The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.

Share tech news, updates, or what's on your mind.

Sign up to Post

I can't figure out why a domain is being blocked on our network.  We have one specific site which is our organization site that is perfectly accessible from outside the office.  Inside the office it gives a message that the site "can't be reached"  Check proxy and the firewall.

I ruled out the DNS server being the problem since I replaced the settings on one computer to and the problem still persisted.  We have a SonicWall firewall but I don't remember setting anything in there to block that at all recently.  Are there any troubleshooting techniques that I can utilize to find the underlying cause?

We are utilizing a Windows network with a domain controller.  The site was accessible before and all of a sudden is not.
Rowby Goren Makes an Impact on Screen and Online
LVL 13
Rowby Goren Makes an Impact on Screen and Online

Learn about longtime user Rowby Goren and his great contributions to the site. We explore his method for posing questions that are likely to yield a solution, and take a look at how his career transformed from a Hollywood writer to a website entrepreneur.

I need to lower our DNS lease duration for DHCP clients to 1 day (don't worry why - it's for a reason) and i wanted to know what a recommendation would be for my DNS scavenging with this change. i currently have 7 days set for both scavenging settings. Is this a consideration, or is there no other worry other than alot of systems will check in more frequently and that's all to worry about?
Cant connect to VMware vCenter Server Appliance I believe this is a DNS issue as i upgrade to a new Active Directory server but not sure how to fix this.

503 Service Unavailable (Failed to connect to endpoint: [N7Vmacore4Http20NamedPipeServiceSpecE:0x00007f9ff80047e0] _serverNamespace = / action = Allow _pipeName =/var/run/vmware/vpxd-webserver-pipe)
Using:   Linux  2.6.32-696.18.7.el6.x86_64 #1 SMP Thu Dec 28 20:15:47 EST 2017 x86_64 x86_64 x86_64 GNU/Linux

two DNS Slave Servers...One logs the query.log file to  /var/log/named.log  query.log       The other server logs the query.log file to   /var/named/chroot/var/log/named.log  query.log      

Searching hi and low to find out where to set the files to the directory that i want them...can't find it.   Any thoughts.
 i would like to know, if there is any reference website on Microsoft Hardening for AD , DNS , DHCP etc

We have a bunch of DNS Servers in our domain and i would like to get the configuration of DNS Forwarders to be sure they have same configuration.
I write a little powershell command to get the information
Import-csv C:\CSV\ActiveDirectory_CSV\CCSMTL\ALLDCs.csv | ForEach-Object {
 $SVR = $_.Name

Get-DnsServerForwarder -ComputerName $SVR }

The only problem I have is that the result does not display the name of the dns server on which it gets the information. Especially that in the result I have a lot of dns server that do not have the same dns forwarders, for which I could make the change afterwards.
So is it anyway to do it, even if i try to get member of command Get-DnsServerForwarder - ComputerName S-ADS001 | gm ?
I have a 2019 Essential Server that I made  a PDC...in fact it is the only DC on the network of 27 computers.

Internally the Sonic Wall is providing DHCP and provides DNS from the ISP. I have setup the DC as a Static in the Sonicwall. However, the server has no internet connection unless i put in as a secondary. Shouldn't this work without the secondary DNS?DNS on serverNIC config
What records are prerequisites for Skype for Business working within Office 365?

Which cname records need to be added?

Any other records required?

When I do a SRV lookup? SIP Federation is in place but nothing else

I have 2 windows 2008 R2 domain with 2 servers.  Both are Domain controllers.  DNS failed as did Replication for a period of time.
Once these were restore to an error creeped in.  This is and even ID 4.  I get it when I force Replication within sites and services.
the reason for failure was the Firewall that was installed on the 2 server, and some mistakes were made within DNS.  I was called into get things working again.
This is where I am now.  I have the event ID 4 on the one server.  Here is the basic verbiage.

The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server t410$. The target name used was DAY\T410$. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Ensure that the target SPN is only registered on the account used by the server. This error can also happen if the target service account password is different than what is configured on the Kerberos Key Distribution Center for that target service. Ensure that the service on the server and the KDC are both configured to use the same password. If the server name is not fully qualified, and the target domain (.LOCAL) is different from the client domain (.LOCAL), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

The best I can discover is …
I have a Server 2012 R2 virtual machine (VM) server running on a VMware host that is apart of a VMware cluster of servers that is able to join my domain, but after joining the domain, and performing the initial reboot, it is not able to login to the domain. I receive an error stating: "No Logon Servers Available." I can still login to the machine via local Administrator account, and when I do, I've verified that the DNS server is set to the correct DNS server (the DC; a Windows Server 2019 VM) and I've verified that this server has been created as an object in AD. Additionally, I cannot perform a gpupdate /force to test if there is connectivity between the server and the DC. When I ping the hostname of the server from the server, it yeilds the IPv6 address rather than the IPv4 address yet, IPv4 has been given priority. Additionally, I've unjoined and rejoined the server to the domain to only yield the same results. I've joined other machines to this same domain without any issue.

Quick note - I can successfully ping the hostname and IPv4 address of the DC. Additionally, if I force the ping of my own hostname to use IPv4 (e.g. ping hostname.local -4), it will yield the IPv4 version.
JavaScript Best Practices
LVL 13
JavaScript Best Practices

Save hours in development time and avoid common mistakes by learning the best practices to use for JavaScript.

 I have SBS2011 with following static IP information.
IP address:
Subnet :
Primary DNS:
Seconday DNS:

The problem is  that this server can't ping itself.

C:\Windows\system32>ping P1

Pinging P1.domain.local [fe80::58a2:19ad:e5a:aeff%16] with 32 bytes of data:
General failure.
General failure.
General failure.
General failure.

(1) it can ping any workstation PCs by IP address, however it can't ping by computer name.
(2) When I open DNS manager, I see all domain joined computers along with primary and backup domain controllers with name and ip addresses.
(3) It can't access the internet.
(4) Workstation computers still can access shared folders from this SBS2011.
(5) In the backup domain controller (, I can ping SBS2011/DC ( as well as any other computers by name or IP address.
What do I need to do fix this problem?
I'm in the process of creating new Windows 2016 servers of my old Window 2008 Servers.

My 1st will be the Domain Controller.

What is the easiest way of making my new 2016 server the new Domain Controller and  importing all of the DNS information from the 2008 server?
windows DNS server , 2012 r2. Roles = Active Directory Server and DNS server
Can anyone explain the following query (from DNS debug logging)

       UDP Snd    31a4 R Q [8281   DR SERVFAIL] A      (5)pts/0(0)

Where is probably a Linux device?
My debug log is full of these. I don't know what
PTS (as a destination address) is and I dont know why its a SERVFAIL.
1. What is "PTS"
2. Why is it a SERVFAIL
3. Does this clog up my DNS server, I have a lot of these entries.
Can someone help me set up a DKIM record? I have a Microsoft SBS2011 with Exchange 2010. I have several domain names that I use for sending and receiving email.  My main domain name associated with he server is dravingconsulting.com. I'm getting rejections from Yahoo.com, AOL.com and Verizon.net.  I have set up SPF records for each domain name but I've also been requested to set up DKIM records.

I want to configure 2 redundant DNS servers on Windows without a domain. Should one server be primary and the other one be able to make zone transfers?
In case if the primary DNS server goes down and we make changes to the secondary, how can we synchronize them back to the primary?

I have a multi tenant web app

Users can create trials, and I assign they url like so

123 = db Id of that trial.

This all works great
However its not on https

I use certify the web for iis https certificates
I would like to have a wildcard cert
*. Mydomain.Com

So that all these trials are on https
Ideally I don't want to pay for certificate or have to enter the bindings for every site for the trials

What options do I have? Is this possible
Entering bindings is a bigger head ache than buying a wildcard
But ideally let's encrypt /certify the web would do it all

I use 123-reg to manage domain dns
Hi Guys,

I got a problem about that I cannot add the PDC ip in "Master DNS Servers" of my secondary domain controller. I already unblock ICMP-IPv4 in inbound firewall setting and I can ping each other. But still has a problem.
Any suggestions would be much appreciated.

The company I work for programs a website that runs on CPanel on CentOS.
In addition to our primary domain, we have almost 100 aliases that are domains for our customers (B2B).
When someone browses to one of these customer domains, the site adjusts its content (logos etc.) to look like it was custom made for that customer.

There seems to be a limit of 100 aliases in CPanel. We want to create many more - maybe 1500 -2000 long-term.

What is the best way to do this? Can the CPanel limit be raised? Is there a better alternative to CPanel?

Should we use subdomains or addon domains? Can we add 100 alieases to each of them? Can we add an SSL certificate to each of them?
Can we do this all within CPanel/WHM supported functionality, or do we have to make custom modifications?

Hopefully that makes some sense. Thanks for reading.
Regards, Ryan.

I have setup a gpo AD account lockout policy. I am using netwrix Account Lockout examiner and I receive an email when an account gets locked out. Yesterday I received an email saying my account was locked out on computer name called admin-pc. The problem is that there is no computer object called admin-pc. I do see in dns that there is a stale dns record that has that name. Can anyone explain to me what might be happening/ how I can troubleshoot further to figure out what was attempting to log into my account?
Exploring ASP.NET Core: Fundamentals
LVL 13
Exploring ASP.NET Core: Fundamentals

Learn to build web apps and services, IoT apps, and mobile backends by covering the fundamentals of ASP.NET Core and  exploring the core foundations for app libraries.

We have a Windows domain that operates at the W2K12 functional level.  We recently fixed a mistake of our own making with respect to Dynamic DNS updates from our DHCP server.  We now have A & PTR dns records with the proper permissions (owned by the domain account associated with the DHCP server) in our AD integrated DNS zones.  The problem now is we're left with an unknown number records that are still owned by the computers themselves.  I've done enough spot checking to know there are plenty of these records still out there.

Is there a way to list DNS records that do not have a specific domain account in the ACL for that record?  I want to find every record that domain\dhcpuser does NOT have permissions to.

I need to find these records so I can delete them so they'll be recreated with the proper permissions the next time the computers request an IP from our DHCP server.

My second question is can I directly assign permissions (in DNS mgmt console) for the proper dns zones for my domain\dhcpuser account so it will be able to overwrite any older A & PTR records that were not created with the proper permissions?
DNS Zone ErrorHi,
 I have SBS2011 and when I run Fix My Network from SBS Console/Network/Connectivity, it shows that a few DNS related errors.
 Is there anything I can try? When I open DNS manager, all the computer names are there in forward & reverse lookup zones.
 What can I do?

I am in the process of changing user UPNs to their primary SMTP attribute but have encountered a UPN Suffix routing issue on one of the forests. Details are:

Forest A:
DNS - ResourceA.Internal
Name Suffix Routing:
AccountB.Internal - *accountB.internal
AccountB.Internal - *accountB.com
AccountC.Internal - *accountC.internal
AccountC.Internal - *accountC.com

Forest B
DNS - AccountB.Internal
Alt UPN Suffix - AccountB.com

Forest C
DNS - AccountC.local
Alt UPN Suffix - AccountC.com

Trust Relation Ships
ResourceA.Internal <==> AccountB.Internal (Two-way - Forest - Transitive)
ResourceA.Internal ==> AccountC.Internal (One-way - Forest - Transitive)

ResourceA.Internal contains Mailboxes with disabled accounts and Servers
AccountB.Internal and AccountC.Internal contain user accounts linked to Mailboxes in ResourceA.Internal

AccountB.Internal behaviour:
I am able to access Mailboxes (via OWA) and RDP to servers with Domain\User and UPN.

Accountc.Internal behaviour:
I am able to access Mailboxes (via OWA) and RDP to servers with Domain\User only not UPN.

I have checked firewall ports and the following are open:
135/TCP      RPC Endpoint Mapper
464/TCP/UDP      Kerberos password change
49152-65535/TCP      RPC for LSA, SAM, Netlogon (*)
389/TCP/UDP      LDAP
636/TCP      LDAP SSL
3268/TCP      LDAP GC
3269/TCP      LDAP GC SSL
53/TCP/UDP      DNS
49152 -65535/TCP      FRS RPC (*)
88/TCP/UDP      Kerberos
445/TCP      SMB (**)
49152-65535/TCP      …
We want to change our remote office access so that PCs logon to the domain instead of users using remote desktop.

We have our servers colocated in location A with an ip address range 192.168.0.nn one of which is an active directory domain controller. All sites from there are linked with VPN

London Office, has IP address range 192.168.53.nn with a secondary DC. Pcs in london can log onto the domain in Location  A  and also resolve computer names instead of using IP addresses

kent office has IP address range 192.168.50.nn with NO secondary DC, linked via VPN but when trying to join the pcs to the domain in Location A I get the no AD/DC can be found, yet I can ping it successfully using its ip address.

This to me is a DNS issue??? or am I totally wrong? Can anyone resolve this? The attached PDF shows the sites & services
I want to secure all that I can and I see on some whoseis queries that some company have put in place privacy information in their dns information adress email and so on.
Can you clarify what is it, is it a good thing to do, is there any negative things doing it?

I got this from wiki:

The Internet Corporation for Assigned Names and Numbers (ICANN) broadly requires the mailing address, phone number, and e-mail address of those owning or administrating a domain name to be made publicly available through the "WHOIS" directories. However, that policy may enable spammers, direct marketers, identity thieves, or other attackers to use the directory to acquire personal information about those people. Although ICANN has been working to change WHOIS to enable greater privacy, there is a lack of consensus among major stakeholders as to what type of change should be made.[13] However, with the offer of private registration from many registrars, some of the risk has been mitigated, enabling those spammers, direct marketers, identity thieves, and other cyber-criminals to hide behind anonymous domain registrations to make it difficult or impossible for victims to identify those responsible.[citation needed]

With "private registration", the service can be the legal owner of the domain. This has occasionally resulted in legal problems. Ownership of a domain name is given by the organization name of the owner contact in the domain's WHOIS record. …
Hello Team,

I want to know the configuration details for the below requirements.

I want to setup a Radius server on Windows Server 2012 R2 STD configured with AD, DNS, DHCP, NPS, CA, IIS etc. to connect Ubiquity (AC Pro)Wireless SSID on non-domain laptop and mobile devices (android and Iphone) using an External certificate.  but the condition is the mobile users or laptop users should not have any authority to copy/export  this certificate to another devices.

please help me on this case. thanks in advance






The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.