The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi All,

This is one of those, 'I was asked a question, and I don't know the answer'.

A client has a double-NAT setup (good reasons), and is not on a fixed IP, but uses a dynamic DNS setup (NoIP but that shouldn't matter I think).

They asked if there is any downside to setting up the Dynamic DNS updates in both routers, rather than just the external one.

I cannot see any issues with this, but figured I would garner opinions here.

The external router is already doing the udpates, and working fine as it has been for some time.

The inner router can do it, and has a 'web' option to determine its actual external, routeable IP.  I have turned off the outer router updates, and activated the inner one, and it successfully and correctly updates the dynamic IP (I manually reset it to in the NoIP web interface, then updated via the router and it changed back to the actual external IP).

I know I could just test it, but I don't want to do that, think it is all okay, leave, and get a call later that something is not working or causing a problem.

So, is there any issue with turning on both?  I'm not sure there is much upside either, but the question I have been asked is, why not turn both on?


I have Ubuntu 16.04 (Desktop Edition) with OpenVPN server and BIND9 installed. I used a script when I installed OpenVPN. My OpenVPN client is a W10 netbook with 4G USB modem.
When I choose to use Google DNS during OpenVPN installation then I can surf the Internet via OpenVPN just fine (on my OpenVPN client W10 machine). But if I choose to use a current DNS settings (ie. my own BIND9 server), then I can connect from client to server, but DNS doesn't work. I know that I must edit config file of OpenVPN server server.conf AND to also edit client.ovpn client's OpenVPN file too. And I don't know exactly whether my DNS server (BIND9) is properly configured to play this kind of role.
When I go to W10's CMD and do ipconfig /all I do see DNS server with a correct IP of my BIND9 (it's a public IP of my Ubuntu machine, actually). Nevertheless, DNS doesn't work on a client machine and I couldn't find a complete step-by-step manual how to enable this scheme.
I have to publish CAA records for our domain and our public NS are running on BIND9 under Debian 8. Unfortunately, the current BIND seems to be version 9.9.5 whereas CAA is only supported in 9.9.6 and higher.

What is my best bet short of upgrading my servers... ?
I currently have two servers with Widows Server 2012 with the DNS service and I need to replace it with two new ones with the same service with Windows Server 2016. What is the correct way to do it?
I have set up DFS on the new server (2016)  and  I have created the namespace (newserver\#Oldserver) with a folder called the (Share) linking back to the Net App Nas hidden share.

Then I  changed the DNS entry for the (oldserver to point to the new server)  example
 OLDSERVER changed to
I also changed the SPN for the OLDSERVER as follows:


This all worked fine.

The problem is now that the \\OLDSERVER\SHARE still does not work but I can see \\OLDSERVER\#OLDSERVER\FILES, and I need to somehow remove the #OLDSERVER so that the old UNC paths still work.

What have I done wrong?

I have a RDS farm containing 3 hosts servers and a one server Broker. I installed a certificate signed by a trusted authority on the broker server and when I access web mode on the server broker, my certificate is well recognized. In the deployment configuration options, certificates are trusted and OK.  

When I access the server named RDS.domain.fr  (Round Robin DNS containing the 3 hosts hosts) I have the problem of certificate not recognized by a trusted authority. He gives me the self-signed certificate of the Host server. This certificat have no private key.

I have tried to installed it on my computer (Users and computer) but I have the same problem.

How to change self signed certificat on Host RDS ?

We've got a bunch of VMs running Windows Server 2008 R2. One is the domain controller, the others are members. Each of the VMs has two virtual NICs in the same LAN ( [old] and [new]) as we're moving away from the invalid 192... network.
We created DNS records for the VMs' IP addresses in the new network while deleting the invalid ones from – but they keep appearing again, no matter how often you delete them! How do we get rid of them once and for all?
(Before you ask: Yes, the "Register this connection's addresses in DNS" box in "Advanced TCP/IP Settings" is unchecked.)
We have a Godaddy domain name.  When logging into the account to change the DNS records, I get a message "We can't display your DNS information because your nameservers aren't managed by us."

Why would the nameservers be with someone else?  Eventually I need to change the MX records.  Couldn't I just change the nameservers to the default GoDaddy name servers and then adjust everything after that?  Basically take control again?
I'm trying to find the DNS options as mentioned in the following articlehttps://simpledns.com/kb/154/what-is-a-dns-amplification-attack-and-how-to-mitigate-it
I upgraded a 2008 R2 Datacenter server functioning as a domain controller and DHCP server. I upgraded to 2012 R2 Datacenter. I made it a replica domain controller with DNS and made it a Global Catalogue server and then installed the DHCP server role. I backed up the DHCP database on the 2008 server, copied the file to the new 2012 server and I believe I successfully imported the dhcp database file. I have done this many times. All the scope settings, reservations, lease, etc. showed.
I went to authorize the new server and it says it’s authorized under manage authorized servers but will not issue IP addresses.
When I select IPv4 or Scope within the console, it says the server needs to be authorized.
I have installed and uninstalled everything several times but end up with the same result = no ips being issued.
Suggestions please ????
Setting up Cerberus FTP server.
We have a user who wants a ftp server in his network.

I have created 4 or 5 CSR requests for a ssl certificates and all it creates is a domain.com cert.
I need it to create a ftp.domain.com cert.

No matter what I put in for the name of the cert it is always the same. domain.com

I created a DNS setting on my server to point ftp.domain.com to the ftp server and it does connect externally.
But when I connect it shows certificate error.

But when I connect to the ftp server it does show that im connecting with the ssl connection using TLSv1.2.
So the ssl sertificate is doing used but the cert name is only domain.com.

I'm guessing since the names don't match. That's why I'm receiving this error.

IS there a way to create a certificate with another name.

Would I have to create a wildcard or San Cert?
I had this question after viewing changing DNS to redirect users to new file share.

I have an old 2008r2 File server that is a cross-domain server (used by users in multiple trusted domains)  I need to move the shares to a NetApp SAN where I have created multiple new shares.  I would normally do this by Group policy and remap the shares for users. However, due to not being able to trace all users and what domains they are on and what shares they are using.   I am looking to create a DNS Alias to the new locations for each domain.

Any help or recommended course of action to do this would be greatly appreciated.
Hello Team,

This is AD Site & Services and DNS Question

to understand the issue, let me explain through scenario

We have suppose 3 sites.

Site A which having abcd01 DC
Site B which having  abxy01 DC
Site C which having  abml01 DC

Site A DC we have shutdown, and we need Site A users will authenticated through Site B users. But this is not happening, users are getting Site B primary and secondary DNS  which is correct through DHCP

Instead of site B they are being sent by Site B DC to Site C DC, because of this user complaining about slow logon

i have checked site links are properly created in sites and services, between siteA and Site B

Please suggest what could be the issue

Good day,

We have are having problems setting up a trust relationship between two domain.

Currently we are part of a forest called: abc.co.za
Current FQDN: current.abc.co.za
One of the forward lookup zones on our DNS is: companyname.com

New FQDN: new.companyname.com

We have created the conditional forwarders on both DNS servers and can ping both domain names from both sides.

When trying to create trust from current domain we get error on attachments 001
When trying to create trust from new domain we get error on attachments 002

Please also confirm that the current forward lookup zone we have company.com is not causing problems with new domain new.company.com.
Configuring Exchange Web Services

Following this article: http://www.mustbegeek.com/configure-external-and-internal-url-in-exchange-2013/

I would like to know if the configuration of the mentioned web services is done on the CAS server or can be done on any Exchange Server role ?
on the similar context, the author wrote an article here: http://www.mustbegeek.com/configure-url-redirection-in-exchange-2013/

but it did not explain what is the difference between Default Website and Exchange Back End in IIS Manager.

Any Help will be very much appreciated.

Thank you
We had a server named SERVER_A that we are decommissioning on it and it contained a share with software installation directories on it.  We have moved that files and folders to a new server called SERVER_B and and created that share with the same name and rights.  Because many of the software installations on our desktops and laptops still reference SERVER_A I thought I will just create a CNAME record in DNS and point SERVER_A to SERVER_B.  And that works for purposed of pinging the server, but when I try to access the UNC Share-Error.PNGpath of the share at \\SERVER_B\Software, I get the attached error.  Is there a way to accomplish what I'm trying to do because I have a couple shares that I need to be able to access from the old hostname?
I'm moving a physical member server from our data center to an office building. The server is a Windows 2008 R2 server and used only within the network. The office is on the same domain but a different network. The server is used to allow staff to access Peachtree software for accounting needs and has Microsoft terminal server licensing. My plan is only to make IP changes on the server and DNS changes on the domain controllers.

Is there any Active Directory or other needs I need to address before moving it from the data center? Just want to make sure I'm checking off all the boxes prior to the move.
Hi guys,

Was hoping to clarify few questions with your help.

For Exchange Hybrid Migration:
Q1:      Do we need to publish Autodiscover externally and point to the on-prem Exchange infrastructure?
Q2:      At what stage is this required?
Q3: On-prem Exchange 2013 only has internal Autodiscover service URL, do we need to configure external URL also?
Q4: Once all mailboxes in O365, do we point Autodiscover to O365 instead?
Q5: What changes are required in internal DNS
Q6: Do we disable SCP with powershell? Set-ClientAccessServer -Identity servername -AutoDiscoverServiceInternalUri $NULL

Clients have combination of Outlook 2010, 2013, 2016
Outlook Anywhere is enabled

Thank you
I had this question after viewing Can Ping Gateway but NOT DNS Server.

A client of mine has this same issue. The fix in "Can Ping Gateway but NOT DNS Server" did not work. I have applied all of the fix items noted in that thread, including the fix solution.

Some data:

Four computers in this office are just fine. They can ping the gateway located at They can ping the DHCP Server located at They can ping the DHS Server located at I have attached the results of an ipconfig /all command here as the file ipconfig.good.txt.

One computer is having problems. It can ping the gateway at, but CANNOT ping the DHCP Server and DNS Server at I have attached the results of an ipconfig /all command here as the file ipconfig.bad.txt

The problem happened out of the blue yesterday afternoon. The Windows error logs show no suspicious events during that time period. The machine has a clean registry and clean malware status.

All ideas invited.

-- stan

- - - - - -
Stanley Krute
Chief Technologist
Siskiyou Digital Inc.

All the Servers are in Data Center (Colo).
I want to go remotely to all the Controllers (including IDRAG) which are in Colo.

Question: What command would I use to get the above IP addresses?


We have emails send from Amzon server (From our domain name).

My question what is: Amazon SES Domain Verification TXT Records?

Is it an SPF record or it not the same but just another verification process?

DNS SRV record keeps repopulating under the FOrward Lookup Zone _msdcs dc sites _tcp. It was a phantom domain controller removed from Active DIrectory months ago. ADSI Edit was also cleared and doesn't show the phantom DC but DNS is. NO errors in the logs and also tried dnscmd with no luck.

One domain at 2012 R2 functional level. FSMO roles were not on this phantom DC that was removed.

A SPF record is used to authorize specific servers to send an email on behalf a specifc domain.

But which "FROM" exactly the SPF check?

Because in header a spammer can set for example:

smtp.mailfrom = maliciousDomain.com


from = mydomain.com

Because of that it will pass the SPF validation.
We have one server using SSL that purchased on GoDaddy and our domain is www.xyz.com.
Now, we have another server hosting on AWS, and it is still www.xyz.com. We just use it as fail over purpose.
for example, if our main office's power is off, we will switch www.xyz.com's ip to AWS on DNS make easy.

My question is: I want to install SSL on AWS IIS. Where should I get SSL? On Godaddy.com or I can extract from office's IIS?


I have a web app running on Azure at the address steelyard.azurewebsites.net where the following link is used from an email message sent     Dim oLinkAccept As String = "http://SteelYard.azurewebsites.net/offers_to_me?oOfferID=" & oNewOfferID & "&oOfferAcceptDecline=Accept"  

My problem now is that our technical assistant has set up Azure so that the domain www.thesteelyard.co.za can be used for the website as well. My problem is that the following
link does not work     Dim oLinkAccept As String = "http://thesteelyard.co.za/offers_to_me?oOfferID=" & oNewOfferID & "&oOfferAcceptDecline=Accept"






The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.