Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17







The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.

Share tech news, updates, or what's on your mind.

Sign up to Post

So we're a Canadian company, and we had our Exchange 2010 on prem for a long time. An American company bought us out, and we ended up migrating our mailboxes to their newer Exchange 2016. However, we all notice the lag now, and although it's tolerable for some of us who are at major offices with Fiber internet connections, the rest of us are having a myriad of problems with the new setup, everything from inconsistent lag, to DNS and Autodiscover setup being less than ideal, to local Mailbox caches continuously break and forcing to recreate profiles in Outlook every time someone jumps on and off the VPN.

I wanted to explore the option of getting Exchange Online or some other service, and migrating those mailboxes to the Cloud, and having those users connect to the cloud-based mailbox. It makes even more sense to leverage cloud as the people who have these problems the most are mobile and are travelling across North America all the time.

Has anyone had experiences or a setup like this, and if so, can you give any feedback or advice on how to approach it?

Get your Conversational Ransomware Defense e‑book
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Error “Failed To Connect To An Exchange Server In The Current Site” While Running Exchange 2016 Exchange Management Shell

Not connecting to domain Enter FQDN.

Hard problems with Active Directory and needed to repair it.  Now getting errors form Exchange Server

Everything else looks like it is running ok.   Had to reinstall DNS also as it would not start correctly.

yesterday I notice an issue on my primary DNS server as follows:

I went to the dns server under the forward lookup zones on _msdcs.mydomain.local properties ---> name servers -----> edit on my primary dns server ------> trying to resolve its name but it shows this message .... "a timeout occurred during validation"

tried to do the same steps on my additional DC on its DNS server everything works fine.... and I don't have any problem resolving the workstations on my network

but when I do nslookup on the primary DC it shows this message if the primary DNS server set to it self

DNS request timed out.
    timeout was 2 seconds.
Default Server:  UnKnown

note : the IPv6 is disabled
I'm trying to get the SPF record configured for our domain, we host out own exchange server. Do I ask my isp to add the spf record or do I do it on the godaddy dns managment tool. I send out my emails through (ISP)

Thanks in advanced for your help!

We have webserver where certificate Authority webenrollment role installed and it is pointing to Issuing CA

When ever we try https://webservername/certsrv then i can able to request certificates

but when i try https://webserver<Ip Address>/certsrv then in the last step while requesting certificate the following error appears... can anyone help to resolve this

We have a single AD-integrated forward lookup zone for our internal domain:
We are also running in split-brain where our external domain is also

We have multiple AD/DNS servers in the US and Europe in, all 2012 R2.

We have an application server that resides both in the US and in a Cloud Provider, where internal DNS resolves to the local app in the US and externally to a CNAME in a cloud platform.  For example, our records:

Internal: - A Record
External: - CNAME

The issue we are facing is that the internal A record for app01 is resolved by all resources in both US and Europe, and we need to have resources on the domain in Europe, resolve app01 to the External host CNAME, instead of the US internal host.

I understand there is new DNS zone scope functionality in Server 2016 that can achieve this, however this is not an option at this time. Neither are local hosts files.

I also tried creating a new primary zone using the name, not stored in AD, with the intention of creating the CNAME for app01 within this new non-ad integrated zone, and maintaining this on each Europe DNS server, while keeping the A record on the US servers in the zone, but it would not let me proceed with this.

Is there any way to achieve this using 2012 R2 DNS servers or other alternative relatively cheap solution?
My Domain A is a trusting domain for trusted Domain B (one way external trust).

When I validate the wizard, the PDCE of my trusting Domain A says it is unable to obtain an RPC connection to domain controller XXX of trusted domain B.

Upon closer examination, I notice that the PDCE of my trusting Domain A is resolving the Domain Controller XXX of trusted domain B with a wrong IP. Also, that DC is not the PDCE. Just a DC from a remote office.

The problem I see, is that on the DNS server used by my trusting domain does not have a zone for that domain B. I'm not quite sure how the DC of trusted domain B is being resolved and why it has the wrong IP.

How can my PDCE resolve the other's domain DC when I cannot find its zone in the DNS ? I checked the hosts file is empty. Any idea ?

Got a question.  We have several sites connected via site to site VPNs to our headquarters in a hub and spoke topology.

What we're tryin to do is find a way DNS will resolve to a particular hostname when the VPN tunnel is connected, but when the tunnel is not connected, it will resolve to the public A record.
All remote sites have an on-premise domain controller that handles DNS.

Example: resolves (internally) to the internal mail server: (for example).
This is good, but when the VPN tunnel at a remote office is down, the clients are still resolving to the internal IP, which will obviously fail since there's no route.  What we want is for them to resolve the external DNS, which in this case might be or whatever.

I would have no problem having the users at remote sites permanently access certain A records via the public DNS lookup, but is that possible?  Can i have an A record in my internal DNS servers that resolves to a different IP?

Example, at the headquarters location, resolves to the internal IP, but at all other remote locations, resolves to the external IP
I am changing internal IP address of Active Exchange server tonight.  IP address of passive DAG node was already changed last week and did not get any issue.
I have already changed the Barracuda appliance IP config to FQDN instead of static IP and outbound authorized IP also has new IP. From Barracuda support email filtering for inbound and outbound is all good.
For exchange Active server, could I go ahead and change inertial ip address and reboot the server without going through the process of draining to passive server which does have database copy of Archive01 and I am trying to enable locked DB during draining process as two other DB is not reporting issue on test-replication.
It is all done during non-production hour; therefore, I can take risk of temporary failure, if it could be done without draining and changing to maintenance mode.
I would be changing DNS A record, internal Auto discovery, Receive connecter Scoping Default Front End connecter “Network Adapter binding”  Active node and may add some more IP if needed on Remote network settings.
Exchange version details –
Active Server
Exchange 2013 Standard
AdminDisplayVersion             : Version 15.0 (Build 1178.4)
ExchangeVersion                 : 0.1 (8.0.535.0)

passive server Standard
Exchange 2013
Version 15.0 (Build 1178.4)
ExchangeVersion                 : 0.1 (8.0.535.0)

OS version for Witness, and primary and secondary notes all
Windows 2012 R2

Here is the summary of report on error I…
I log into different domains using NetExtender. When I log into client1 NetExender sets the flag to "Append these DNS suffixes" and adds as the suffix. Requests by host or host.domain name resolve fine. After I disconnect I see the flag is still set and the domain name ( is still present.  

When I connect NetExtender to name resolution does not work. I can only access devices by IP addresses. If then I uncheck  "Append these DNS suffixes" in DNS portion of my computers network settings devices are once again accessible by name.

Is there a setting in SonicWall SSLVPN configuration that will do the proper house keeping?
Looking for the Wi-Fi vendor that's right for you?
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

The issue I'm describing is VERY FRUSTRATING.  We  are decommissioning a proxy server yet our firewall is still showing windows 7 computers hitting the proxy server.  

Here are the steps that I've taken and what I've looked at on one of the computers in question.

DESELECTED  "Automatically Detect Settings"

Set  "Use automatic configuration script" to reference the CORRECT proxy server that is currently in use

DESELECTED AND CLEARED  the entry under the "Proxy Server" entry for "Use a proxy server for your LAN......"  Fields are blank and UNCHECKED

Edited the registry and removed ALL references to the proxy server that we DO NOT want to reference (the one being decommissioned) both IP address and the hostname that references the proxy server.

Changed the one installed application to point to the correct proxy server.

Flushed the DNS cache on the workstation.

With ALL these steps taken, can someone tell me where to look or tell me why the machine is still trying to reach out to the proxy that we're decommissioning?
Hi I have a server that has Centos7 that does not have an GUI Interface installed. By accident for some reason it looks as though during the install I did not set the IP Address details of Nic1and these should be static. I am trying to set it so that the IP address details of Nic 1 is subnet mask is, gw is and the dns I was going to just set as (Google DNS Servers)
Can you help on the commands to run to set this please. The server has 2 nics but only nic1 is plugged in.  if I run the command ip a this is what I get (please see attached file). I assume the nic is that called enp2s0f0
Hi Experts, AFAIK there are 3 ways to anti-spam to an Exchange 2016 environment: SPF, DKIM and DMARC

I can configured SPF record on domain control panel but not sure about the 2 others, does anyone have experience with them? Can we configure them on Exchange mailbox server, or public DNS of ISP?

Many thanks in advance,
Hello, in my company we are planning on starting to decommission our local forest. it is a one domain forest with 8 domain controllers.We are currently in the process of migrating, building local servers to our parent companies domain.
Can anyone recommend any good books that walk you through the steps, mention important points to consider,
help planning on domain/ forest decommissioning...etc, thanks in advance.
Thanks for checking out my question.  It seems simple, but it requires a little explaining.  
Goal: Be able to configure my home Outlook to send emails from Outlook by authenticating to our Exchange server
Environment: Exchange 2013 / Outlook 2013
DNS Flow (to explain how the traffic flows from internet-to-Exchange-server): translates to public IP address. Public IP address NAT's directly to my CAS server.

When I configure my Outlook client, I am setting up a POP3 account.
Incoming mail server:
Outgoing mail server:
Incoming server (POP3) Port: 995 (using SSL)
Outgoing server (SMTP) Port: *Here is the problem*

When I choose "Test Account Settings" when creating my Outlook profile, it's a 2 step process.  
1st step: Log onto incoming server --> SUCCESSFUL
2nd step: Send test e-amil message --> FAILS

On my firewall, the ports I am forwarding to the Exchange server are: 995, 993, pop3, smtp, https, TLS(587).  However, when working with with my firewall vendor, we let in EVERY port and it still failed.  I'm thinking this is an Exchange issue, but I'm unsure where to start.  
Send/Receive Connectors?

Thanks again!!
Hi All ,

Need your help to understand why Favicon Icon is not showing up for a single site collection in IE 11 only, I have tried deleting IE cookies , Cache , hard refresh , IIS reset, Flush DNS etc but nothing worked, any suggestions ? below is scenario .
Single web application with with 2 site collections http://SC1 and http://sc1/sites/sc2

In IE :
Favicon show up for http://sc1
Favicno does not show up for http://sc1/sites/sc2

In Chrome :
Favicon shows up for http://sc1
Favicon shows up for http://sc1/sites/sc2

Thanks in advance.
Currently we have dev, test and uat for non-prod environments. And test and uat are going through Akamai and use their Forward Rewrite cloudlet to determine which server to go to.

Now we have a new project. The project team asks separate environments from BAU, so it wouldn't impact the BAU work. They proposed to use dev2, test2 and uat2, but to be able to use Akamai with these new domains we have to do a lot of works, such as create new configs, register new certificates, copy all the rules... and also DNS change, firework change...

I am thinking to still stick to the existing URL, but create a clone site. So for example, under, we have 2 versions of sites: V1 and V2. So is there a way the IIS could determine to pass the request to\V1 or\V2? By default it always goes to V1, but by adding some information, such as something in the header, IIS would know which version to go to. And the URL would always be

Thank you.
Company is on BIND DNS.  I setup a new AD with new Zone for that AD.  
In Windows DNS have BIND Forwarders IPs with Unable to resolve in Server FQDN.  
Do I need to enable BIND Secondaries?  

What else I need to enable on BIND and Windows DNS to have users connected to successfully resolve new AD?

I’d like to reduce the Spoofing SPAM by enabling DKIM and DMARC, so I need your assistance in how to implement this to all of my Exchange Server accepted email domains ?

Note: I am managing my Public DNS server On Premise running on the Windows Server box, so I can have access to the records myself.

From my understanding, I can just add the below entry:

DKIM: Create a CNAME record for with this value:
SPF: Create a TXT record for with: v=spf1 ?all
DMARC: … not sure

Open in new window

But I need further detailed steps if any.

What does it mean to be "Always On"?
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

it restarts from 72% and fails at 100%

there is a similar issue 

but I have joined my server to existing domain and transferred FSMO roles so the administrator account was already there. I can't reload the server from scratch as I have too much dependencies to worry about

I have renamed the domain administrator account to root rebooted many times and no luck

I looked thru the logs (2 logs attached) and there is an error related to AD (which has been already installed before)

[5824] 170909.154831.8187: ADContext: GetReadableADContext: System.DirectoryServices.ActiveDirectory.ActiveDirectoryOperationException: A local error has occurred.
 ---> System.DirectoryServices.DirectoryServicesCOMException: A local error has occurred.

   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
   at System.DirectoryServices.ActiveDirectory.DomainController.ValidateCredential(DomainController dc, DirectoryContext context)
   at System.DirectoryServices.ActiveDirectory.DomainController.FindOneWithCredentialValidation(DirectoryContext context, String siteName, LocatorOptions flag)
   --- End of inner exception stack trace ---
   at System.DirectoryServices.ActiveDirectory.DomainController.FindOneWithCredentialValidation(DirectoryContext context, String siteName, LocatorOptions flag)
   at …
one of our new clients has a 2003 server for a legacy program. 2 users in house and 2 using terminal services use it.  the users inhouse can use it but RDP users cant logon because of the following "Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted. " we have checked ip address, flushed dns and re-registered dns and the error is still happening. event log error is Event id 1054 . any suggestions would be appreciated
windows server 2012 dns key master role seized or transferred automatically to
I have a 2012 R2 file server which is widely used in the organization.  
Host name:  \\FileServerBlahBlah
CNAME Alias: \\ProductionFiles
DFS Namespace: \\Domain\Shares

The \\ProductionFiles alias is being phased out and replaced with a DFS Namespace.  This alias was used years ago.  My goal is to find who or which apps are configured to use this alias to connect to the server. I believe my only option is to enable tracing or logging to capture traffic which may be using the \\ProductionFiles alias to address and repair each source individually before removing the alias.

Unfortunately, deleting\disabling the alias to see who complains or which apps fail is not an option.  The potential risk to vital operations is too great.
I'm looking for alternative options aside from installing Wireshark or Microsoft network monitor.  There are restrictions with this server due to the nature of the data stored on the disks.  

Thank you!
We are part of a large domain with several domain controllers (Windows Server 2012 R2 Standard and Windows Server 2016 Standard). Some Windows 7 clients don't get registered in DNS ("nslookup" says "not found"). Others get registered without problems.

The problem is not client specific. Clients which are affected on one day, maybe won't be affected another day. ipconfig /registerdns sometimes fixes the problem until the next startup.

Any ideas how to delimit the problem? As we have no access to the servers (and the admins didn't find the problem yet) we are looking for some client based logging or other hints for the admins.

Thanks and best regards
We have a server on our network that is public facing. We have Comcast cable and ATT fiber running into the building and a firewall that can handle both. I'd like to set something up that if a client goes to (mysite).com and the cable modem is down (the "primary" service) it would failover to the fiber connection to the server automatically and switch back when the cable came back up, so the server is always the same server and the client is always using www.(mysite).com, just how they get in would change depending on if a service provider is down.

What are my least expensive options for that?






The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.