gifts.catfood.com. This uses dynamic DNS.

I want to forward all DNS queries for gifts.catfood.com to an external DNS server.

How do I do this?

We are using windows server 2008 (but the domain functional level is windows 2003)







The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.