DNS

26K

Solutions

25K

Contributors

The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.

Share tech news, updates, or what's on your mind.

Sign up to Post

If I enable SPF blocking on my Barracuda on premise or any email system for that matter does this mean that domains with out an SPF will be automatically blocked OR does it simply mean that if an SPF record is present it will check it and block it if email doesn't match the sender address. We'll keep soft and hard fails out of this questions to keep it simple  :  ) thanks
0
Worried about phishing attacks?
LVL 1
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

Windows7/64-Verizon router.modem :

Been getting regular Event ID 1014 with different DNS servers not repsonding: i.e. dns.msftncsi.com;  rc.managedoffsitebackup.net; all timed out after not responding.
0
Hello,

We have a vendor that has a DNS issue with their domain which they have not resolved in a week. Some of our users had sent them emails this week and keep getting Delivery failed notifications over and over, how do I stop this to just those particular emails. We are on Exchange 2013 with a 3 server DAG.
0
Website Hijack? or Something similar happening on our website.  Our home page on website shows weird page that looks like hijacked only on mobile. All of desktop whether it is PC or Mac shows correct website but the website on mobile shows different page. If I turn on WIFI on mobile device, I got correct webpage, the same phone, if i turn off the WIFI, i got other webpage. It seems that mostly on Verizon mobile but just for some of them. Some of the Verizon phone shows up correctly on other such as T-mobile device correctly.  it happend once on one of our campus and I resolved by flush the DNS, but this time it won't worked. i followed https://www.techwalla.com/articles/how-to-flush-the-dns-on-an-android-phone
to flush dns on android and still not working.  This happening on Andriod and iOS device.
0
I have to RE IP a Print server virtual machine and change the VLAN in production and want to make sure I do it correctly without locking myself out of the VM and making sure the users can still print. I have listed the steps I will take, please let me know if they are right

1. Complete snapshot of print server virtual machine
2. RE IP print server
3. Update DNS record to new IP
4. change VLAN to correct VLAN
5. Run the command ipconfig /flushdns

After these steps Users should be able to print and I should be able to log in print server with hostname
0
Hi I have 2 iis instalations on different servers within same network. 1 x iis is hosting rdweb, 1 x iis has a website. I would like users to connect via vpn and be able to access the website. Ports 80, 443 are currently forwarded to the rdweb iis server. I'll have a dns entry remote.domain.com pointing to the external IP for the RDWEB. how do i get differentdomain.com to point to the second IIS server? Read some things about IIS redirect, not sure that if thats the way to do this? IF it is detailed instructions would be helpful :)

Thanks,
0
We have a Windows 2012 DNS server that is not behaving they way I had thought it would based on the MS documentation I found.
Round robin is disabled, and subnet prioritization is on.  
There are 2 local subnets (192.168.0.x/24 and 172.28.1.x/24), and one remote subnet of 172.28.150.x/24
DNS entries:
ServerA  192.168.0.20
ServerA   172.28.1.20

Name resolution works as expected (no round robin), and query return matches the IP of the local subnet it originated from.  For example:
DNS query for ServerA from host 192.168.0.100 always returns 192.168.0.20
DNS query for ServerA from host 172.28.1.100 always returns 172.28.1.20

But, DNS queries for ServerA from the 172.28.150.x network still return in a round-robin fashion, alternating between 192.168.0.20 and 172.28.1.20.
The 172.28.150.x network cannot route to the 192.168.0.x network, and so the query fails 50% of the time.  Or, I guess to be more accurate, the query doesn't fail, it just returns an IP that is not contactable by the requesting host on the 150.x network.  EDITED for clarity - I need the query from the 172.28.150.x network to return the address in the 127.28.1.x range.  There is not an option at the moment for a route to the 192.168.0.x network.

Based on the docs I found, I was expecting and hoping that the DNS server would return the "closest match" that it could find to the IP of the originating requester, starting with the left-most octet.  But this doesn't seem to work.  I have confirmed with …
0
Hello!

We have a one-way domain trust, where users from DOMAIN1 will access files and folders from DOMAIN2. DNS appears to be working correctly to SERVER1, and I can map other shares on DOMAIN1 using the server's name no problem... however on one particular share on the same server, user's cannot navigate to nor map to using the FQDN  or alias of the server. It only works by IP address.

Any thoughts on what would cause this or how I can troubleshoot? Unfortunately I don't have administrator privileges on DOMAIN1, but on DOMAIN2 I do.

Thanks!
0
I have a client with a single label domain.  They have a 2003 AD and We added a couple of windows 2012 R2 ADs.   we ran into an issue with DNS not updating properly described in this ariticle: https://support.microsoft.com/nl-nl/help/300684/deployment-and-operation-of-active-directory-domains-that-are-configur     The registry changes on the client PCs fix the problem but I don't want to have to make this change to every PC every time we authenticate to the domain.  The recommended solution seems to be to a new server with a new domain and migrate to it.   If we have to I'll go down that road but here is my question: Does anyone know if there is a DNS / AD configuration change that can be made so we don't have to completely build a new domain and migrate?  One more thing, the network was functioning fine and I could authenticate new PCs to the domain even with the single label domain so something makes me think someone figured out a solution on the DNS / AD side of things but it didn't get transferred to the new AD / DNS.
0
I am unable to resolve dns over site to site vpn.  I have several remotes sites connected to the main office through a meraki site to site vpns.  I can resolve by ip addresses but dns does not resolve.
0
Cloud Class® Course: Microsoft Exchange Server
LVL 12
Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

blocking webmail on Cisco Umbrella but allowing gmail, office365 links

the problem is i am allowing gmail.com and mail.google.com but when i block the webmail category it also blocks gmail. can idea what other url i need to allow?
0
I have at least 7 laptops. All are on WIFI. These have been joined to the domain. I am unable to ping from one laptop to the other. I am able to ping to DC. From DC I am able to ping PC.

Once the laptops were joined to my domain x.local. I saw that the domain name is x.local 2. I am using eset and the firewall is off for this as well

Why would this happen? How can I solve this?

This only happens on WIFI

Log Name:      System
Source:        NETLOGON
Date:          5/11/2018 3:17:37 PM
Event ID:      5722
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      01.x.local
Description:
The session setup from the computer LP-18-16 failed to authenticate. The name(s) of the account(s) referenced in the security database is LP-18-16$.  The following error occurred:
Access is denied.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="NETLOGON" />
    <EventID Qualifiers="0">5722</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2018-05-11T03:17:37.000000000Z" />
    <EventRecordID>135343</EventRecordID>
    <Channel>System</Channel>
    <Computer>01.x.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>LP-18-16</Data>
    <Data>LP-18-16$</Data>
    <Data>%%5</Data>
    <Binary>220000C0</Binary>
  </EventData>
</Event>
0
We're a WIndows network with a standard range of 192.168.0.1-254. DHCP, DNS are on a server and I have a few wireless nodes on static IPs acting in bridge mode.

For quite a few clients, they will login, be assigned an IP, can access internal network utilities, but can't access the internet. The only way I can get them on is to assign them a static IP in an excluded range within their network settings. Primarily happens on the wireless networks but those get the most traffic and has happened wired in.

What could be going on that they'd be assigned an IP from DHCP, can access internal network utilities (email, shared drive, printers) but can't get an outside connect to the internet?
0
seeing a bunch of these errors on my domain controller - please help


While processing an AS request for target service krbtgt, the account username did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of 1). The requested etypes were 3. The accounts available etypes were 23  -133  -128  -140.

While processing an AS request for target service krbtgt, the account username did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of 1). The requested etypes : 18  17  3  1. The accounts available etypes : 23  -133  -128  -140. Changing or resetting the password of username will generate a proper key.

While processing an AS request for target service krbtgt, the account macbook5$ did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of 1). The requested etypes were 3. The accounts available etypes were 23  -133  -128.
0
Unable to visit website without 'www' before the site name. The site works fine when I enter 'www' before hand.

What sort of record must I create on my hosting service? A? CNAME? I've done this a million times but for some reason it doesn't seem to be working. I must be overlooking something.

This is not an IIS or GoDaddy. The company name is Site5.
0
We have public DNS for one domain hosted on a Windows DNS Server... We need to move to public DNS provider. Typically with any public hosted DNS such as GoDaddy, Rote 53, or DNS Made Easy when we transfer DNS from one provider to another we just export a zone file, and import the zone file to the new provider.

How do we export a zone file from Windows DNS? See below for example of a typical zone file I would expect to see from any public hosted DNS provider export. How do I get the same from Windows server?

http://help.dnsmadeeasy.com/managed-dns/domain/import-records-zone-file/
0
We have three replicated DC's.  Few days ago i ran updates on DC3 and rebooted the server. When the server came back online, network configurations were reset and lost it's static IP address. I discovered the issue because our in house wifi was down which authenticates with DC3 active directory. I changed network settings back and configured static information. Everything came back to normal except our ability to print. Error "The server printer spooler service is not running. Please restart the spooler on the server or restart the machine".
I tried to access DC1 via explorer \\DC1 and i am getting access error.
"\\vDC1 is not accessible. You might not have permission to use this network resource. Contact he administrator of this server to find out if you have access permissions. The target account name is incorrect"
Everyone lost ability to print through mapped printers. If i try to access the server through a browser using static IP, i don't have any issues and connect to the printers.
Our Environment:
vDC1 - DC (Virtual Machine)
DC2 - DC, DNS
DC3 - DC, DNS, PRINT

Can:
I can ping both IP and FQDN
I can remote in via IP and FQDN
I can browse to the server via browser \\10.10.x.xx
I can print from vDC1 to the printer.
Cannot:
I cannot browse to the server via browser FQDN \\vDC1 from all computers and servers on the network.
No one in the company can print because printers are mapped through \\vDC1


Any suggestions?
0
hi,
i am having connectivity issues to my db, just want to recheck my DNS an DHCP settings,  (new server ) what all steps should I perform to check the correct configurations, ( i am new to windows administration ) , i have 2012r2 and db running on server essentials?
0
I have a client that sends invoices through Netsuite. The clients domain uses SPF, DKIM, and DMARC. Their DMARC policy is: (v=DMARC1;p=reject;aspf=r;rua=mailto:admin@domain.com)

When emailing certain customers they get bouncebacks and after contacting Rackspace who hosts most of the customers they can't reach. Rackspace is saying it's because of domain alignment under the DMARC standard even though SPF and DKIM match fine. (After I finally reached someone who understood what DMARC was and didn't want me to add Rackspace to our SPF...)

The headers on the netsuite include the following bits which some or all are apparently the cause because they specify netsuite instead of my client's domain so they aren't aligned:

smtp.mailfrom=bounces.na3.netsuite.com
helo=nmail001.na3.netsuite.com
Reply-To: User <transactions#_msg_#@transactions.na3.netsuite.com>
Return-Path: b.#.user_domain_pcom.#@bounces.na3.netsuite.com

Spoke with someone at Netsuite who says that Netsuite can't change this behavior at all, but Netsuite also claims they can send DMARC-compliant mail. Is anyone else able to get DMARC working completely with Netsuite?

When the client sends to me on O365 it passes SPF/DKIM/DMARC just fine, but I also see the above bits in the headers. It looks to me like it's doing SPF checks against the netsuite.com domain instead of my client's domain...which seems like Netsuite actually is tagging these wrong...

This is what O365 says in my headers for DKIM/SPF/DMARC …
0
Protect Your Employees from Wi-Fi Threats
LVL 1
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

Currently having a problem with our exchange server. One user is receiving this error ("cpanel4.wsiph2.com rejected your message to the following e-mail addresses: Your server IP address [xxx.xxx.xxx.xxx] is missing a reverse DNS entry." ) whenever he sends email to one particular email address. A few months ago he was still able to send an email to that email address without any problem. Please help.
0
550 5.7.708 Service unavailable. Access denied, traffic not accepted from this IP.

We receive the above bounceback error when any user sends mail from a remote client to a recipient outside our network. The remote client is HubSpot, they submit the mail via O365 API (SMTP or ESMTP, whichever you prefer) and the submission receives 250 OK, and the connection closes. Users are on O365 business trial acct, and the remote client is connecting via the O365 API/OAuth. This is a TRIAL of O365 and I'm wondering if that might impact as well...keep in mind that this only occurs when sending from a remote client, but the NDR is referencing the mail host not the client.

However, the end result is always the same. Unfortunately, the O365 business acct is a trial and I cannot access headers nor any log tracing. The only thing I can see is message trace, which includes the 550 error above as well as a mysterious IP - 25.166.180.16, which is not an IP that the client uses, and Microsoft support says this is not one of their IPs. This IP does change.

Please let me know any insight you have about this issue - we are keen to resolve. Thanks!
0
When I setup our Office 365 Tenant I didn't want to use our Primary Domain right off the bat as I wanted to get things up and running and tested before I switched the Production Domain DNS over to O365.   When Doing this, the ApplicationUri and the AccountNamespace both reflect the Domain Name I chose when I created the Federation,  <ID>.<Domain.Name>

Microsoft Said the only way to change the  <ID>.<Domain.Name> is to destroy the Federation Trust and the Hybrid configuration and re-create everything! Not something I want to do.

My Questions:
  1. Besides the Internal Communications between the On-Premise and O365 servers is this  <ID>.<Domain.Name> visible to anyone?  
  2. If we eventually have everything in the Cloud and do not have an On-Premise Exchange Server, will this name go away at that point?


Get the Federation Trust ApplicationUri from On-Premise
[PS] C:\Windows\system32>Get-FederationTrust

Name                 ApplicationIdentifier     ApplicationUri
----                 ---------------------     --------------
Microsoft Federat... 000000004005162E          <ID>.<Domain.Name>

Open in new window


Get the Federated Organization Identifier AccountNamespace from On-Premise

[PS] C:\Windows\system32>Get-FederatedOrganizationIdentifier | fl AccountNamespace
AccountNamespace    :   <ID>.<Domain.Name>

Open in new window

0
Active Directory Full computer name issue.
New 2016 Server developed a problem, cannot seem to figure out how this happened or even find a fix.
Full Name of server shows in the following way: Servername.domain.local, domain.com
When running Server manager or ADU The system complains that the name is invalid.
In DNS Manager the SOA shows the same naming convention (weird).

Where is it getting this name from?
For what its worth the second DC is working fine, only the primary server is failing.
0
Hello
I have 4 DC in my environment, two primary with FSMO and two additional DCs. How could I check connected user's sessions on these DCs?

Example:
USer1 is connected to DC1
User2 is connect to DC2
and so on

Regards
0
My clients company website is visible on internal domain but if users take their devices externally they are unable to view it. The domain name is the same as the website address (not sure if that makes a difference.

I'm assuming its a DNS issue but any advice anyone can offer would be greatly appreciated.
1

DNS

26K

Solutions

25K

Contributors

The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.