DNS

26K

Solutions

26K

Contributors

The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have a Server 2012 R2 virtual machine (VM) server running on a VMware host that is apart of a VMware cluster of servers that is able to join my domain, but after joining the domain, and performing the initial reboot, it is not able to login to the domain. I receive an error stating: "No Logon Servers Available." I can still login to the machine via local Administrator account, and when I do, I've verified that the DNS server is set to the correct DNS server (the DC; a Windows Server 2019 VM) and I've verified that this server has been created as an object in AD. Additionally, I cannot perform a gpupdate /force to test if there is connectivity between the server and the DC. When I ping the hostname of the server from the server, it yeilds the IPv6 address rather than the IPv4 address yet, IPv4 has been given priority. Additionally, I've unjoined and rejoined the server to the domain to only yield the same results. I've joined other machines to this same domain without any issue.

Quick note - I can successfully ping the hostname and IPv4 address of the DC. Additionally, if I force the ping of my own hostname to use IPv4 (e.g. ping hostname.local -4), it will yield the IPv4 version.
0
Hi,
 I have SBS2011 with following static IP information.
IP address: 192.168.1.9
Subnet :      255.255.255.0
Gateway:    192.168.1.1
Primary DNS:  192.168.1.9
Seconday DNS: 0.0.0.0

The problem is  that this server can't ping itself.

C:\Windows\system32>ping P1

Pinging P1.domain.local [fe80::58a2:19ad:e5a:aeff%16] with 32 bytes of data:
General failure.
General failure.
General failure.
General failure.

However:
(1) it can ping any workstation PCs by IP address, however it can't ping by computer name.
(2) When I open DNS manager, I see all domain joined computers along with primary and backup domain controllers with name and ip addresses.
(3) It can't access the internet.
(4) Workstation computers still can access shared folders from this SBS2011.
(5) In the backup domain controller (192.168.1.3), I can ping SBS2011/DC (192.168.1.9) as well as any other computers by name or IP address.
 
What do I need to do fix this problem?
0
I'm in the process of creating new Windows 2016 servers of my old Window 2008 Servers.

My 1st will be the Domain Controller.

What is the easiest way of making my new 2016 server the new Domain Controller and  importing all of the DNS information from the 2008 server?
0
windows DNS server , 2012 r2. Roles = Active Directory Server and DNS server
Can anyone explain the following query (from DNS debug logging)

       UDP Snd 10.1.2.3    31a4 R Q [8281   DR SERVFAIL] A      (5)pts/0(0)

Where 10.1.2.3 is probably a Linux device?
My debug log is full of these. I don't know what
PTS (as a destination address) is and I dont know why its a SERVFAIL.
1. What is "PTS"
2. Why is it a SERVFAIL
3. Does this clog up my DNS server, I have a lot of these entries.
0
This gist:
I need to redirect a wide range of ports (or all, if possible) to a remote server to support clients that are slow to re-resolve DNS. Any recommendations that are compatible with Ubuntu? I'm also open to Windows based solutions (if there's something easier available on Windows).

Details:
I am planning to move a server that communicates with field devices (remote clients initiate the connections) from one provider to another.

Once the server is ready I will change the DNS record to point to the new server, however, experience with our field devices tells me that I can't rely on them all to resolve the new address.

I'd like to see what software TCP redirect options there are. I've actually tested with RINETD in the past and a couple of other solutions that I can't remember off the top of my head, but only a couple of ports/devices at a time.

The traffic is constant but lightweight. Mostly ASCII commands and event data, from ~150 endpoints.

Thanks for any suggestions.
0
Can someone help me set up a DKIM record? I have a Microsoft SBS2011 with Exchange 2010. I have several domain names that I use for sending and receiving email.  My main domain name associated with he server is dravingconsulting.com. I'm getting rejections from Yahoo.com, AOL.com and Verizon.net.  I have set up SPF records for each domain name but I've also been requested to set up DKIM records.
0
Hi

I want to configure 2 redundant DNS servers on Windows without a domain. Should one server be primary and the other one be able to make zone transfers?
In case if the primary DNS server goes down and we make changes to the secondary, how can we synchronize them back to the primary?

thanks
BR
Carlos
1
We have two ISILONs, ISILON PROD & ISILON DR.  Smart Connect is configured so when we ping the Isilon's DNS delegate record different IPs from the pool is provided.  Both Isilons have separate IP pools and smart connect base IPs.  This past weekend we did a failback from ISILON DR to ISILON PROD.

We have successfully used a DNS alias to point to the current ISILON.  When we either failover or failback (FOFB) the Isilon dns alias is updated to point to the other Isilon.  Clearing user dns caches (ipconfig /flushdns)  or log off/log on and then the user can promptly access their files on the other ISILON.  Until this weekend's failback.  

The failback completed without issue.  Users connecting directly to the Isilon’s delegation dns record could successfully connected to their shares.  Users which used the dns alias record were getting logon failures to the same share. It was strange the connection would authenticate when using the isilon’s delegation record, but fail when connecting via the alias record which points at the same delegation record. This situation continued to happen for about an hour by multiple users and from multiple citrix servers and PCs.  We decided to roll back the failback so users could access their files.

One thing has changed since the failover (17 months earlier).  Between the failover and the failback, the target Isilon had its OneFS upgraded from 7.2.1.6 to 8.2.  EMC support stated they did not see an issue with the Isilons on two different…
0
I have a multi tenant web app

Users can create trials, and I assign they url like so
123.mydomain.com
124.mydomain.com
125.mydimain.com

123 = db Id of that trial.

This all works great
However its not on https

I use certify the web for iis https certificates
I would like to have a wildcard cert
*. Mydomain.Com

So that all these trials are on https
Ideally I don't want to pay for certificate or have to enter the bindings for every site for the trials

What options do I have? Is this possible
Entering bindings is a bigger head ache than buying a wildcard
But ideally let's encrypt /certify the web would do it all

I use 123-reg to manage domain dns
0
Hi Guys,

I got a problem about that I cannot add the PDC ip in "Master DNS Servers" of my secondary domain controller. I already unblock ICMP-IPv4 in inbound firewall setting and I can ping each other. But still has a problem.
Any suggestions would be much appreciated.

Regards,
Joe
0
Hello,
The company I work for programs a website that runs on CPanel on CentOS.
In addition to our primary domain, we have almost 100 aliases that are domains for our customers (B2B).
When someone browses to one of these customer domains, the site adjusts its content (logos etc.) to look like it was custom made for that customer.

There seems to be a limit of 100 aliases in CPanel. We want to create many more - maybe 1500 -2000 long-term.

What is the best way to do this? Can the CPanel limit be raised? Is there a better alternative to CPanel?

Should we use subdomains or addon domains? Can we add 100 alieases to each of them? Can we add an SSL certificate to each of them?
Can we do this all within CPanel/WHM supported functionality, or do we have to make custom modifications?

Hopefully that makes some sense. Thanks for reading.
Regards, Ryan.
0
Hi,

I have setup a gpo AD account lockout policy. I am using netwrix Account Lockout examiner and I receive an email when an account gets locked out. Yesterday I received an email saying my account was locked out on computer name called admin-pc. The problem is that there is no computer object called admin-pc. I do see in dns that there is a stale dns record that has that name. Can anyone explain to me what might be happening/ how I can troubleshoot further to figure out what was attempting to log into my account?
0
We have a Windows domain that operates at the W2K12 functional level.  We recently fixed a mistake of our own making with respect to Dynamic DNS updates from our DHCP server.  We now have A & PTR dns records with the proper permissions (owned by the domain account associated with the DHCP server) in our AD integrated DNS zones.  The problem now is we're left with an unknown number records that are still owned by the computers themselves.  I've done enough spot checking to know there are plenty of these records still out there.

Is there a way to list DNS records that do not have a specific domain account in the ACL for that record?  I want to find every record that domain\dhcpuser does NOT have permissions to.

I need to find these records so I can delete them so they'll be recreated with the proper permissions the next time the computers request an IP from our DHCP server.

My second question is can I directly assign permissions (in DNS mgmt console) for the proper dns zones for my domain\dhcpuser account so it will be able to overwrite any older A & PTR records that were not created with the proper permissions?
0
I have some small network  with ~3 Windows machines and some other devices (let's call 'em IoT's ...) in it, with no acccess to the internet. There are 2 separate networks which interconnect the devices, so some machines are multihomed.

The machines ned to resolve other machine's names, so I think of installing a (static configured) DNS on the central Windows 2016 server machine.

Is it possible to deliver multihomed addresses to all machines (means: If a machine name gets resolved, does the asker get all known addresses, and would the asker be give a correct address that he could reach) ?

Any other snares or tripwires I should take care of ?
0
DNS Zone ErrorHi,
 
 I have SBS2011 and when I run Fix My Network from SBS Console/Network/Connectivity, it shows that a few DNS related errors.
 Is there anything I can try? When I open DNS manager, all the computer names are there in forward & reverse lookup zones.
 What can I do?
0
Hi,

I am in the process of changing user UPNs to their primary SMTP attribute but have encountered a UPN Suffix routing issue on one of the forests. Details are:

Forest A:
DNS - ResourceA.Internal
Name Suffix Routing:
AccountB.Internal - *accountB.internal
AccountB.Internal - *accountB.com
AccountC.Internal - *accountC.internal
AccountC.Internal - *accountC.com

Forest B
DNS - AccountB.Internal
Alt UPN Suffix - AccountB.com

Forest C
DNS - AccountC.local
Alt UPN Suffix - AccountC.com

Trust Relation Ships
ResourceA.Internal <==> AccountB.Internal (Two-way - Forest - Transitive)
ResourceA.Internal ==> AccountC.Internal (One-way - Forest - Transitive)

ResourceA.Internal contains Mailboxes with disabled accounts and Servers
AccountB.Internal and AccountC.Internal contain user accounts linked to Mailboxes in ResourceA.Internal

AccountB.Internal behaviour:
I am able to access Mailboxes (via OWA) and RDP to servers with Domain\User and UPN.

Accountc.Internal behaviour:
I am able to access Mailboxes (via OWA) and RDP to servers with Domain\User only not UPN.

I have checked firewall ports and the following are open:
135/TCP      RPC Endpoint Mapper
464/TCP/UDP      Kerberos password change
49152-65535/TCP      RPC for LSA, SAM, Netlogon (*)
389/TCP/UDP      LDAP
636/TCP      LDAP SSL
3268/TCP      LDAP GC
3269/TCP      LDAP GC SSL
53/TCP/UDP      DNS
49152 -65535/TCP      FRS RPC (*)
88/TCP/UDP      Kerberos
445/TCP      SMB (**)
49152-65535/TCP      …
0
We want to change our remote office access so that PCs logon to the domain instead of users using remote desktop.

We have our servers colocated in location A with an ip address range 192.168.0.nn one of which is an active directory domain controller. All sites from there are linked with VPN

London Office, has IP address range 192.168.53.nn with a secondary DC. Pcs in london can log onto the domain in Location  A  and also resolve computer names instead of using IP addresses

kent office has IP address range 192.168.50.nn with NO secondary DC, linked via VPN but when trying to join the pcs to the domain in Location A I get the no AD/DC can be found, yet I can ping it successfully using its ip address.

This to me is a DNS issue??? or am I totally wrong? Can anyone resolve this? The attached PDF shows the sites & services
0
Hi,
I want to secure all that I can and I see on some whoseis queries that some company have put in place privacy information in their dns information adress email and so on.
Can you clarify what is it, is it a good thing to do, is there any negative things doing it?

I got this from wiki:
Implications

The Internet Corporation for Assigned Names and Numbers (ICANN) broadly requires the mailing address, phone number, and e-mail address of those owning or administrating a domain name to be made publicly available through the "WHOIS" directories. However, that policy may enable spammers, direct marketers, identity thieves, or other attackers to use the directory to acquire personal information about those people. Although ICANN has been working to change WHOIS to enable greater privacy, there is a lack of consensus among major stakeholders as to what type of change should be made.[13] However, with the offer of private registration from many registrars, some of the risk has been mitigated, enabling those spammers, direct marketers, identity thieves, and other cyber-criminals to hide behind anonymous domain registrations to make it difficult or impossible for victims to identify those responsible.[citation needed]
Litigation

With "private registration", the service can be the legal owner of the domain. This has occasionally resulted in legal problems. Ownership of a domain name is given by the organization name of the owner contact in the domain's WHOIS record. …
0
Hello Team,

I want to know the configuration details for the below requirements.

I want to setup a Radius server on Windows Server 2012 R2 STD configured with AD, DNS, DHCP, NPS, CA, IIS etc. to connect Ubiquity (AC Pro)Wireless SSID on non-domain laptop and mobile devices (android and Iphone) using an External certificate.  but the condition is the mobile users or laptop users should not have any authority to copy/export  this certificate to another devices.

please help me on this case. thanks in advance
0
Hi,

I have Exchange 2013:

MBX01: Mailbox server and Hub Transport roles
CAS01: CAS and Front End Transport rules

I created a Receive Connector for mail relay. So in DNS SMTP.MyDomain point to CAS01

When I send an email from an application and use SMTP.MyDomain as my smtp the flow is like this:

Client ---> CAS01---> MBX01---> MX recipient server

When I do a message tracking logs from PowerShell the source is always from CAS01 but I need to know the real source like client IP. How can I obtain that?
0
Hello,

I am trying to combine some SFP Records into one TXT record. The three records I have are below, I'm not sure if the MS record needs to be combined with the other 2.

v=spf1 mx a ip4:xxx.xxx.xxx.xxx/32 ip4:xxx.xxx.xxx.xxx/32 ~all
MS=ms67038251
v=spf1 a:rout.hes.trendmicro.com include:spf.hes.trendmicro.com -all
0
We are having an issue with the accounting software.  

When payroll completes, it emails each user their paystub.  We have 4 people who do not get the email.  

It is the same 4 mailboxes each time.

The accounting program gives the following error.

FrameworkException
Mailbox unavailable. The server response was: 5.4.1 [username@domainname.com]: Recipient address rejected: Access denied [BN1AFFO11FD007.protection.gbl]


Accounting program support says it is a DNS, MX, Office 365, etc. issue.

My question is, could it be a DNS or MX issue if 38 other mailboxes get the email?

I don’t think the email ever “leaves” the program because the bounce is instantaneous, less than 3 seconds.  I think it would take at least 15 seconds to hit the mail server, get rejected and send back the bounce error.

More Information:
We use Office 365 for email, no Exchange in house.

Mailboxes are not full.

When I run a message trace for all email (received, failed, quarantined, etc.) on the mail server for the mailboxes with the issue, only received email shows up, no rejected mail.

It is not in Junk mail or seen as SPAM in Outlook because Outlook never sees it.  

If we put the email address of a mailbox that does not have the issue in the email field under the user's account that has the issue in the accounting software, the email is received to that other mailbox.

If we put an email address with the issue…
0
Just install Windows 2016 Standard at my site.    10.100.5.12     255.255.255.0      GW 10.100.5.5    DNS       Already at the site is another server 10.100.5.11  same subnet mask  same GW and same DNS.      
From the new server I can ping the IP address of the older server- 10.100.5.11 and I get normal responses for IPv4 but when I ping the by computer name I get IPv6 responses. Don't understand that.    

Pinging from the old server by ip address yields the same successful IPv4 responses   and when I ping by name successfully IPv6 responses.      

The real problem is that remote sites cannot ping the new server by ip address and name and can ping the old one (2008r2) by name or IP address

Did I set something up wrong on the 2016 server to cause this problem?
0
I already deployed two Windows Server 2016 "DNS Servers" a few months ago that are working fine, with DHCP IPs getting processed correctly, therefore I turned off my two old Windows Server 2008 "DNS Servers", with everything continuing to work correctly.

I have some REALLY old printers, etc that are almost never turned on, but I turned them on a few days ago, seeing that they still have the OLD static DNS Servers listed.

I can easily change the static DNS Servers, but wanted to see if I could create some type of pointer record, doing something like the below

 1. printer has old DNS Server 192.168.24.1 listed
 2. since this old DNS Server 192.168.24.1 no longer exists some type of POINTER record automatically forwards this DNS Server request to the new 192.168.24.2 that is on the same subnet/etc

Any ideas on how to setup the above POINTER on my Windows Server 2016 "DNS Servers" ?
0
I am adding a SPF record in Godaddy for our DNS and it is not setup correctly. I have it as a "TXT" record with the host value of "mail" which points to our exchange IP and I think that is the problem, I am wondering if It should be set to "@". The "record value" is set as v=spf1 ip4:207.250.243.147 a mx -all.

I also added a DMARC record that I believe is wrong as well, values are "TXT"  with host name "_dmarc" and record value as v=DMARC1; p=none; fo=1; rua=mailto:c87a2279e8e0270@rep.dmarcanalyzer.com; ruf=mailto:c87a2279e8e0270@for.dmarcanalyzer.com; pct=100;
0

DNS

26K

Solutions

26K

Contributors

The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.