The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.

Share tech news, updates, or what's on your mind.

Sign up to Post

I am looking for a script to remove a list of A records and their associated PTR.

I have a Windows 2008 with DNS role. I plan to decom it so I just wondering if there is a way to check if there is still device who query this DNS?


As per the article below, I am trying to tun the following command on our DC
On your DNS, click Start, and then click Run.
In the Open box, type cmd.
Type nslookup, and then press ENTER.
Type set type=all, and then press ENTER.
Type_ldap._tcp.dc._msdcs.Domain_Name, where Domain_Name is the name of your domain, and then press ENTER.


When i ran the command it gave me the following result and it says  adc-001.domain.local can't find Type_ldap._tcp.dc._msdcs.Domain.Local: N
on-existent domain. Dose this means that SRV DNS records is missing from ADC-001 and could this been accidentally deleted by my collegues?

Default Server:  adc-001.domain.local
Address:  10.x.x.x

> type set type=all
Unrecognized command: type set type=all
> set type=all
> Type_ldap._tcp.dc._msdcs.Domain.Local
Server:  adc-001.domain.local
Address:  10.x.x.x

*** adc-001.domain.local can't find Type_ldap._tcp.dc._msdcs.Domain.Local: N
on-existent domain
Confused about doing reverse PTR record - 1stly i have an internal email server (inside LAN) as it relays emails out it gets nat'd to outside IP.

Now 1 received has said that i fail PTR for the outside interface (public IP)
He says simply put in a PTR for the outside IP address into DNS.
Ok - but how do i do this without a hotname - dont I have to use a hostname for a PTR record? . This internal email server (sender) is in the internal AD dns namespace.

i have an ubuntu 18.04 (upgrade from ubuntu 16.04) it was menber of domain as ubuntu 16.04 (in samba active directory).
After upgrade i can't see this server in my dns. but it's there because i can't add it as a new host. dns error: "the record alredy exists.)
it's take min. 5 minutes to login via ssh to server.
 what should i do? what is wrong?
in var/log/auth.log is error entry every 2 min. pam_unix(cron:session): session opened for user root by (uid=0) then after 2 min. pam_unix(cron:session): session closed for user root
Hi Experts,

in my local internal DNS is it possible to redirect from one forwadlookupzone to another ?

Lets say, the user types in the browser -> https://domain-old.com
Then he should be redirected to the new link -> https://domain-new.com
Hi Experts,

on the local installed DNS server,
 is it possible to forward a zone to another IP or domain ??

I have 3 domain servers (172.16.10.x) and I will place these servers into DMZ. The IP range of DMZ is 10.10.10.x. These servers need authentication with Active Directory and find other domain computer using internal DNS server in internal network (around 5 servers).

My question are:
1. Do I open Active Directory port in firewall, let these 3 servers to access AD service? Or I setup a read only domain controller and place into DMZ?
2. Do I open DNS port in firewall, let these 3 servers to access internal servers ? Or I add 5 internal servers name in host file?

The old saying that "I do not want to start another elephant for just one elephant sandwich applies here. My knowledge of how the internet operates is a 2 on a 1-10 scale . For instance, I have no idea whatsoever what  purpose a subnet mask or a default gateway are for.  I have no idea what a TCP or a UDP port are for. Preferred DNS? Alternate DNS? Not a clue. I choose not to educate myself on these matters because my  interests are intense in other areas and my need for this new knowledge is infrequent. Why the need for a mini article? I am in the midst of installing an NVR and POE switch for a surveillance system for my residence and lab. I have only got eight cameras. Four of them at present are PTZ capable. The difficulty occurs when a camera fails or I wish to change camera models. It is not as simple as plugging in the new POE camera into the POE capable switch. When being helped by someone that knows how to do this they, for a moment turn on DHCP (whatever that is) and obtain different addresses or settings, then turn it off. It comes second nature to those with this knowledge and often takes ony 2 minutes to install any brand of camera  if it has ONVIV compatibility. What would be great is having a mini course or flowchart with which to install a new camera.

Perhaps such a set of "Dummied down" easy instructions already exists. If they do I do not know where they are. For all I know learning all the above may only take a couple hours, but I doubt that it is so …
Hey Gents, have a serious issue
On DNS and DC servers NSLOOKUP's fail on first attempt. However on second attempt addresses resolve.
Users are experiencing the same issue hitting websites.
Any ideas on why its failing on first attempt.
We are setting up SPF, DKIM, and DMARC for our domains but just wanted to get some clarification on the best options to set for each scan result:
none, neutral, softfail, hardfail, permerror, temperror

So basically wanting to know which is the best option?
From reading it seems that HardFail would be the way to go but just wanted some insight for these settings and what is the best practice for them to set them up?
Hi.  We were experiencing what seemed to be DNS issues (among other issues) with this domain controller (CBLSDC01)  We demoted and removed the AD roles.  Now, we're unable to promote this server.  I've tried the following:

  • Using the IP address of the PDC (located in another subnet via our ELAN) as the primary DNS server on CBLSDC01
  • Adding host file entries for two other domain controllers (FQDNs and short names) at another site since I can't ping them by hostname, but can ping via IP address

See attachments for error messages.

Two questions:-
1. Is there a way that i can automate the creation of reverse lookup zones when i create a scope in DHCP?
2. I have quite a large number of DHCP scopes created already, for which i have no reverse lookup zones configured. Is there a way that i could automate the creation of these zones in DNS
I am installing Certbot for the first time using Amazon Linux 2.

I am following these directions: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-amazon-linux-2.html#letsencrypt

I am creating a new site that is already live and running (for the purpose of this questions is called "mydomain.com").

Here's my question: If MYDOMAIN.COM is up and running, but I want to create the Certificates for this NEW server using Let's Encrypt how can I do so when the DNS resolves to it's live site? (For the purpose of this question it's

Here is the challenge failed:

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mydomain.com
http-01 challenge for www.mydomain.com
Waiting for verification...
Challenge failed for domain www.mydomain.com
Challenge failed for domain mydomain.com
http-01 challenge for www.mydomain.com
http-01 challenge for mydomain.com
Cleaning up challenges
Some challenges have failed.

 - The following errors were reported by the server:

   Domain: www.mydomain.com
   Type:   unauthorized
   Detail: Invalid response from
   []: "<!DOCTYPE html>\n<html lang=\"en-US\">\n<head
   >\n<meta charset=\"UTF-8\" />\n<meta name=\"viewport\"

Open in new window

I have been asked to setup email for a new company that has outsourced the building of their website.  The website company has not fully configured the new domain of my new company and has asked me if I could go ahead and create the desired email accounts with the DNS method??  I am not a network person and don't have the experience to do this, if it is possible.  Can anyone tell me how you setup new email accounts without using a C-panel or hosting company and by utilizing DNS?  Thank you very much!

Please let me know if you require any additional information from me.  Thank you
I have 2 NICs on my blade. One NIC has connection to the internet and the other has connection to the internal network. The two connections are on entirely different network. When I have Ethernet cable connect to the internal NIC, I can get access site on the internal network using internal DNS. However, when I have Ethernet cable connect to the internet NIC, the internal site can no longer work. Is there a way that I can get access to both the internal network and internet on 2 separate network connection connected at the same time?
Hello all...I am getting ready to retire. I no longer will be needing my website. I probably need to transfer my domain name and am in contact with SiteKreator now with whom I have my website with. (Whois attached). I would like to keep my domain name and email for a little while then probably redirect it to the gentleman who will be assisting my customers.

I access my email through G Suite. I believe I am grandfathered in with Google as I set it up with them when it was free. If I need to transfer my domain name how will that affect my email...or will it?

Thanks a million...especially for all your help all of these years!
I had this question after viewing SCCM error in SMS_AS_SYSTEM_DISCOVERY_AGENT - no DDR generated.

We just had the SMS_AD_SYSTEM_DISCOVERY_AGENT status change from OK to Warning.  The Message ID's are all 5203, with variation in teh number of objects that triggered an error :

Active Directory System Discovery Agent reported errors for 4 objects. DDRs were generated for 0 objects that had errors while reading non-critical properties. DDRs were not generated for 4 objects that had errors while reading critical properties.    Possible cause: The site server might not have access to some properties of this object. The container specified might not have the properties available.  Solution: Please verify the Active Directory schema for properties that are not replicated or locked. Refer to the discovery logs for more information.

Based on the previous discussion, I checked "C:\Program Files\Microsoft Configuration Manager\Logs\adsysdis.log" on our SCCM server and found multiple computers triggering errors similar to the following :

ERROR: GetIPAddr - GetAddrInfoW() for "Computer1" failed with error code 11001.
ERROR: Machine Computer1 is offline or invalid.

NSLOOKUP fails to find any record of Computer1.  These computers belong to laptops that belong to full time remote users or haven't been online in a while.

We recently "fixed" …
2012 Lab in Azure AD

I have created 2012 server and windows 10 machine in Azure, have MSDN licence for it

Having issues connecting client to the domain, i put same IP as for DNS server as DC and they are connected on same virtual subnet

Run nslookup on it and get below

DNS request timed out.
    timeout was 2 seconds.
Default Server:  UnKnown
Address:  ::1

Just an azure lab messing around, have dns on both dc and client set to inherit from virtual network

Any quick things I can check to resolve this?
We have an old 2008 domain controller\AD DNS server that is also set as the scavenging server.  It's been this way for years without issue.  We now want to change the scavenging server to a new DC running 2016 but it has been so long since we have had do deal with this, we could use some advice on the change.

1.  The current scavenging server is set using all the period defaults.  It runs every Wednesday at around 7:45PM.  
2.  Should we make the change to set the new domain controller as the DNS scavenger just after step one completes.  Our thinking is this will prevent any issues scavenging records that it should not and it will maintain the same time period.  
3.  Is there any other steps that need to be performed other than just unchecking 'Enable automatic scavenging of stale records' on the old server and checking the same setting on the new server?


It's emergency and i really need your help
there is a big change in our network and I need re-configure dns server and dns domain name in maybe more than 20 scopes in the dhcp server.

is there an automatic way to change that for all the scopes for once?
We had  the internet go down today and afterwards statted having issues with AD Users.

They called me and said their ICONs were gone from their desktop. Not all but some. Some could not open documents.

After restarting a computer and logging a user into the Domain (Server 2019 Essentials) and trying to open a redirected folder I get this message.....

Network Error

Windows Cannot Access \\WIN2019DC1\FOLDERREDIR$\abutler\Documents

You do not have permissions blah blah blah

I checked the EVENT LOG and found this

Faulting application name: mmc.exe, version: 10.0.17763.1, time stamp: 0x176b88f0
Faulting module name: GPOAdmin.dll, version: 10.0.17763.1, time stamp: 0x84e18916
Exception code: 0xc0000005

So, then I read in another post that said to run sfc /scannow among other things
I am trying to find my local DNS Servers in C# and apply them to a string that uses Environment.NewLine to use a new line for the start of a new Server.

 public static IPAddress GetDnsAddress()
            NetworkInterface[] networkInterfaces = NetworkInterface.GetAllNetworkInterfaces();

            foreach (NetworkInterface networkInterface in networkInterfaces)
                if (networkInterface.OperationalStatus == OperationalStatus.Up)
                    IPInterfaceProperties ipProperties = networkInterface.GetIPProperties();
                    IPAddressCollection dnsAddresses = ipProperties.DnsAddresses;

                    foreach (IPAddress dnsAdress in dnsAddresses)
                        return dnsAdress;

            throw new InvalidOperationException("Unable to find DNS Address");

Open in new window

I have this from StackOverflow. I just can't seem how to figure out a way to apply it to a string with a NewLine at each new Server.
Hi guys,

I need a little help with Exchange 2016 and additional email domains.

I have a brand new exchange 2016 installation. I have 3 domains in Default domain policy and accepted domains. The users are set up as separate users for each email address for those who need it. This is so they can send out as each domain. For Example bob.green@domain1.com and bob.green@domain2.com are separate Exchange\AD users.


I have installed a SSL Cert for autodiscover.domain1.com. That is installed and working as you would expect.

My issue is for domain2.com and domain3.com whenever I try to connect to them through outlook on any device external to a domain PC I get the SSL warning that they dont match the name on the SSL, would I like to continue, I click yes and then all i get it 'Something went Wrong' and have to cancel or go back.

I have created 3 forward lookup zones in DNS for autodiscover.domain.com for each of the domains. Autodiscover at the name server level is pointing at the correct IP for all 3.

Do i HAVE to buy a SANS SSL to incorporate all 3 individual domains for it to work? OR is it possible to make it so when Outlook tries to connect to user@domain2.com it connects using autodiscover.domain1.com?

Thank you.

I am trying to finalize the setup of our Exchange 2016/O365 Hybrid environment and I am facing a couple of issues I am unable to solve. The mainissue is that in Microsoft Teams, on-prem users have no "Meetings" tab and therefore no interaction with their on-prem calendars. The EXO user has the Meetings tab and calendar interaction as expected.

Everything points to a faulty autodiscover config, and even if it is not, I'd like to clear these errors first to pursue troubleshooting.I will be trying to give out as much information as I can. I believe all the problems come from the autodiscover configuration but I can't fix it...

- We have two Exchange 2016 latest CU servers and an O365 Worlwide tenant
- AADConnect is installed and working fine
- Running the HCW is successful with no warning or error (reran it today, still working)
- We are not using OutlookAnywhere (and don't plan on doing so right now). The external autodiscover DNS is used for Skype for Business mobile Exchange Calendar integration. The autodiscover DNS is redirecting to an AGAT reverse proxy for SfB, which is working fine (Calendar works, and doesn't if I redirect it to a bogus IP, saying SfB can't connect to Exchange).

- A couple of weeks ago I was able to migrate a test mailbox to Exchange Online. Today, when I try to run a migration, at the "Confirm the migration Endpoint" stage, I am getting a "connection to the server could not be completed error" and I can't …






The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.