DNS

26K

Solutions

26K

Contributors

The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi Experts,

Years ago we had a remote office that was connected to our main office with a site to site VPN.  We had a DC at the remote office and I was able to manage that office and the workstations and they access resources here.

That has since been removed and it has come up again that we need this for our remote office.  Currently the remote office is all connecting with their individual remote VPN connections.  

We need to be able to centrally manage their systems through AD
They need to access resources and data through here
We want to eliminate the need for multiple individual VPN connections
Share the same DNS and Time source as I set

Our firewall is outdated and doesn't look like it's going to be resolved before the decision has to be made to get the above done.  I am really against adding more configurations to our already outdated firewall so my reason for this post is are there any other alternatives?

We have Azure Active Directory and we have had the need in the past to create a tunnel through Azure but would that help us with the remote office or be an alternative than the site to site VPN?

Hope that made sense, thank you!
0
OK,

So following from up from my last question, i'm currently investigating a DNS Dynamic update issue. Turns out, we're missing the credentials and it's on a DC.

I can't find any documentation on the minimum requirements for the DNS Dynamic update registration credentials. Any one have any ideas or is it just a standard account with password set to not expire?

That's the only thing I can find but i'd like confirmation.

Thanks
Alex
0
Good morning all

pmeXJAG-1-.png

So, I've set in group polciy, the DNS suffix, the Use this connection's DNS suffix  in DNS registration and it's not applying. I've checked the group policy and it's applying to the machine but the settings aren't taking affect.

Group policy below

2663CUv-1-.png
This is on windows 10 Build 1809.

Thanks
Alex
0
Few lines from wireshark on DNS protocol:

source                                      destination                                  protocol            
204.107.47.150                     10.10.10.x(our local dns)              dns                            102 standard query response 0x9527 a bld-hn-dnsgm.healthnet.com
                                                                                                                    A 167238.169.5
10.10.10.x(local dns)             167.238.169.5                                 dns                           Dyamic update 0x93a2 FHS.com SRV 0 100 389 X1.localdomain.com


years back we converted our local domain fhs.com to a NewDomain.com Just copying and pasting some entries from wireshark installed on our dns.  I am not sure why our local server is even responding
to this external query from 204.107.47.150.  The server 10.10.10.x is a local DNS server.  I have chekced in DNS and cannot find the old domain server or fhs.com entry.  Where could I find to get rid of this old entry of our old domain (fhs.com), we are now using NewDOmain.com.  Need hepl plz!
Note: No issues with our DNS
0
Can you generate a SSL cert for a Cname instead of a A record in DNS? I have a url for users that is to difficult to type, remember etc... and wanted to know if I create a CNAME for that server FQDN in DNS can I then get an SSL cert for that cname?  So that then I can deliver a shortcut to the user with the friendly name .

Example :
\\ABCDEFG12345678.TEst.com
A record :
Host  ABCDEFG12345678.TEst.com
IP: 192.168.1.1

CNAME:
MyPage
FQDN: Mypage.com
TargetHost: ABCDEFG12345678.test.com
0
Finding srv records of a domain

Just checking this using nslookup

then q=srv
then type in the domain is this correct?
0
Two Way Forest Trust

The outgoing trust was successfully Validated
The secure channel (SC) reset on Active directory Domain Controller \\name.one.local of the domain one.local to domain two.local failed with the error: There are currently no logon servers available to service the logon request.

Been chasing this for many many hours now.

I'm thinking my problem is with the Name Suffix Routing. (Please see attached.)
The box for domain one is blank, and I see no way of manually entering the information.
1.jpg
2.jpg
0
Can't connect a WIN 10 PRO workstation to a Server 2012 R2 Essentials server. When trying to logon with any administrative profile system says the domain is not available or does not exist. Yet the system shows to be connected to the domain and we can remove it from the domain to a workgroup. However when we try to connect back to the domain the system shows Welcome to XXX Domain but when trying to logon the message about no domain available pops up.
0
One of our clients recently switched to Cloudflare for their DNS management.  We have debugging turned on our dev environment for them for specific ip addresses.  But now with Cloudflare, the server no longer knows our IP address.  We aren't using Enterprise Cloudflare.  Any ways around this mess?
0
Ping TestHi,
I have Windows Server Essentials 2016 up and running.
Each workstation received IP address from DHCP server running on WSE2016. However no computer can join the domain even if each computer can ping the server "NAES1 / 10.58.1.10".
After some research, I decided to disable IPv6 from the server(NAES1), Linksys Router (10.58.1.1/Gateway) and one workstation PC and nslookup is almost there except it fails to spell out the server name "NAES1" as seen in the screenshot.
DNS is running well on NAES1.
Can you help?
0
I have a simple setup... I have enabled the draytek L2TP with IPsec VPN which works fine.

I have a server on site which i access using \\IP-MAINSERVER
The issue is that when I am off site and I VPN in, I cant access the server using \\IP-MAINSERVER, I have to use the IP address.

Why is this?
0
Need some elaborations on mitigations against Sea Turtle.

Refer to:
https://searchsecurity.techtarget.com/news/252461987/DNS-hijacking-campaign-targets-national-security-organizations?track=NL-1820&ad=927135&src=927135&asrc=EM_NLN_111884098&utm_medium=EM&utm_source=NLN&utm_campaign=20190424_DNS%20hijackers%20attack%20national%20security%20organizations%20and%20critical%20infrastructure

Q1:
"Talos suggests using a registry lock service, which will require an out-of-band message before any changes can occur to an organization's DNS record"
How exactly is this done?  Assume the DNS server is either a Unix DNS BIND or an F5 GTM

Q2:
"If your registrar does not offer a registry lock service, we recommend implementing multifactor authentication"
Line above meant to say the registrar (which I think is our local telco) need to implement MFA for their admins to
login to their DNS server or it's us?  We do use our AD as a WINS/DNS server.

Q3:
"we recommend applying patches, especially on internet-facing machines"
We have Solaris 10 & Windows 2008R2/2016 facing internet.  Can point me to the specific applicable patches?

Q4:
Our threat intel gave the following 2 DNS as SeaTurtle IOCs, so what are we suppose to do with them?
Ensure all endpoints don't use/point to them as DNS or block at firewall or we can get our secure DNS
providers (eg: Umbrella, Cleanbrowsing, QUAD) to do something at their end?
  ns1.xxx.com
  ns2.xxx.com

Q5:
the intel also give a list…
0
Hi Experts,

My client has a domain with GoDaddy, and wants to use G-Suite for email. What needs to happen for Thiss?

I've never used G-Suite, and only have access to GoDaddy for the time being.
0
Hey Everyone,

Recently we are having issues with one of our domain controllers which is virtualized and running Windows Server 2012 R2. After a reboot, it thinks it is on a public network rather than a Domain Network. This persists through Reboots. We have also tired Restarting the Network Location awareness service with no luck. Tying to switch it back to either a private or Domain Network just reverts back to a public network. Under network connections, it shows its connected to the domain but has a “Limited” Status but it does have internet access and the DNS servers on the interface are currently set to itself as the primary and the Backup DC as the Secondary. Any ideas what’s going on or how to resolve it?
0
I am using the following setup:
1. VPN Server reachable at public IP with SoftEther VPN-Server installed on Debian (listening on port 443)
2. BIND9 and DHCP server installed on Debian
3. Client
  - OS: Windows 10 1803
  - Ethernet NIC with guest internet (allowing ports 80 and 443 outgoing)
    . gets through DHCP an internal IP address 192.168.2.149 by the connected Fritz!box at 192.168.2.1
    . the Fritz!box WAN IP is 87.123.236.76 which resolves in i577bec4c.versanet.de
  - The certificate exported from above server has been imported into Local Computer under Root Certificates
  - Configured Windows SSTP VPN-Client
  - host name is "MyClient"

Issue:
- I can successfully connect the SSTP VPN-Client to the VPN-Server
- The VPN adapter is in connected state with properly assigned IP, netmask, gateway and DNS (like intended by the backend)
- the only issue is, that the DNS registration of my host is NOT the expected "MyClient.psv.local" (as it correctly does with L2TP connection)
- instead it registers the WAN IP 87.123.236.76 (or sometimes its resolved FQDN i577bec4c.versanet.de ) of the ethernet adapter
- I disabled IPv6 on both LAN and VPN adapters, checked "register IP address in DNS" on VPN adapter

I really need the SSTP to work properly, since it is the only way of connecting over TCP 443.
Cannot use SoftEther Client or OpenVPN,because they conflict with the Qbik Wingate soft I installed for internet connection sharing.

Any help would be greatly…
0
How can i create a cname record to a web server that uses a particular port ?

I already have the dns record but i need to create a cname can i add the port number to the FDQN section of the cname?
0
I have to create a cname for a web server i was wondering if i have two servers with different IP's for fault tolerence how can i create a cname that would work for either server in case one is down?
0
Has anyone run into scanning issues with the Xerox Phaser 3635MFP.   This was working just fine up 2 about 2 weeks ago.   I changed the DNS settings on the DC to reflect the correct DNS and the scanner has lost its ability to scan to folder.  


Current setting


IP 192.168.14.11 local static
class c subnet
192.168.14.5 gateway

192.168.14.30 <-- DC

127.0.0.1 secondary DNS
8.8.8.8 akternate DNS

File repository setting

NAME (Customer name)
Protocol SMB
hostname file server name no \\ or //
share scanned (Name of folder) no \\ //
login domain\administrator
domain admin pw

the only thing that was changed was the DNS which I updated on the scanner as well.

The folder has system full access as far as permissions.

Help.
0
We have moved machines from domain Alpha to domain Omega (mock names).  Anyway, we removed the windows 10 computers from the domain to a workgroup, restarted the PCs Win 10), joined them to the new domain, 'Omega'.  They join fine.  Users logon and it seems good.  However, they cannot map drives to the file server 'Data' on the domain.

Also, on the machines, that have the issue, when they ping the DC or file server, it is appending the old domain to the response.  There is only one DNS server currently in the new domain being set up.  Roughly half of the users have no issues and can map drives and surf the web.  The other half has a problem mapping drives, locating local devices and can surf the external internet sites.

I'm not seeing anything on the DNS side.  One machine effected, I have looked at the registry and found several keys referring to the old domain lingering.  I removed them and fixed the ping issue.

Ideas on a course of action?
0
I run dnscmd /zoneexport mydomain.local backup\mydomain.local.bak to back up my DNS each week. I then rename the file mydomain.local.bak and copy it out of System32\dns to an alternative location. I need the syntax that will import the entire file into DNS. dnscmd /zoneadd just created a new zone. Again, I need the syntax that will import the entire file into DNS. No powershell please if possible
0
Hello,

Is anyone know how to create SRV record from GUI or command line on Cisco Network Registrar 7.1.2.1 ?

Thank you.

Regards,

Xavier De Arburn
0
Keep getting the following error on one of our domain client's pc's:  The name "my domain' :1d could not be registered on the interface with IP Address: 10.1.1.43. The computer with the IP address 10.0.0.46 did not allow the name to be claimed by this computer."  
Log Name: System
Source: NetBT
Event ID: 4321 Level Error

The computer with this problem can access the domain (all mapped drives) and can ping everything on the network.  
This computer cannot be pinged (IP or DNS name) by any other pc on the domain.  
Here is what I have done so far:
  1. gave this pc a static IP address (was dhcp before)
  2. Flushed the DNS
  3. Un-joined it from our domain and then rejoined it back to the domain.

I am still getting the same error and cannot ping or access from any other computer or server.

Anyone have any suggestions?
0
Hi All,

Looking for options for Redundant, Managed Public DNS.
Currently opened conversations with Azure, AWS and NoIP so am already aware of these options- looking for others.

Scenario:
(3) ISPs, all with numerous dedicated static IPs.
All ISPs provide a separate IP block.
Need a Public Reverse DNS failover solution so that when one ISP goes down the other immediately picks up for incoming connections to web servers and apps.

Currently:
- The primary ISP does not allow managed reverse dns resulting in the need to use the secondary ISP for all incoming traffic. (this isp is necessary as the primary due to band width issues).
- When the Primary ISP fails, the secondary kicks in for outgoing. This is fine except when the secondary fails all connections to web servers is lost until the tertiary ISP picks up.
- When the tertiary ISP picks up the traffic, the TTLs are not great so web server downtime can be an issue.
- Also, independent from the primary and tertiary ISPs, when ISP #2 goes down all public connections to internal servers goes down with a long TTl to roll over to #2.

Looking for a solution to manage the DNS to fail over to the other static IPs when the various ISPs go down.  

Any suggestions?
0
Hi,

I change the Plesk (windows) backup folder from C drive into our NAS drive. I map the NAS drive as P drive and run the "Change Plesk Backup Data location" under 'Plesk Reconfigurator' to change the path. Current backup data move into P drive (NAS) and path also changed.

Issue:
When client, re-seller and administrator (me) is not able to take the backup. We received an error:
Error: The backup process failed: (3, 'GetDiskFreeSpaceEx', 'The system cannot find the path specified.')

Please also review the logs. Please let me know whats actually i am missing? I need to assign permission on NAS drive. Currently only administrator have rights to access NAS drive (P) but i am not able to take backup via administrator account. Same error.  

Logs:

[2019-04-14 00:00:08.375|8528] DEBUG: LOG: custom log C:\Program Files (x86)\Plesk\PMM\logs\backup-2019-04-14-00-00-08-375\backup.log
[2019-04-14 00:00:08.375|8528] CRITICAL: Runtime error in pmmcli: 
<class 'pywintypes.error'> (3, 'GetDiskFreeSpaceEx', 'The system cannot find the path specified.')
Traceback (most recent call last):
  File "C:\Program Files (x86)\Plesk\admin\share\pmmcli\pmmcli.py", line 2560, in main
    data_action_response, errcode_response, error_message = actions.get(sys.argv[1][2:])(parameters)
  File "C:\Program Files (x86)\Plesk\admin\share\pmmcli\pmmcli.py", line 2455, in make_dump
    return ActionRunner(MakeDumpAction, backup_task_description, None).doActivity()
  File "C:\Program 

Open in new window

0
We are trying to reduce our monthly overhead and are paying a host (similar to GoDaddy) an excessive monthly fee for doing nothing.

We have one domain that has mail DNS records going to Office 365 and web DNS records going to Wix.  

The other domain also have mail DNS records going to Office 365 and has no other function.  

It seems that we can't just transfer the domains into Office 365 (not supported) and don't want them parked (because we want to use them).  

So I am not sure what I am looking for, yet we have a home Ubuntu server available or are wiling to pay a provider a lower cost per month just to hold our domains?  

Any recommendations?
0

DNS

26K

Solutions

26K

Contributors

The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.