The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.

Share tech news, updates, or what's on your mind.

Sign up to Post


I just want to clarify something about scavenging and dhcp lease time. Does the scavenging Refresh and No Refresh settings have to be equal/or less than the dhcp lease time or does the scavenging period have to be equal/or less to the dhcp lease time? For example if my dhcp lease time is 4 days then should refresh and no refresh period be at most two days a piece? What should the scavenging period be for this amount of time, does it matter?

Thank you.
Our DNS Host

The reply back I got back was that 'we are not your authoritative DNS host for this IP'. The odd thing is that they added other Azure IPs into our DNS zone fine in the past. So, I have a couple of questions about this.

1. We have used the very same Azure IP address for another website fine - our DNS hosting provider never refused to add that A name entry into our DNS zone...we have several other Azure IPs they have entered in for us as well.
2. Shouldn't a DNS hosting provider be able to enter in any public IP for an A name record that we request, regardless of who owns the IP?

If anyone can shed some light on this that would be wonderful. I'm not a DNS expert by any means. Just trying to get an external-facing website published.  I tried contacting our DNS hosting provider account manager but got voicemails.
We have provisioned a HTTPS web server using windows server 2012. An valid SSL certificate with valid CN (Common Name) has been installed on the web server.

However, due to DNS issue some Web client use IP Address (e.g. https://10.x.x.x) on the browser to access our HTTPS server and prompt for warning.  The user will proceed with the warning anyway in order to access the Web service. We are going to have an internal auditing session soon and our question is:

When the end user using IP address to visit our HTTPS site instead of host / CN (Common name) that match with the installed SSL certificate name, we understand a warning will be prompted before connected to the https server but will the HTTPS traffic still encrypted over the transmission during the network communication as we need to get back to our audit department ?

Thanks for your prompt advice in advance.

I have read enough about AD Domain Name selection and see that company.local is a bad idea.
Alternately, it appears that something like corp.company.com is recommended where company.com is registered.

In the case I'm considering, company.com is in use in the outside world.  www.company.com is being redirected to www.company2.com.
So, I understand that I'd choose something like corp.company.com or btfsplk.company.com, etc.

If this is done, is there any particular concern that there could be conflict between www.company.com and btfsplk.company.com if we misconfigure something internally?
If so, I'd be motivated to register btfsplk.com and just use it internally only so there can be no conflict for sure.
Or, would that be overkill?
we have a single exchange mail server which for the most part is working OK. However, we have one client who is trying to email us, and receiving bouncebacks that the account does not exist.

we have an mx record pointing to our mail server as follows :-


On the bounceback we are told :-

mx.google.com rejected your message to the following email addresses:

On checking further I notice that we have acquired several google mx public dns records

Our main or primary dns record is still correctly set at mail.domainname.co.uk

My question is where did all of the google mx records come from, and why this one particular client is having problems getting mail to us when the main mx record points to our mail server correctly? All other mail is reaching us correctly.

Any advice much appreciated.

Here is a strange one that I don't think I can quickly wrap my head around:

Peer-to-peer network with 3 inter-routed subnets with name service traffic between subnets.
IP addresses are static so we generally just use IP addresses for inter-subnet accesses.

We have one application that doesn't seem to be "used to" such networks.
So, we added a hosts file for the entire set of computers to that one workstation.
Presumably this helps the application and it's caused no problems.
Now that workstation can ping *names* across all 3 sites - with suitable Private network firewall rule scopes of course.

I now realize that nslookup doesn't work across these subnets *including* the local subnet.
It's obvious why.  nslookup on each workstation is using an external DNS address entered on the NIC.

So, on the workstation in question, I added as the first DNS address on the NIC.
And this is the workstation with a full hosts file.
We can still ping *names* across all 3 subnets from this workstation.
But, nslookup still won't resolve even the local subnet names.

So, in some sense, it appears that the hosts file isn't doing what we (or our quirky application) may expect.
It would be good if I understood the interplay between nslookup and the hosts file.
Any references you might suggest?
I am implementing an Aironet deployment, and I am not sure if I am seeing unnatural instability... or if these things just "do" this sort of thing. My infrastructure is solid, and I am using two subnets- and My wireless devices will all exist on the subnet, so the access points are plugged in there, and I have also connected two of the ports on the WLC 3504 to the subnet. I have also connected the service port on our subnet, for a number of reasons I won't go into now. There is no DHCP server on the subnet, but there is one on, and the subnets are physically connected via Cisco 2901 router. The service port is configured at and the two other ports are statically set and Just letting things sit, I noticed the SSID's keep appearing and disappearing every few minutes and I consoled in to the AP to see this cycle:

[*08/13/2019 18:50:24.7198] AP has joined controller USMDWLC00
[*08/13/2019 18:50:24.7698] DOT11_DRV[0]: Stop Radio0
[*08/13/2019 18:50:24.7798] DOT11_DRV[0]: Start Radio0
[*08/13/2019 18:50:25.9294] DOT11_DRV[1]: Stop Radio1
[*08/13/2019 18:50:25.9394] DOT11_DRV[1]: Start Radio1
[*08/13/2019 18:50:27.3889] Password for user changed
[*08/13/2019 18:50:27.5989] save_on_failure is set to 1
[*08/13/2019 18:50:27.5989] save_on_failure is set to 1
[*08/13/2019 18:52:08.6904] Re-Tx Count=1, Max Re-Tx Value=5, …
Current Configuration:

Three DCs:
DC01 Running Server 2016 Standard, running AD, DNS, WINS
DC02 running Server 2012 R2, running AD, DNS, WINS and DHCP fail-over from DC03.
DC03 running Server 2012 R2, running AD, DNS, WINS, and DHCP with fail-over to DC02, and all FSMO roles
NAS containing User's Data and Roaming Profiles, redirected via GPO's. Some Public data is stored on DC01.
33 Users
4 User PC's - All users are required to have access all four PC's (hot desking).

All replication works fine for AD, DNS and WINS, as does the DHCP fail-over.

I need to update the whole network to native Windows Server 2016 Standard, or better still 2019, without turning the above servers into doorstops, and with the minimum of downtime.
At the end of this exercise, DC02 will be removed from the network completely, as it is not upgradeable, and will only run 2012 R2.
DC03 will also be removed from the network, but will have the Motherboard upgraded, and the system rebuilt as Server 2016 Standard or preferably 2019 Standard.

Can I do it like this?

01 Move all of the FSMO rolls from DC03 to DC01. This would make DC01 the Primary controller.
02 Remove DHCP from DC02 and DC03, and put it on DC01. Break the fail-over between the DC01 and DC02, and then add the DHCP role to DC01. Finally, do backup of DHCP from DC03, and then restore on to DC01.
03 Remove DNS, and WINS from servers DC02 and DC03, leaving DC01 as the only server running DNS and WINS.
04 Demote DC02 and …
Hi Experts,

we have a DNS Server with Windows 2019.
Some other servers are LINUX servers.
There is one user in AD which should make DNS updates, this user is member of DNSAdmins.

But the user on the linux Server gets this error:

; TSIG error with server: tsig verify failure
update failed: NOTIMP 

Open in new window

The selected DNS Zone is alredy set for dynamic updates -> Secure only.

Do you have any ideas why we get this error on the linux side ?
I had 2 DCs in my domain, on which one (DC2) unfortunately completely failed and didn't come online ever again.

I deleted the DC2 on my DC1 in User and Computers and Sites and Services. All roles were on DC1, so no problem with them.  Still had some dns Entries which I tried to delete manually, but the SRV entries keep coming back.  When I trya a  Metadata Cleanup with ntdsutil, DC2 isn't available anymore.  I can't figure out how to get rid of the entries.  I also went into the adsi editor and I do not see DC2 in there.  Does anyone know how to get rid of these DNS entries.  I want to get rid of them before I promote the new DC2 server.

Hi Everyone.

I need someones a opinion if someone had the chance to test it. Does skype For Business Front End Server works with Lync Edge.

The reason why I'm asking is that we are planning a Domain Migration minimizing the disturbance for users.
At the moment on Both domains have Lync 2013. As part of the migration i want to add on one site a new Site in the Topology for SfB.

Unfortunately both companies on both domains are owned by one company and they work very closely so there is no option for Federation disruption. That's why I can't for example add on the destination topology the SIP domain the Source domain users are using as this will break Federation for the Destination Domain users.

Thats why my plan is to

1. Add a new Site in the Destination Domain
2. Add a SfB servers
3. Move users using temporary a SIp address the Destination Domain owns
4. After all users will be moved add the Source Sip address to the Destination topology, together with configuring all the required External DNS records.

But when i started to write the Plan it got em thinking how I can configure the Edge Server for SfB without affecting the existing Lync environment in the Destination Domain, and not affecting the Edge server on the Source domain.
This is where I'm wondering if SfB front End server works with Lync Edge so i can use it temporary as a Bridge until all users will be moved from Source Domain and i can start repointing all External records to new server.

My client's website www.mesila.org seems to be blocked from both Hong Kong and Australia, and they don't know why. THis has gone on for more than 24 hours. I am able to duplicate the error by changing my VPN to Australia or Hong Kong.

The DNS points to Cloudflare, and from there the A record goes to an AZURE server with a CDN. I don't know where to begin to try to solve such a problem.

Any ideas?

Thank you.
Hello Experts

I need some precisions about configuring External DNS zone for My new Exchange Deployment

I have my Exchange  Setup with
1 EDGE Server
 2 Servers for CAS
 2 MBX servers

I need to know the records that I should configure to my public DNS

I know that I should create an A record pointing to the Public IP of my Edge Server

I should create an MX as Well that according to me should point to Server.mydomain.com

Now i am a bit confused since i have CAS Servers pointing to Webmail.mydomain.com as external name

My intention is that for Webaccess point to Webmail.mydomain.com  and Activesync etc

and for MX server.mydomain.com pointing to the Public IP of my EDGE

Am i correct with the config ? Can i have the MX and the CAS pointing to the same name : webmail.mydomain.com?

My DNS hoster is goddady
I have a Google Domain that doesn't have email.

I want to use my Office 365 email account with the Google Domain.

How do I set up my Google Domain to use Office 365 for email?
Interesting issue.

I have a client that uses cyber roam tunneling for their remote users and one of their users that is connecting remotely is having serious remote issues.   Upon windows login, their desktop entirely disappears.  Also the windows folder redirection failure message appears during startup disallowing them to connect to any of their shared drives.   Once the cyber roam client connects, all their desktop icons appear again and they are then able to connect to their remote folders as normal.   However, they are unable to talk to their domain.   If we try to ping the fqdn it says its not available.   However we can resolve to their DC via UNC.   If we do an IPCONFIG the tap controller displays an IP and SN and DNS however no gateway within ipconfig /all.   We are also not able to gpupdate /force or do any internal domain function as the internal domain will not communicate.   We cannot add her domain login as local admin to the machine since it only reads the local machine name.   we have no idea how this occurred.   Any assistance is appreciated.
Hello all, I have been migrating to Exchange 2016 from 2010, but most of my mailboxes are still on 2010.  I've got OWA, and ECP working well on 2016 and ready to start migrating mailboxes over the next week or so.  However, my autodiscover isn't working.

When I run the autoconfig test from my Outlook 2016, it states that Autoconfiguration was unable to determine your settings!

I've followed this guide from Adam,  https://community.spiceworks.com/topic/1956009-changing-autodiscover-scp-and-client-access-urls and as far as I can tell I've got split-DNS configured correctly, although it's murky since both servers share the same external URL's.  

Would be glad to submit configs, if someone can help me figure out where I've gone wrong.  Thanks in advance all!
AutoConfig Results
Hello IT gurus

I have microsoft windows DHCP, DNS, and Active Directory servers in the clouds. but now I'm migrating them to newly built datacenter. I need to export them, or their database, and their settings to the new servers in the new datacenter.

Is that possible?
if it's yes, how?
Hi.  There are times when DNS and a PC name do not match, and can determine this with PING -a, for example, I ping Computer 1 and returns an IP address, then PING -a the IP address and find the IP is associated with Computer2. I once wrote a simple batch that pinged the PC by name, captured the IP, then PING -a and if the PC names don't match, there's a conflict. That worked well.

Is there an elegant way to do this type of verification in VB.net?   I have an app that depends on connectivity to a remote PC host (on an AD domain), but it fails if there's a DNS conflict.  I'd like to verify there's an actual DNS issue in VB, instead of calling on CMD to check.
I've set up a brand new network and am using Server 2016 as the DC, Active Directory and DNS.  The trouble I'm having is that DNS isn't being advertised to the LAN.  When I try to join a computer to the domain.  It fails.  But if I statically assign the DNS IP on the computer, then it joins.   What am I doing wrong

I have pc which has his IP reserved in DHCP server. The DHCP is configured to update DNS.

Now if I deleted the PC  A record name in DNS. When DHCP will recreate it in DNS?

We have a site that was working and being accessed externally and internally via the web. The vendor upgraded the system by creating a parallel system. The site is no longer working. The odd thing is there is an app and that part is working but access to the sire via web\browser internally or externally is not working. The site is assigned a dns name as an example metro.companyname.com. We point that to a netscaler (called citrix support and they said netscaler is passing traffic fine) the netscaler then fowards onto the iis server but nothing. However there is an app when we put in metro.companyname.com/site_name, the app is able to connect and has all the functions. Explain may be a confusing, is there any suggestions or questions I can answer to help point in the right direction. We compared the old iis server to the new one an cannot find a difference that is causing an issue. Any help, much appreciated. Thanks,
We have multiple sites all on different subnets, we have one central DHCP server which I want to change (so I can do maintenance).

I want to add a second DHCP server (for redundancy) but I can only broadcast one helper address from the site routers.  I have read up on virtual IP's but am unsure if this is the correct way to go.

We have multiple DC's in different geographical locations
Routers are part of our MPLS so I cannot make changes (I can have the helper add changed)
All servers are in the hosted data center (VM's)

All help/advice gratefully received.
Hi EE,

I have a very strange problem at the place I'm currently living in.  My landlord is trialing a new Wifi connection this trial began at 11 am 1 day ago. No wireless configuration changes were required from my end and my tablet and mobile phone connected to the new wifi without issue. However, my Windows 7 desktop either by Wifi (using the same credentials as my mobile and tablet) or LAN DNS resolution doesn't work anymore I can ping external websites fine.

Tried setting my DNS to Google no luck.
Tried disabling IPv6 no luck.
Tried the ipconfig /flushdus, ipconfig /registerdns, ipconfig/release, ipconfig/renew no luck.
Tried the Netsh winsock, reset catalog, int ipv4 and ipv6 reset no luck

Event logs on my PC confirm the started have DNS issues at 11:03 am that day warning is:

The warning is event 1014 and the source is DNS client events. The general section reads, "Name resolution for the name [insert website URL] timed out after none of the configured DNS servers responded.

Any ideas I am completely stumped by this.

Thank you.

We are going to install new virtual infrastructure and the implementation engineer has asked me to create DNS entry for Forward lookup zone and Reverse lookup zone for the following servers.
VCenter server

Please post me tutorials to set up this on our Domain controller.






The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.