The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.

Share tech news, updates, or what's on your mind.

Sign up to Post

We had our master DNS server go down last night for our domain (RAID failure). Technically our secondary DNS server should have picked up the slack, however for one domain where our DNS server holds the records for an externally hosted mail server of ours, it was unresponsive until we made NS2 our master server.

The biggest issue is why a secondary server would not show as responsible until becoming a master whereas other services on our network were fine...

Any ideas why this would be the case?
CentOS 7 - BIND.
I have an Active Directory server (2012 R2) that has two active ethernet adapters in it.  One is for serving the network, and is on the 172.16.x.y network.  The other is ONLY used for out-of-band backup, and is on the 10.144.100.y network.

The problem I am having is that even AFTER removing the selection from properties on the 2nd adapter to NOT register in DNS, AND after turning off both "Client for Microsoft Networks" and "File and Printer Sharing for Microsoft Networks" on the 2nd adapter, it STILL keeps showing up in DNS, and I have to go in and manually delete it, only to have it show up again an hour or so later.

How do I PERMANENTLY keep this from happening?

Thank you very much in advance,
Hi there,
We have a new internet connection and I tried to change the IP address from the server today. I also had to install a pop connector because we have no control over the firewall/router. After the ip change, there was no mailflow anymore. After doing some work on the DNS incoming mail (by pop connector) started flowing again, however, outgoing and internal mail is not working. Mails are send by outlook and then just dissapear. I am busy for 8 hours now and completely stumped. Tried to go back to the old situation but still the same problem. Logs don't say much. Exchange is running on a windows 2012 server.  Any help would be very appriciated.
Hello guys,

I´m about setting up completely new internal domain and my question is...what internal domain name I should use?
Why I shouldn´t use .local? I´ve red many articles but haven´t found proper answer why not use .local domain.

Thanks a lot!


I have 2 DCs. I demoted a domain controller 2012 server, which had FMSO roles prior the seizing. I moved the FMSO to the secondary server. I used the force option to demote it as it wasn't working properly with soft demotion. The server is now in a workgroup. If I try to join the server back to the domain, it comes up with an error.  I have tried this on a seperate test server and managed to join the domain fine. I can ping the working DC fine on the demoted server and vica versa. Any ideas what I can do?

It says that the AD DC could not be contacted.

Here is the extra information it provides.
Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.

The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "mydomain.local":

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

he query was for the SRV record for _ldap._tcp.dc._msdcs.ad.ardenttide.co.uk

Common causes of this error include the following:

- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals.…
Dear All

I wanted to see if you think DNSSEC is worth the effort to enable? If you could let me know your thoughts id be grateful as this is a new area fro me.

Hi All,

May I know where shall I manually add the below entry if I handle the Public DNS using Windows Server box in my DMZ ?

DKIM: Create a CNAME record for k1._domainkey.MyDomain.com with this value:

Open in new window

SPF: Create a TXT record for MyDomain.com with:
v=spf1 include:servers.mcsv.net ?all

Open in new window

What is the risk or issue when implementing it during the business hours ?
is there an entry i can enter in my DNS Server to be able to ping it by name? user's get get to spotify.com via name only by ip address.
I have one WordPress Installation that I like to access with two different domain names.

Domains are both pointing to the save server and cPanel is setup to host both.

Problem When second domain is used, the URL changes back to the first "Initial Setup" domain.

Domain-One.com     >>   WordPress Site    >>    DomainOne.com/AboutUs
DomainTwo.com      >>   WordPress Site    >>    DomainOne.com/AboutUs

Basically asking is it possible for both domains to be used for one WordPress site install?

Thanks Ben
Hi All, need some EE advice!

Scenario first, then question after. Please read through - although it may appear to be, this is not a printing question, it is a DNS setting question for assigning primary DNS domains on the VPN connection/ certificate.

I manage a VPN connection with a .pcf. connecting to a Cisco 5510 ASA
Users in a non-connected, non-trusted network on Domain B access a RDS on Domain A to run a particular application.
This access and use of the program is required all day as part of their job. It cannot be connected and disconnected frequently.
Static IPs are used for all connections via VPN.
I did not build the VPN connections but do have a little knowledge on modifying .PCF files etc. Configuring the Cisco 5510 ASA is not my strong suit.

- Connection path:
Users in Domain B Log onto their local PC with Domain B credentials.
They then launch Cisco VPN client v. and log onto Domain A with Domain A credentials.
Next, they use a pre-configured RDP connection to RDP to the RDS in Domain A, using the same Domain A credentials.
Once on the RDS, TerminalWorks TS Print is used to print documents fro the application launched from the RDS.  
They have had ZERO problems for 2 years.

- The IT guy at Domain B replaced the print server and purchased all new printers.
- Now, whenever these Users attempt to print it can take upwards to 20 minutes for the print dialogue to appear.
- Attempting to …
Dear Experts

While I am aware of email marketing best practices like good list, content, unsubscribe link but would like to understand how the domain reputation becomes one of the important factor for mails deliverable to the inbox.  I understand few email marketing service provider provide dedicated IP's and we can replace, if the IP gets black listed and looses its reputation, when we change the IP , will this not resolve and every time IP reputation goes low replace the IP and move on sending bulk mails, please help me in understanding the below
1.  how does the domain reputation takes control in delivering the messages to inbox because when keep chaining dedicated IP whenever it gets affected if this is the case in what way domain is getting affected would like to understand that the ISP's or Search engines by any chance have tracking system that "so and so domain" has undergone many times IP changes hence domain reputation gets low score and finally with too many times IP changes the  associated domain gets black listed and finally even though the Ip is changed this will not help us to further send email campaigns please suggest
please  support on the above , thanks in advance
Am having static IP settings for my Domain desktops. Disabling the DNS Client service is helping in name to IP resolution. Do i need DNS Client service to be running if am having static IP settings ?
We have a domain(Ex:domain.domain1.net) .. We have a trusted domain(trusted.domain.net) that uses the secondary DNS server as a conditional forwarder but cannot do a nslookup to it. They can nslookup to our domain(domain1.net) but not to the child domain(ex:domain.domain1.net).

I hope that makes sense. Do I need to have them point to the DNS server that holds the primary zone?
Dear All

Please help me. I am having an issue with all my machines not being to get to www.alexjenkins.tech all of the machines are in the same network and all show and SSL certificate error rather than displaying the site.

I have checked with friends around the world that they can see the site with no issues. I have cleared the temp folder, I have tried n different browsers, I have flushed the DNS but still I an unable to see www.alexjenkins.tech 

I have rebooted all my hardware including the switch and router.  I can ping,  I can nslookup and I can FTP to the site just cant view!

I try from my phone and  my iPad in the same network on wifi and it just fine

Any ideas?
The problem I am experiencing my DNS servers are slow to resolve host names.  See error below from the event viewer:

Log Name:      Directory Service
Source:        Microsoft-Windows-ActiveDirectory_DomainService
Date:          6/1/2017 8:31:46 AM
Event ID:      1864
Task Category: Replication
Level:         Error
Keywords:      Classic
User:          ANONYMOUS LOGON
Computer:      SYSK8MVDC1.sysk8.local
This is the replication status for the following directory partition on this directory server.
Directory partition:
This directory server has not recently received replication information from a number of directory servers.  The count of directory servers is shown, divided into the following intervals.
More than 24 hours:
More than a week:
More than one month:
More than two months:
More than a tombstone lifetime:
Tombstone lifetime (days):
Directory servers that do not replicate in a timely manner may encounter errors. They may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled.
I am new to working with BPA and started by opening Server Manager, Clicked on Roles, Selected DNS as the role I was interested in analyzing but options were available to continue.  The issue I am…
can some elaborate functions of  Email authentication Mechanism - DMARC/SPF/DKIM and where they are used
Hi All

We have a company website which is hosted externally. When using computers connected to our internal network we can only visit the website by deliberatly typing www in front of the domain name. So rather than the usual way of just typing company.com in the address bar we have to type www.company.com.
Pinging company.com does not resolve to the IP address of the externally hosted website but pinging www.company.com does

Looking in Windows DNS (Server 2008 Standard R2) there is an A record in the company.com forward lookup zone:
Name          Type          Data
www               A             IP Address

But I cant find any other records for it.

Connecting from an external site works fine, pinging and telnet all fine. Its just internally it doesnt resolve.

Any thoughts?
I'm trying to set up our Sonicwall NSA 2600 on a new Internet connection and I'm having trouble. Our new Internet is a Fiber connection and when I connect my laptop to the ONT (Modem that converts the Fiber to Ethernet) and I statically configure the NIC on my laptop,  it works great.

However, when I statically configure the WAN Interface on the Sonicwall and plug it in, I get nothing. No DNS resolution no access, nothing. From the Sonicwall it fails when trying to communicate to the local gateway or even DNS servers.

I tested this Sonicwall at my work at a different location on a secondary backup circuit and it worked just fine. But when I bring it to this other location, I get absolutely nothing but yet my laptop works directly to the Modem with the same IP settings.

I also made sure to completely allow all traffic through the firewall just in case.

What am I missing here??
Hello All,

We are in the process of (finally) upgrading from Exchange 2007 to Exchange 2016.  We have installed Exchange 2013 as an intermediate step and have moved all data to these.

I am now having trouble uninstalling Exchange 2007.  The error is that Exchange cannot find a Global Catalog server running Exchange 2003SP1 or Greater.  However we have 5 2016 Domain Controllers, two of which are in the same site at the Exchange servers.  DNS looks to be correct, and the error I am getting in event viewer fluctuates between:

Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=5072). Exchange Active Directory Provider failed to obtain DNS records for domain <domain.local>. DNS Priority and Weight for the Domain Controllers in this domain will be set to the default values 0 (priority) and 100 (weight).


Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=5072). Exchange Active Directory Provider has discovered the following servers with the following characteristics:
 (Server name | Roles | Enabled | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)
DC1.domain.local      CDG 1 7 7 1 0 1 1 7 1
DC2.domain.local      CDG 1 7 7 1 0 1 1 7 1

According to MS, the final number 1 indicates a GC server running 2003SP1 or better.

I have had almost no luck Googling, so while waiting for the media to download to try uninstalling form a different source, I figured I would ask here.

Any ideas would be very helpful.

Good day experts.  I have an invalid PTR record that is not showing in the GUI, I can only see it with PowerShell.  I suspect that someone at some point in time did an invalid PS command and it took it.  How do I go about removing this entry with PS, ADSIEdit, DNSCmd, other ideas?  Thanks in advance.

I do have a reverse zone of 3.16.172.in-addr,arpa, that is working correctly.

[indent]Get-DnsServerResourceRecord -ComputerName 172.16.x.5
HostName                  RecordType Timestamp            TimeToLive      RecordData
--------                  ---------- ---------            ----------      ----------
3.16.172.in-addr.arpa        PTR        0                    00:01:43        hchiee06.mydomain.com.[/indent]

Open in new window

First off, thanks in advance since this is a weird issue

One of our clients has been using Office 365 for 3 years now, no issues
They called and asked us to setup an existing account on one of their machines.  We logged in and when we tried to add the account a host gator password box popped up?

Happens at their office or outside their office.  The mail is fine through OWA, no issues in Office 365 when we login.  Autodiscover record is fine in DNS.  If we ping their autodiscover record it points to Office 365.

Next step, asked them if any changes were made to the website. They said yes.  So we contacted their web developers, they said they made changes but nothing that would cause email issues.  They can't give us access to their DNS because its their entire client base.  They sent screen shots of everything and it looks fine.

In office 365 the domain setup is all good, run DNS check from office 365 all passed.  Run the Microsoft online test, no issues.  

Very weird and I am starting to spin my wheels...  Especially since mail is flowing in and out through office 365 on OWA and accounts already setup in Outlook.

Any help would be appreciated??
I am working on a network with Windows Server 2008 as the DNS server.  I'm wanting to add a local web server as an alias but am getting a bit stuck.

I'll call the local domain mynet.local.  There is an external web server at mynet.com.  I want a local web server to be accessed when one uses localweb.mynet.com.

I was able to create a new zone in DNS named mynet.com.  I created a CName record in it named localweb and pointed it at the local web server.

Both Ping and NSLookup find the right IP address when I point them at localweb.mynet.com.  They don't find mynet.com, though, because I've not configured the other records in the local DNS server.

I'd like to avoid having to configure the other DNS settings for mynet.com on the local DNS server.  The authoritative DNS server for mynet.com is located elsewhere and I don't want to have to manage records in both places.

Is there a way to have the local DNS server resolve localweb.mynet.com but use the external DNS server for all other permutations of mynet.com?  If not, would simply be better off adding the localweb.mynet.com to the external DNS server?
I have a Windows 2016 SMTP server that wont deliver email to external domains. All of these emails stay in the mailroot/queue folder - until they time out.

Email sent to our internal domain, are delivered almost instantly.

I have run the SMTPDIAG tool and all is green until it tries to connect to the Hotmail mail servers. I am getting Connecting to mx1.hotmail.com [] on port 25
Connecting to the server failed. Error: 10061
Failed to submit mail to MX1.hotmail.com

Have cleaned up DNS. Not sure what else to check.
How can I configure BIND DNS to work as a slave for Windows DNS for different environments.  I already built and configured for DNS Bind to work as a slave in a LAB environment however Im trying to phase this into other environments at a slow pace. I created a template and using puppet to configure the environments.  I put an if statement in there for LAB, would it be a else or elsif for another environment or am I going about the wrong way?  Any help would be appreciated.  Thanks!

Template code
#Global Options
options {
  directory "/var/named";
  listen-on port 53 { localhost; <%= @ipaddress_eth0 %>; };
  allow-query { any; };
  dump-file   "/var/named/data/cache_dump.db";
  statistics-file "/var/named/data/named_stats.txt";
  memstatistics-file "/var/named/data/named_mem_stats.txt";
  recursion yes;
  empty-zones-enable no;
  check-names master warn;     #Must be WARN only for AD
  dnssec-enable no;
  dnssec-validation no;
  dnssec-lookaside auto;

  ## Path to ISC DLV key ##
  bindkeys-file "/etc/named.key";

  pid-file "/run/named/named.pid";
  session-keyfile "/run/named/ses.key";

#Logging Section  -- What, how, and where logging takes place can be extensively configured in BIND
logging {
  channel default_file {
      file "/var/log/named/default.log" versions 3 size 5m;
      severity dynamic;
      print-time yes;
  channel general_file {
      file "/var/log/named/general.log" versions 3 size 5m;
      severity dynamic;
      print-time yes;

Open in new window


Bit of an odd one, I have set the correct NTP servers up on the config of a yealink T23G phone, having run a pcap I can see that it's dns queries to the NTP server are being refused. The phones are on a segmented VLAN network, as far as I know other handsets on different VLANs are not having this problem and there is nothing unique about how this is set up compared to others.

I have tried upgrading the firmware and different NTP time servers. This is affecting multiple handsets

The message I'm seeing a lot in the capture is that "The Server is not an authority for the domain"

I've attached a sample of the queries I'm seeing in the PCAP.

Any ideas guys?

Many thanks,






The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.