The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.

Share tech news, updates, or what's on your mind.

Sign up to Post

Had a problem with a hosted VoIP phone system at a site today, and the hosted provider suggested that the problem was due to excessive DNS connections from domain controller.

They pointed at the listing below from the firewall log.  I am not entirely sure what to make of it. Can anyone shed light?

The server otherwise seems to be running OK. is the domain server. It is also the DHCP server. It is the primary shared network server with the all the PCs having several files open at any time. This machine is also the primary ACT database server, so this application will spawn several SQL server links. Lastly, it is running online backups with I-Drive.

ESET is loaded, updated, and scans show no threats. dst= sport=58046 dport=53 packets=3 bytes=257 src= dst= sport=53 dport=58046 packets=3 bytes=431 [ASSURED] mark=0 use=2 dst= sport=60140 dport=53 packets=13 bytes=1044 src= dst= sport=53 dport=60140 packets=13 bytes=1775 [ASSURED] mark=0 use=2 dst= sport=60164 dport=53 packets=4 bytes=374 src= dst= sport=53 dport=60164 packets=4 bytes=807 [ASSURED] mark=0 use=2 dst= sport=58752 dport=53 packets=5 bytes=408 src= dst= sport=53 dport=58752 packets=5 bytes=646 [ASSURED] mark=0 use=2 dst= sport=58745 dport=53 packets=10 bytes=864 src= …
HTML5 and CSS3 Fundamentals
LVL 13
HTML5 and CSS3 Fundamentals

Build a website from the ground up by first learning the fundamentals of HTML5 and CSS3, the two popular programming languages used to present content online. HTML deals with fonts, colors, graphics, and hyperlinks, while CSS describes how HTML elements are to be displayed.

Hi Team
I'm having issues with DC replication, DNS issues etc
PCs are unable to join the domain where DC05 is.  
Please help.


We have a Windows 2016 server that requires migrating from our current Citrix XenServer 6.5 hypervisor setup, to a new VMware esxi 6.7 (upd1) hypervisor.

The IP, Domain, DNS, server name etc can all remain the same.

We tried to export a copy (OVF format) and spin it up but the copy machine would not boot, no bootable disk found.

The reason for a copy was to remove the Xen tools and install the VMware tools before importing into vmware. sadly, being unable to boot the machine the whole process has stopped. The machine is still in production so we didn't want to remove the xen tools from the original in case of an issue, which we now have.

Any ideas on how to properly do this migration from xen 6.5 to vmware 6.7? Are there any useful tools to help or am I just missing the obvious?

Thanks for reading.
Help with SPF Record for our domain.

We have an internal Exchange 2010 for our email and our domain is hosted with Heart Internet.

Our MX record has an IP address, eg:
Our main gateway is, eg:
Our domain eg: corporate.com

On heart Internet (heartinternet.uk) I have created a new TXT Record and entered:

v=spf1 a: corporate.com ip4: ~all

mxtoolbox now finds the spf record >> v=spf1 a: corporate.com ip4: ~all

Is that all I need to do? Is there anything I need to do on our internal exchange or DNS servers?

We still have a company rejecting our emails saying we don’t have an SPF record. No one else has reported this.
Recently, we promoted Server 2016 DC's (Domain Controllers) from Server 2012R2 machines.  All FSMO roles have been successfully migrated over to the 2016 server(s) and the primary 2016 DC has the schema.  I ran a dcdiag on the new DC and received no errors but, for some reason when I change the IP's from the old DC's (Both primary and secondary) to the new ones, access to Internet sites take anywhere from 20 secs to getting a page cannot be displayed.  Everything else, works in the domain.  Email, file share access, printing, etc.  The only issue is the delay to the Internet.  The only thing I haven't done was to rename the new servers with the old servers' names.  I had to migrate the IP's because there are way too many back end configs throughout the network that point to those IP's.

Any clue on what may be causing the delay in Internet access?  I'm thinking maybe a DNS issue.  I just don't know where since DNS shows all 4 servers in its zone(s).
Hi, I have built a new Windows Server 2016 and the domain name is the same as the companies website i.e. mycomany.com therefore when they try to browse to www.mycompany.com it redirects to their Windows Server instead of going to their external website. I have added an A Record for www.mycompany.com in the DNS pointing to the external website but receive access to my company.com as denied, it also removes the www. I have it working on PCs by changing the hosts file but need it working from the Server for iPhones etc.

Help !
Exchange 2010 times out (Primary Target IP responded with:"421 4.4.1 Connection timed out.") when sending to military emails. Restarting these directly through the Exchange Admin Console eventually works, but I can't babysit the server.

some stuff:
Send connector address space is just * with cost set to zero so all mail gets the same priority. Have tried creating a custom send connector with same result.
Set inactivity timeout on connector to 15 mins.
Restarted Exchange Transport and other relevant services as expected after any config changes.
nslookup from server resolves DNS (MX records) for recipient(s)
flushed dns
Talked with someone inside a military base. His suggestion was to try and send through OWA. Sent him an email through Outlook/Exchange and another through OWA. Both are sitting in the outgoing queue waiting to try, then timeout again.

These are set to retry every 10 minutes. If left alone, they hang in the queue, send NDRs to my boss and usually fail in 48 hours. Once she gets an NDR, I get a message to do something and restarting (just right-click "Retry") eventually gets them sent though it may take one or ten tries. I welcome another set of eyes. This has been the norm for about 6 weeks and nothing I can think of changed on our end. Thanks! :)
My Setup: All Virtual

Server1 - WS2019 - Fileserver on .local domain with work folders and IIS setup with wildcard cert.
Server2 - WS2016 - Domain Controller .local private domain with zone created for our external domain .com
Server3 - WS2019 - not domain joined server

I have Work Folders working internally, however I am limited on the amount of virtual cores so my questions are...

If I setup WAP & ADFS

1: Can I install ADFS on the domain controller. I dont have enough specs to create a new server for just ADFS. I want to be able to install ADFS on the DC.

2: WAP instructions state the server must have 2 NIC cards, external and internal. Can I just use one NIC with DNS entries for external and internal?
Good Day All,

We have have three Domain Controllers.
Two of which is on site and one at our remote site.

The main DC replicates to the remote DC Via VPN.
The Replication works fine. The Remote DC is a Read-only DC.

For some reason when the VPN goes down or the Internet Drops the Users cant see the main DC and they cant login nor can they browse shares.
So none of the users at the remote site is authenticating via the RODC and they are only authenticating on the main DC.
This can be a problem if there is an Internet outage.

i Need them to use the RODC for authentication and not the Main DC.
I thought it was the DNS but i could not see anything wrong.

I've got two RDS installations, one with 2012 R2 and the other with 2016. I'm setting up a test environment so I can understand how to do a cluster of RDS Connection Brokers.

I setup two servers and installed the 2012 SQL native client (there isn't a 2016 native client).on each CB. I verified the cluster is working by taking one server down at a time and the cluster IP remains pingable..

In the setup wizard for RD Connection Broker for HA, it asks for the DNS of the RD Connection Broker cluster, so I put that in.

But there is no RD CB service for the cluster, just on each CB server, so the wizard fails.

I found this video (https://www.youtube.com/watch?v=kQufizuFTkk), but it is for 2008 R2. It appears I need to create the services for the cluster?

My DNS zone broker.mydomain.com points to the IP of the cluster.

Not sure what the next steps are so the HA wizard will complete successfully.
Starting with Angular 5
LVL 13
Starting with Angular 5

Learn the essential features and functions of the popular JavaScript framework for building mobile, desktop and web applications.

Hi Expert

We have a new Win10 PC cannot join server 2012 domain. Previously, other PC can be solved by adding "AllowSingleLabelDnsDomain" in registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

But this time it cannot. Below is the error message:

I have hard coded the DNS for the two domain controller and can ping. What I guess that the domain is setup many years ago (2003 version), and on that time there ".com" adding to the end. (i..e it is called abc domain, not abc.com domain). We have upgraded to the 2012 domain last year.

After the upgrade, sometimes we find the PC cannot find the domain.

Regards, Ivan

@@@@@@ Error Message @@@@

An Active Directory Domain Controller (AD DC) for the domain "XXXX" could not be contacted.

Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\WINDOWS\debug\dcdiag.txt.

The domain name "XXXX" might be a NetBIOS domain name.  If this is the case, verify that the domain name is properly registered with WINS.

If you are certain that the name is not a NetBIOS domain name, then the following information can help you troubleshoot your DNS configuration.

DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "XXXX":

The query was for the SRV record for …
I have a stand-alone server that is host to a web application.  I've created a new domain (new forest) for security as well as preparing for additional servers.  I have a problem where it looks like dns svr records were not created correctly during the DC Promo operation and now there appears to be connectivity issues.  Dcdiag /fix returns the following error:

   Testing server: Default-First-Site-Name\HOST1
      Starting test: Connectivity
         The host 5c533dbd-a226-42e6-8968-b6c5296c08fe._msdcs.mydomain.com could not be resolved to an IP address.
         Check the DNS server, DHCP, server name, etc.
         Got error while checking LDAP and RPC connectivity. Please check your firewall settings.
         ......................... HOST1 failed test Connectivity

What is the best way to resolve this?
We recently configured a forest trust between two domains and we have been able to cross authenticate.  However, it only works if the user puts in domain.com\username.  It isn't enough to just put in domain\username.

The scenario looks like this.

User at company.b.com is logging into a server at company.a.com.  To use the username and password for their compay.b.com account they need to log into the server as company.b.com\username.

Is that typical or is there anything we can do to make the login domain not require the .com?

Is there something else we can do in DNS to allow this to work?

In the DNS manager (RSAT) in my workstation W10 1903 I do not see the Global Logs \ DNS events section.

Thanks in advance
I have this error in all DC's on my company:

Error DNS-Server-Service Event ID 4015

The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "0000051B: AtrErr: DSID-030F2312, #1:
      0: 0000051B: DSID-030F2312, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 20119 (nTSecurityDescriptor)". The event data contains the error.

Could you help me, please?

Regards, David.
This is using MS Windows 2012 R2 AD. There is only one DC with all the 5 FSMO roles, DNS, DHCP roles. Recently, found that the domain logging in were getting slow. Users have to wait some time before they were shown they are logged in. Another issue is, they seem they can't access to the file servers, look like the permissions issue.

The temporary workaround is in the morning, we have to system reboot the DC, and all these above issues are gone (for a time being). What could be the issue? How to troubleshoot?
I did checked through the DNS, sites and services, domain, and user & computers; all looks working fine.

Thanks in advance.
We have a Windows 2003 Small Business server R2. Friday Oct. 4 2019, we were unable to connect to one of our clearing house sites that had been working previously with no problems. The Friday mentioned above, users were getting the following error message:


Calling the clearing house tech support, I was told the problem was not on their end & they had no problems or complaints from anyone else. I cleared the cache on one of the computers, released and renewed the IP config, but nothing worked.

I then went to the server and did an nslookup on both a known working site and the one that gave us the error and I came up with the following:


To get us working again, I went to each of the user's computers and manually entered the address of our ISP's DNS server instead of the IP address of our in-house server. Everything is working as it should. This was the only site we had a problem with - all other websites loaded correctly and we were able to access files on the server.

I also noticed that our tape backup failed twice while using new tapes. The previous 5 new tapes worked properly on the previous 5 days. The message I got from Symantec Backup Exec 12.0 was to put in Tape Number 000000016, even though these are new tapes and we have never had to use a full tape for the daily backups. I'm not sure if the 2 problems are related, but I figure I'd better post this in case there could be some correlation.

I have …
I posted a question earlier, about replacing a 2008 DC at client site.  They originally had a DC, but since all users are logging in local, they are using dns and dhcp from their router.  Client does not want another domain controller, they want a stand alone server to act as their file server.  The server will be a Windows Server 2019 Essential.  I would like to know what needs to be done to replace the dc with a stand alone server.   How will this affect users and other devices on the network.  Thank you in advance for your help!
I get an ssl error when. I visit Facebook when I am in work network.  DNS by opendns via unify router.  It only happens there.  Same computer, if I try to connect using my hotspot, no error.  Connect back to work WiFi, same error.   Also all workstations get the same error, wifi or hardline.
Rowby Goren Makes an Impact on Screen and Online
LVL 13
Rowby Goren Makes an Impact on Screen and Online

Learn about longtime user Rowby Goren and his great contributions to the site. We explore his method for posing questions that are likely to yield a solution, and take a look at how his career transformed from a Hollywood writer to a website entrepreneur.

To Achieve it..we ..
Need to Locate  Dynamic DNS entries of servers which are alive but for which the DNS entry was not updated for 30-40+ days.
Need to Locate Static DNS entries of server which are no longer existing.

Please help if this can be automated using script or utility  and will there be any Risk /Prerequisites of backup before we enable Scavenging
We have domain controller in two site with is Singapore and Malaysia ,Last months our firewall site to site VPN is down due to hardware issue and this coming week we will replace the firewall and rebuild the IP SEC.

Due to the site to site is down i believe DC data can not replicated .After we create the IP SEC assume that we are create the new user in SG site what we need to do to avoid any issue for the replication.
Just wondering if anyone knows how Linux and MAC update their hostname or PTR record to the DNS and secondly, we have a Linux based (don't look like bind however) with host entries and mac addresses (used for dot1x also) and how to get those hostnames migrated over to the Windows based DNS server and if the DNS PTR works with dynamic registration, guess there is no need to migrated the hostnames over.

Thank you in advance,
I'm in the process of migrating one of my domains from my SBS2011 to Exchange online plan 2. I made the changes to the DNS, MX records and disabled the SBS exchange mailboxes for the users involved and all seemed ok.

I setup two of the three users and I could receive and send email, though not from the rest of the SBS users, which I believe was an issue with the Global Distribution list not getting updated.

The main problem, which caused me to revert back to the SBS, is that one of the users had a free Microsoft account with the same email as the one that I was using for Exchange Online. This caused the email to be delivered to that account and not the correct one, as well as him not being able to see the other users of the Exchange online.

I changed the primary login of the free account but I couldn't get the account to work in Outlook and the webmail couldn't load either. Please see all my steps below and tell me if I am missing something. I already wasted a day on this simple process.

1) export emails from current SBS account
2) validate domain on Exchange online and make as primary
3) disable mailboxes on SBS so as to not have any conflicts
4) force update of Global distribution list (How?)
5) setup new accounts in new Outlook profiles and mobile devices
6) ensure internal and external mail flow

Can you think of anything that needs to be changed in the process above or can you elaborate with more details on certain steps?
Are there any limitations or rextrictions to using a trial version of Windows Server 2016/2019 Standard X64.  I have to stand up a couple servers for Active Directory, NPS, DNS, DHCP, File Services, Print etc.very soon, but the approval for the purchase takes some bureaucratic time.  I'm wanting to know if I can install it, and then in a week or so when the purchase is approved, buy the full license and apply it to the trial version.

Any gotcha's with this that I'm not thinking of?

I'm unable to search for this link & and i confused how to fix it can anyone help out please?






The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.