Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium







The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi support

We have major issue that after being remove from the MPLS that some of the traffic unable to reach google or microsoft  DNS .

How to resolve fix a ip address to test out the DNS ?
Concerto Cloud for Software Providers & ISVs
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

We recently took over a domain controller and an Exchange Server, both Windows 2008 R2, with e-mail connectivity problems. We soon found invalid AAAA records in DNS. They were pointing to the IPv6 addresses of the hosts' 6TO4 tunnel adapters, not to the addresses of their physical LAN adapters.
We then deleted the wrong AAAA records on the domain controller's DNS server only to see them re-appear again within a couple of hours, breaking Exchange communication again. Who/what keeps registering these records? How do we keep them off?
("Register in DNS" in LAN connection properties is unchecked; all servers are IPv6-autoconfiguring.)
I will be installing a Windows Server 2016 Essentials server to replace an existing SBS2011 server.  They will use Exchange Plan I and II and Outlook 2010/2013/2016 clients.  When I install W2K16 Essentials I will need to configure DNS entries to so Outlook can successfully authenticate, etc.  Exchange autodiscovery needs to be setup correctly so that each Outlook client successfully authenticates and maintains a connection to their hosted mailbox.  I am looking for the steps necessary to setup the local DNS entries.  Your feedback is appreciated.
I was updated one of my domain controllers that is the FMSO role holder.

The updates failed and the machine was rebooted.

Now the machine seems slow, sluggish and other severs and services wont authenticate against it properly.

My other domain controllers now wont even recognise that they are domain controllers.

They are up, DNS is running, but the network shows as "network 2" on public.

I have tried changing the network adapters uninstalling etc, but whenever i try to run anything to do with the domain such as ADUC it comes up saying no domain controllers can be found.

Need some help asap please. nothing i try seems to work.
Hello, I am trying to migrate a DC from Windows SBS 2008 server to a Win 2012R2 Standard server.  I have downloaded dcdiag and I have problems now with the domain controller being found.  I have not yet demoted the 2008 SBS Server.

I have reviewed the DNS and cannot get the connectivty test to work correctly which I beleive is part of the problem.

the dcdiag results are as follows:

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   Testing server: Default-First-Site-Name\xyz2017
      Starting test: Connectivity
         The host bd8c4734-d1d3-4a57-8422-d17200041a41._msdcs.abcinc.local could not be resolved to an
         IP address.  Check the DNS server, DHCP, server name, etc
         Although the Guid DNS name

         (bd8c4734-d1d3-4a57-8422-d17200041a41._msdcs.abcinc.local) couldn't

         be resolved, the server name (xyz2017.abcinc.local) resolved to the

         IP address ( and was pingable.  Check that the IP address

         is registered correctly with the DNS server.
         ......................... xyz2017 failed test Connectivity

Doing primary tests
   Testing server: Default-First-Site-Name\xyz2017
      Skipping all tests, because server xyz2017 is
      not responding to directory service requests
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
Long story short.  Our marketing person reached out to our web hosting company to make some changes to some records (CNAME, etc.) to verify our domain with MailChimp to ensure that our marketing emails were not getting flagged as spam.  I am not sure what our web hosting company did but they did not make the correct changes and things broke instantly.  Our website went down, outside sales cannot utilize their VPN connection, email stopped coming in, etc.  

I began trouble shooting the problem yesterday.  It appears that the web host changed the nameservers.  I updated the new nameservers with our domain registrar and our website came back online.  

The webhost also changed our MX Record to point to their webserver instead of our public IP address for our internal Exchange server.  I changed the MX Record back to our public IP address and email is flowing properly again.

However, the use of Outlook outside of our internal corporate network is not working.  Upon opening Outlook, a message pops up stating:

"Outlook cannot log on.  Verify you are connected to the network and are using the proper server and mailbox name.  The Microsoft Exchange information service in your profile is missing required information.  Modify your profile to ensure that you are using the correct Microsoft Exchange information service."

What do I need to do to fix this?  Do I need to delete the profile and recreate it from scratch on each client PC?
I have one that has me stumped. A new customer has a DC and an Exchange 2016 server. Everything has been working fine until yesterday. Something happened and the server now will not let any of the Outlook clients connect. I can connect through OWA but I cannot send or receive emails. When trying to send, I get the You don't have permission to perform this action. Everything looks normal in the EAC. In the Event logs I am getting the 9041 which from reading on it points to DNS but the only DNS entry in the NIC configuration is the DC. Needless to say the customer is anxious to get email back up. Any ideas?
Good morning,

I have been naded an unusual issue, at least in my experience.

We have extremely important emails being sent from the UK via an MPLS setup, and they are using Private DNS entries. Our SPam and Email servers require rDNS or the emails are blocked. We whitelisted and IP address for them yesterday but that did not seem to help.

This has been escalated to top priority as these emails are for our CEO and COO. What can I do from my end to ensure that the emails can be received and delievered?

I have about four hours to correct this as the senders are on UK time and I am on EST time, so if anyne can help me I would be most gratefull.

We have a hosted server with an ssl certificate which we can access externally but on the wifi (dns external) we cannot access the hosted server. With the wifi and the hosted server are on different subnets behind the same firewall. Does anyone have any suggestions how we can overcome this issue?
I have

Exchange 2010 SP3 on Windows 2008r2 -  4 servers (2 CASHUB + 2 MBX).
Internal clients are using NLB called excasarray.domain.com pointing to DAG
Domain name has other DNS records internally referring to the excasarray.domain.com.  

As we added Exchange 2016 servers (RYEX01 & RYEX02) on the existing organization and migrated few pilot users for testing.  The issue is purely for the internal outlook users. After we migrate the users are getting certificate prompt of new exchange server which has only exchange server hostname and fqdn in the certificate. Hence it is throwing certificate prompt for all users stating the new certificate does not match with the other SAN names. We have added new DNS A record for autodiscover and webmail.domain.com. For external users access owa has no issue. But for the outlook users it is prompting for certificate. What i am missing here. Here are the output from virtual directories.  We want a solution to avoid certificate prompt for the user before we migrate the mailbox. Also we have public certificate applied on the old server and exported pfx file and iimported to the new server. Appreciate your help on the same.

[PS] C:\>Get-ActiveSyncVirtualDirectory -ADPropertiesOnly | fl Identity, *lurl*, *method*
Identity                      : RYCASHUB01\Microsoft-Server-ActiveSync (Default Web Site)
InternalUrl                   : https://rycashub01.domain.com/Microsoft-Server-ActiveSync
ExternalUrl                   : 

Open in new window

Receive 1:1 tech help
LVL 11
Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

We have 3 DC's:
DC1, DC2, and DC3 for BigNet.Big.Ten.Edu (suppose to be visible just to Domain computers and servers)
and 2 NameServers:
 NS1.BigNet.Big.Ten.Edu and NS2.BigNet.Big.Ten.Edu
(We have control of the BigNet and Big levels of the domain... We don't have control of the Ten.Edu level)

After clearing out many DNS errors due to old/obsolete domain controllers that were found in the records (we had very slow logins),
I'm down to trying to isolate DC3 from showing up as a nameserver publically (as it is firewalled off to all except the Nameservers and Domain attached computers).
I'm in need of guidance in tracking down what we have set wrong.

Trying to move away from the &%$#$-ing 2008 SBS & yet another issue rears its ugly head.
When trying to run some of the pending updates, true to form, it rebooted & never did get to the desktop. I restored from a backup, but since then, network shares weren't available. They showed up with the red X on them & when double clicking, I'm getting the message;
\\Server is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions.
Logon failure:The target account name is incorrect.
Permissions haven't changed & name is correct, as has been the case since it was installed.  
I can ping the server by name or IP without problems.
If I go to map network drive, as soon as I select the server, I get that same message. But, if I put \\\share it maps the drive, no problem. Now, since I'm in the process of replacing this, I just re-created the shares on one of my new & improved servers, remapped everyone to those & all is well & I am only including all this, as it may lead to a solution my to bigger problem.
My bigger problem is when someone is using the remote desktop server (2008 R2) & tries to open outlook, a dialog box pops up,
Connecting to mailserver.mydomain.local, along with username (domainname\username) & a password box.
Entering password doesn't work, so Outlook never opens.
A few other things to consider as a possibility here, that version of outlook…
Hi.  I have spf record quesiton.  My mail is hosted by zoho mail.  I have no issues there.  But I have an AS400/iSeries that I am sending out emails nightly to customers with shipping info.   For example those emails are coming from S103jmr4.xxx.com (xxx being our domain name).  The idea I believe is to add an spf record with that special name in it so that people will receive those emails, but I want to make sure that people keep receiving the normal mail.    I used an spf builder to create a record using the S103jmr4.xxx.com.  But does that spf need to include info about the zoho mail server too?
Here is the spf record created.
xxx.com.  IN TXT "v=spf1 mx ptr a:s103jmr4.xxx.com ?all"

Basic Requirement for domain network ?
Hi there,
In our Internet accounting system users redirected to hotspot login page (based on Mikrotik CCR1036 12G 4S and installed a star SSL cetificate) and when there is a congestion in the logon (more that 500 users attempt simultaneously,) many of users encounters errors such as "The web page is not available" or "SSL connection error".
In that time, DNS server (Bind9 on Ubuntu 16.04.2 server) cannot respond to nslookup of domain name of hotspot page (internet.xxx.yyy) in a troubled system (has time out to respond query). I think that there is a limitation on how many queries that it can respond.

I would appreciate to give me guidance and tips.

Best Regards
Two Windows domains
1domain local to our corporate office
2nd domain connected via VPN tunnel
No authentication / trusts between domains

Website site located in 2nd domain. This is an "internal" site and is not accessible outside of our network connection via VPN tunnel

We are unable to access site in 2nd domain unless we utilize IP address of the web server.

Should I be looking at DNS forward lookup zone? Should I be making changes to local user HOST file?
service pdns status -l
Redirecting to /bin/systemctl status  -l pdns.service
â pdns.service - PowerDNS Authoritative Server
   Loaded: loaded (/usr/lib/systemd/system/pdns.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2018-01-04 14:39:03 CET; 237ms ago
  Process: 6403 ExecStop=/usr/bin/pdns_control quit (code=exited, status=1/FAILURE)
  Process: 6418 ExecStart=/usr/sbin/pdns_server --daemon (code=exited, status=0/SUCCESS)
 Main PID: 6419 (pdns_server)
   CGroup: /system.slice/pdns.service
           ââ6419 /usr/sbin/pdns_server --daemon

Jan 04 14:39:03 ns1.domainname.be pdns[6419]: TCP server bound to
Jan 04 14:39:03 ns1.domainname.be pdns[6419]: PowerDNS Authoritative Server 3.4.11 (jenkins@autotest.powerdns.com) (C) 2001-2016 PowerDNS.COM BV
Jan 04 14:39:03 ns1.domainname.be pdns[6419]: Using 64-bits mode. Built on 20170116223245 by mockbuild@buildhw-05.phx2.fedoraproject.org, gcc 4.8.5 20150623 (Red Hat 4.8.5-11).
Jan 04 14:39:03 ns1.domainname.be pdns[6419]: PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2.
Jan 04 14:39:03 ns1.domainname.be pdns[6419]: DNS Proxy launched, local port 10929, remote
Jan 04 14:39:03 ns1.domainname.be pdns[6419]: Creating backend connection for TCP
Jan 04 14:39:03 ns1.domainname.be pdns[6419]: Master/slave communicator launching
Jan 04 14:39:03 ns1.domainname.be …
In an office I maintain, we have about 10 PC's running Windows 10. After a windows update, the clients are unable to resolve external host names. It appears this issue arose after the Fall Creators Update.

-The workstations are able to ping an external IP but they cannot ping an external host name (www.google.com), even when configured statically to use google DNS.

-Windows seems to leave with with no option to roll back the creators update.

-The warehouse PC is not on the domain, and has no issues even with all of the latest updates.

-After a reboot, the user's can browse the internet and outlook will connect to exchange for about 3 minutes before they go back to having the same issue

On the Client PC I've tried:

Malware scans and Windows Defenders Scans: They show my computer is not infected.
Completing remaining updates > no change
Flushing DNS > no change
IP Release/Renew and netsh int ip reset > no change
Noticed IPv6 was enabled, tried disabling it > no change
Changing to Google's public DNS  > no change
Reinstalling NIC driver > no change

I'm not really sure if this is an issue with the MS update on each machine or something on the domain that is not meshing. I was relieved that I still had the failure with the PC using google for DNS thinking my server is not at fault, however it bugs me that the non domain PC has no issues.

Where can I troubleshoot next?
Hello buddies, I am implementing a Public - Private Domain over a network. In the past the structure was similar but i think i didn't implemented the DNS server OK (There was a DNS, web server and mail server were in the DMZ and in the same machine). I configured DMZ DNS to solve outdoor queries and indoor queries (Internal users) solve via internal DNS that points to DMZ server. Public IP and public domain was published on DMZ DNS server even on forward zone and reverse zone. I am not sure if it is correct or no I think it is not and now i have to add more servers and don't know how to configure the DNS correctly. Someone can help me (Please try help as a novice). Thanks in advance
Concerto's Cloud Advisory Services
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

how to check domain name availability in javascript using jsp
I completed a 2010 to 2016 migration and was having some issues with outlook clients connecting externally if they had not be opened up internally after the migration. In my drug fueled haze while getting over the flu, I thought it was a good idea to remove the 2010 server out of the equation as I thought it was what was cause the issue so I complete the migration, removed the old OAB, migrated all the mailboxes including arbittration and uninstalled the 2010 server.

All DNS is setup pointing to new exchange server including the old 2010 server name. And now internal clients cannot open outlook because there is no 2010 server to let them know their profile has been moved to the 2016 server(atleast this is what I'm guessing the issue is).

Deleting the profile and recreating it fixes the issue; however, that's not feasible for the 1000 users I'll have showing up on Monday trying to access their outlook.

Is there something I'm missing here? Am I SOL without the old 2010 server still around for them to proxy over to 2016?

Most outlook clients are either the latest version of 2010 or 2016
i.ve scom 2016 and need to specify some service that i need to show using the visio to make dashboard. so if i need to check health of the DNS service in my 3 domains how can i do that and shall i choose. also if  i need to check the status of my DHCP subnets can i do that?
i'm using visio 2013 and the scom addin installed but it's for system centre 2012 does it make any effect?
also if i need to just click on the service from the visio should it gives me the status of this object only?
A ways back, I'd set up nameservers on my VPS (let's call them 'ns1.mydomain.com' and 'ns2.mydomain.com').  I host a couple of dozens websites on that VPS.

For all of my domains, on the domain registrar's site, I'd set the Nameservers for that domain to Custom Nameservers:  'ns1.mydomain.com' and 'ns2.mydomain.com'.

Recently, I had to ask my VPS provider to create a new server for me (let's call it 'newVPS'), leaving my previous VPS (let's call it 'oldVPS') active so I could migrate or re-create accounts and contents from the oldVPS to the newVPS.

Both the oldVPS and newVPS use WHM/CPanel admin interfaces.  
The oldVPS is setup as (cut and pasted from the WHM panel banner): 'CENTOS 6.9 i686 virtuozzo – oldvps  WHM 56.0 (build 52)'
The newVPS is setup as (cut and pasted from the WHM panel banner): 'CENTOS 7.4 virtuozzo [newvps]  v68.0.21'

My understanding (which is limited in these areas) is that the nameservers I setup on my VPS have to be associated with one of the domains I own/host on that VPS.

The nameservers which I had previously setup on oldVPS were associated with 'mydomain.com' one of the domains/accounts hosted on oldVPS.  

For simplicity, I'm thinking of creating new nameservers on newVPS and associate them with 'myotherdomain.com', another domain/account to be hosted on newVPS.

How do I create my new nameservers on newVPS, say 'ns1.myotherdomain.com' and 'ns2.myotherdomain.com', presumably from newVPS's WHM (I'm …
Twice in the past month our static IP has been flagged by the CBL as hosting malware. The CBL provides the source and destination IP but we have not been able to capture ANY traffic from our network to the destination IP provided. Here is what the CBL gave us:

Detection Information Summary
Destination IP
Destination port	443
Source IP	[xxx.xxx.xxx.xxx]
Source port	16997
C&C name/domain	kemonzura.gdn
Protocol	TCP
Time	Tue Dec 26 18:15:27 2017 UTC

Open in new window

The source IP is set on our WAN interface on our firewall (Sonicwall) and packet capture on the Sonicwall shows no outbound traffic to the destination IP. We port mirrored the switch port where the WAN port is connected on the switch and ran Wireshare against it and still no packets destined for the destination IP. We put a firewall rule in place to drop any packets destined for the destination IP and still we get listed.

In short, we have not been able to capture a single packet egressing our network and destined for the destination IP provided by the CBL. Is it possible to spoof the source IP? If so, how do you re-mediate?

We are thoroughly puzzled by this.

Below are the full results of the CBL lookup:

Results of Lookup
[redacted] is listed

This IP address was detected and listed 56 times in the past 28 days, and 13 times in the past 24 hours. The most recent detection was at Tue Dec 26 18:15:00 2017 UTC +/- 5 minutes

This IP address is infected with, or is NATting for a
I had this question after viewing ManagementException...User credentials cannot be used for local connections.
i have some problem with create dns in windows server 2016 standard.
ConnectionOptions co = new ConnectionOptions();
   co.Impersonation = ImpersonationLevel.Impersonate;
    co.Authentication = AuthenticationLevel.Packet;

   co.Timeout = new TimeSpan(0, 0, 30);
    co.EnablePrivileges = true;
    co.Username = UserName;
   co.Password = Password;
   _scope = new ManagementScope(String.Format(@"\\{0}\Root\MicrosoftDNS", server), co);

Open in new window

i have some problem with create dns in windows server 2016 standard.

ConnectionOptions co = new ConnectionOptions();
   co.Impersonation = ImpersonationLevel.Impersonate;
    co.Authentication = AuthenticationLevel.Packet;

   co.Timeout = new TimeSpan(0, 0, 30);
    co.EnablePrivileges = true;
    co.Username = UserName;
   co.Password = Password;
   _scope = new ManagementScope(String.Format(@"\\{0}\Root\MicrosoftDNS", server), co);
and i have this error: System.Management.ManagementException: User credentials cannot be used for local connections at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize()
but this UserName and Password is admin.
please help me.i'm confused






The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.