The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.

Share tech news, updates, or what's on your mind.

Sign up to Post


We are looking to implement DKIM and DMARC, we already have SPF enabled and working.

I understand DKIM and DMARC to quite a good level, however one thing I do not seem to be able to find a clear answer on is implement steps, by this I mean the process of rolling this out (mainly order of DNS changes);

I guess that with DKIM, as long as its not enabled on your outgoing smarthost then you can apply the public DNS record and it is simply ignored by all as the Email header has not been modified?

However with DMARC if a DMARC record exists in your DNS, even with DKIM disabled/deactivated does the DMARC record get quried by your recipients? I have read that some companies use DMARC with only SPF so I assume the answer is Yes it does impact your Emails even with DKIM disabled.

We have a number of third parties so we are trying to align all our DKIM DNS records before activating.

Become a Microsoft Certified Solutions Expert
LVL 13
Become a Microsoft Certified Solutions Expert

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

On one server, a Windows Server 2012 R2, I cannot seem to ping outside of the Forward Lookup Zone that it's DNS record exists. I have two FLZs: domain.local and domaininc.com. If I try to ping a FQDN I have created a record for in domain.com FLZ, I get no response. The record is setup to point to a host in the other FLZ domain.local. Additionally, if I try to ping something like google.com, I get the same result of it saying, "Ping request could not find host google.com. Please check the name and try again."

All my other servers in the same cluster work just fine. I've changed out the vNIC in VMware host and set to DHCP and assigned static IP; same result. Thoughts on what could be causing this?
I have a laptop here I recently reloaded with W10 for a user.  I am trying to deploy ESET antivirus through the admin console.  ESET is installed on our backup DC (DC02).  The agent deploy task kept failing so I went to the machine and was able to ping the DC hostname from the laptop but from the DC, I can't ping the laptop if I use the hostname, it fails because it is trying to ping the wrong address (  The IP of the laptop is and when I ping that, I do get a response (this is the network adapter address, not wifi).

I flushed the DNS on both DCs and tried again but it is still seeing the laptop with the wrong IP. isn't a used IP right now, it is nowhere on the network.  I removed the laptop from the domain, removed it from AD and from ESET, shut it down, flushed the DNS on the DCs again.  Started the laptop up, joined the domain (it pulled the same address from the network adapter), moved the laptop into the correct folder in AD, sync'd AD with ESET, tried to push the agent again but it failed.

I went back to the DC and it is still associating the hostname of the laptop to

Any ideas on what else to try? I can't deploy the laptop until I have ESET on it.
Hey there Experts!

I'm running into a frustrating issues with being unable to update DHCP DNS server on CISCO ASA via SSH.
Logging into the ASA we're processing the following CLI CMDS:

ASA-Hostname: Enable
(successful authentication)
ASA-Hostname# dhcpd dns (dns server needed here)

Unfortuantely we're getting an error thrown at the d in the dhcpd command.
I apologize if this is too simple of a question. I tend to avoid Cisco like the plague and maybe I'm missing a step here.
Researching online the DHCPD CMD seems to be the one that I'm needing.

Your help is appreciated!
Dear Experts

I am hoping someone can assist me with the following issue. I have SPF and DKIM configured on my domain, which appear to be setup correctly but when I examine the message header of an email I sent I see the following entry "None (protection.outlook.com: za.cfao.com does not designate permitted sender hosts)"

Just to add I am using Exclaimer for signature management.

Please can someone examine the header below and advised if I configured something incorrectly.

"Delivered-To: nsadheo@gmail.com
Received: by 2002:a4f:c15:0:0:0:0:0 with SMTP id 21csp930979ivm;
        Wed, 21 Aug 2019 06:30:56 -0700 (PDT)
X-Google-Smtp-Source: APXvYqyk6Zvuz4Zzp1WUwoJQlz3EsF/mENO5B7uNOXkWXKiQUJ9CmIl25//eS3gDvDa/NqaFIZJg
X-Received: by 2002:a17:906:158c:: with SMTP id k12mr31626198ejd.83.1566394255976;
        Wed, 21 Aug 2019 06:30:55 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1566394255; cv=pass;
        d=google.com; s=arc-20160816;
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
Our company website is working fine and is accessible externally however all internal clients cannot access the site through our Smoothwall filter.

Our website is on the same domain as our internal domain and we have a www record in DNS pointing to the external web server’s IP address.

None of our clients can navigate to or ping the website. I logged into the Smoothwall and under the IP Tools section ran a ping to the company website and got 100% packet loss yet pings to all other and obvious blocked sites get through fine so it’s not filtering.

Also if I run the ping tests from the 4 internal Ethernet port interfaces we have setup in Smoothwall I get a 100% failure yet if I use the external Ethernet port it gets a working ping.

It seems to be a DNS issue and the Smoothwall doesn’t seem to know how to either get to our website or deal with the response back from our internal DNS server, or possibly isn’t getting a response back.

The strange issue that has really stumped me is both my IP address and one other in our internal range can access the site fine internally. My IP and the second one that works are both added as Exceptions in the Smoothwall but so are my colleagues and they are all getting site unavailable.

This has been working fine. Any ideas/pointers?
I have an internal sharepoint website (this site is internal only - NOT available from the web) that has been recreated in O365. I recently configured http redirect in IIS to simply point traffic for that internal server - to be redirected to https://CompanyName.sharepoint.com.

I now want to get rid of that server. I need to use internal AD DNS to:

1. Ensure any internal traffic to URL https://central.CompanyName.local (old internal site) will still be pointed to https://CompanyName.sharepoint.com (for anyone that's still using the old URL to access the new O365 site).

2. Ensure any internal traffic to the new URL https://CompanyName.sharepoint.com is directed to that O365 site.

How can i configure DNS to do this?
I've added this line to my hosts file to allow me to simulate being on a client's network:  abc-server

But when I try to open \\abc-server, Windows asks me for credentials and rejects my account credentials.

After some research, I added HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\DisableLoopbackCheck to the registry with value 1. This resolved my problem but created another one.

My print spooler keeps locking up. And then any program that is attempting to access a printer also freezes up. If I stop the print spooler service, the programs come back to life but, of course, I can't print.

The print spooler problem goes away when I remove the above registry entry but then the credentials problem returns.

Any help would be greatly appreciated.

I'm using Windows 10.
I Create a windows 10 on xen server. Windows is joint My samba domain.
From windows i can ping all server. All is in My dns.
Issue is all other server can't see or ping My windows.
Can you Expert tel me what happen.

Recently here in Expert-Exchange an expert mention Four Ones ( as an alternative for DNS for a VPN question I had.   Did some google and found that it's from CloudfFare/APNIC, works somewhat as VPN, further their site says they are audited annually by KPMG - so it seems ok or legit.  I am thinking of changing my DNS in all my devices to Four Ones, so I wanted to know the expert thoughts on this.  Is it really faster? Does it work like a VPN? What EE take?

Thank u!
Rowby Goren Makes an Impact on Screen and Online
LVL 13
Rowby Goren Makes an Impact on Screen and Online

Learn about longtime user Rowby Goren and his great contributions to the site. We explore his method for posing questions that are likely to yield a solution, and take a look at how his career transformed from a Hollywood writer to a website entrepreneur.

We recently acquired another company with it's own domain and on prem exchange environment (just like the ours).  We established a forest trust and that is working well however we are having some email issues.  At this point I am not sure this issue is a result of joining the domains through the forest trust but it is a recent change.

Here's the scenario.


Mail from company.a.com can get to company.b.com without issue.
Mail from company.b.com to company.a.com does not go through.

In the queue viewer for company.b I can see the que for company.a.com with this error message Screenshot_1.jpg.

If company.b.com pings mail.company.a.com it returns the internal address of the exchange server.
If company.a.com pings mail.company.b.com it returns the company.b.com spam host (as it should).

Here is information from one of the emails that is stuck in the que on company.b exchange server.
Identity: mail.company.b.com\32793\108813
Subject: test 2
Internet Message ID: <FBBAA7F55C821243B5B4F54AF90BE4319E0C68DC@mail.company.b.com>
From Address: Administrator@company.b.com
Status: Ready
Size (KB): 3
Message Source Name: FromLocal
Source IP:
SCL: -1
Date Received: 10/7/2019 3:58:08 PM
Expiration Time: 10/9/2019 3:58:08 PM
Last Error:
Queue ID: company.b\32793
Recipients:  administrator@company.a.com;2;2;;0;CN=SMTP Default,CN=Connections,CN=Exchange Routing Group (DWBGZMFD01QNBJR),CN=Routing Groups,CN=Exchange …
I have a system with 3 Domain Controllers (Server 2019).  One of them got out of sync (my best description) and wasn't replicating - while the other 2 seem to be working fine.
The problem seemed to be RPC errors but all 3 DCs were running together in a test lab before being deployed.
This one was deployed a month or so after the first two, having been powered down during the interim.
The failure would cause me to suspect the real network they are now in somehow - but "how?" is elusive.
I have wireshark captures taken during replication attempts but I don't see much that jumps out.

Eventually, I was advised to take the "bad" DC off the domain and re-promote it.  
I've proceeded with thatprocess and have tried a lot of suggested things but so far no luck in promoting this DC.
Fortunately, this DC wasn't in the mainstream of operations and, without replication, had less configuration data on it than the others.
So, taking a step back is of little concern.

I think I did a pretty good job of bringing the DC down but I'm unsure of its status.  There's a first time for everything...
I still see remnants of its name on the others for example.
So, I think the first step is to confirm that stuff is removed as required in preparation for promotion.
I've run a bunch of tools but don't know when to be happy or sad re: the results.  Just no experience.
So, I'm wasting calendar time by running down blind alleys.

I *did* try to promote this DC but the process won't …
I have an older exchange server which is working without a problem on my current ISP.  I had to switch ISP's recently and my old ISP will be disconnected shortly.

Unfortunately, even though I WAS told my new ISP can provide rDNS for my on-premises email server, I am now being told they cannot.

I have a "persistent-IP" which is ALMOST a static public IP, but it must be from a block of public IP's they have in which I am probably being natted.

So, is there a way to setup a third-party rDNS so my emails from my on-premises server do not end up in spam or bounce?

How can I determine what device is on our network?   I can ping the IP but I do not know what the IP is attached to.   I tried entering it in the browser but it does not find it.
We recently acquired another company with it's own domain and on prem exchange environment.  The current project in front of me is to migrate their ERP database into ours and stand up a new terminal server for them to access the ERP once the migration is complete.  We now have a VPLS connection established between the two networks and we can pass traffic just fine but the domains are not yet talking to each other.

Long term I'd like to join them into our domain directly and decommission the one they are currently using (and likely move both on prem exchanges to the cloud).  With exchange operating where it is and the aggressive timeline on the ERP project to consider.  I'd like to minimize the amount changes happening all at once to lower the risks to the project success.

What I would like to do now is to get the domains talking to each other so that authentication can happen across them.  When the users at the other domain log into the new terminal server on our domain I don't want them to have another account to log in with.  Additionally, we need DNS to be talking to each other so remote apps will work properly because I can't stick a cname or static a-record into their DNS for our domain.

From the research I have done this seems possible through a forest trust and adding a new secondary zone on the DNS for each side.  Their secondary zone would be our domain and our secondary zone would be their domain.  I have never done either of these things in the past so I …
Hi expert,

I configured all exchange server internal and external url as hostname.company.com which wasnt same as the standard url recommended by microsoft.

I suspect this caused the dns confusion and thats why external user are not able to login into the owa externally.

If i were to change the URL to standardized with microsoft guideline example: mail.company.com, what is the impact? or thing that i need to take note with?
My work laptop works fine on my home wireless and even my hotspot. When I try to bring it to a hotel , it connects to the hotel wireless but will not open the redirect screen to agree to conditions then put in the wireless key.

I checked DNS to make sure no other dns servers listed, set to dhcp, no proxys. Security is low in IE, TLS 1.0 2.0 etc..enabled

Any suggestions on anything else I can check?
Entering http://www.felixstowerotaryclub.org correctly routes to the correct website and sets up a secure connection.

Entering http://felixstowerotaryclub.org routes back to the old website.

Entering https://www.felixstowerotaryclub.org connects correctly

Entering https://felixstowerotaryclub.org gives an invalid certificate error.

How can I get http://felixstowerotaryclub.org to route to the new website and https://felixstowerotaryclub.org to not give an invalid certificate error?
Someone accidentally deleted our Windows Server 2016 AD-Integrated forward lookup zones using a third party tool. What would be the easiest way to recover the DNS zones? We do have the ability to restore the any of the domain controllers in its entirety, but we will have to accommodate for an Authoritative restore which it doesn't seems to be a straight forward process.
Fundamentals of JavaScript
LVL 13
Fundamentals of JavaScript

Learn the fundamentals of the popular programming language JavaScript so that you can explore the realm of web development.

Hi EEs,

My client has purchased a secondary domain name which is supposed to capture more traffic based on the very name of the domain. I know how to do both Domain Forwarding and changing the DNS to point to the primary hosting servers. However, my quandary is what is best for the search engines and the users to ensure they don't think the site has been hijacked.

So, is it better to enable domain forwarding or point DNS servers to primary hosting servers?

I'd really appreciate some expert insight on the best method forward to capture as much leads as possible for my client.

Hi Expert,

I have setup ms exchange 2016 in my company environment, done configured SSL and setup all virtual directory internal and external url as exchange.company.com, but I still can't land on https://exchange.company.com/owa when using public network. Is there anything missing in my below configuration?

Currently the network environment is Internet > Link Controller >  Exchange

In internal DNS
- Host A records for Exchange Server pointed to internal IP address (192.X.X.X)
- Host A records for autodiscover.company.com pointed to exchange internal IP (192.X.X.X)
- MX records for exchange.company.com

In external DNS
- Host A records for autodiscover.company pointed to external IP of exchange server
- Host A records for exchange pointed to external IP of exchange server

Using public network i'm able to ping exchange.company.com and autodiscover.company.com that resolve to the external IP of my exchange server.

Any thing else i can check?

I have a client with a Ricoh MP C5503 that I am trying to set up with scan-to-email. Because the Ricoh only provides SSL encryption, I set up a free Juno email account dedicated to the printer.  So we are on the same page, here's where I put what:
Device Management > Configuration
Under 'Device Settings' section
Click: Email
-Administrator E-mail address: (email@juno.com)
-SMTP Server Name: smtp.juno.com
-SMTP Port Number: 465
-SMTP Authentication: On
  -SMTP Email Address: (email)@juno.com
  -SMTP User Name: (email)@juno.com
  -SMTP Password: (password)
  -SMTP Authentication: Auto-select

I also tried:
Under 'Device Settings' section
Click: Email
-Administrator E-mail address: (email@juno.com)
-SMTP Server Name: smtp.juno.com
-SMTP Port Number: 25
-SMTP Authentication: Off
  -SMTP Email Address: (email)@juno.com
  -SMTP User Name: (email)@juno.com
  -SMTP Password: (password)
  -SMTP Authentication: Auto-select

My client is using Google Fibre as their ISP. One of my tech friends who works a Ricoh service says the issue is Google Fibre blocks access to any DNS other than the local IP pointing to the Google Fibre Gateway. I confirmed this as I set up the Ricoh with:
DNS 1: (the Google Fibre Gateway) - Test Successful
DNS 2: - Test Unsuccessful
Or DNS 2: (Cloud Flare) - Test Unsuccessful
Or DNS 2: (Cloud Flare) - Test Unsuccessful
He says that if I can figure out what DNS server Google Fibre is …
How to determine if a Configured Forward DNS Zone is Primary zone, secondary or it is s Stub Zone in windows 2008 r2 server
Hi There,
We are testing our new website on Test environment , Couple pages on it uses angular 8  and the images on it is not displaying  when we go to our test website from within our organization, when we check from outside our network it works fine.

We do use OpenDNS to block certain category of web, so if we change our dns to use google public dns the test website displays the images correctly. We did try to disable OpenDNS still the web site doesn't display the images. So something internal when we use our DNS is blocking it.
Till we figure this completely,  is there a way inside our network where we can adjust the host file  or something so only for this particular website which we know is safe we can default it to use the dns server and all other request go through our DNS server which basically gets forwarded to OpenDns.

so for example anybody inside our networks look for www.example.com should be the dns server that should resolve it, any other website should go through our DNS.
I will appreciate anybody has any idea if we could do that and if so how..
We have a server that I want to add a DNS for testing:

- Example server:   IP:  
- I want to call it Server.domain.co.uk (domain.co.uk being our external facing domain name)
- Our current AD domain is called company.local
- Eventually we will open our firewall to let the traffic from the internet through (after testing service)

I want to route all internal people to the server direct in our network and to be able to use our SSL cert.  I could add another zone (domain.co.uk) but this messes up our connections to other services e.g. our website that is controlled externally.

Looking for helpful ideas...

Kind regards






The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.