The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.

Share tech news, updates, or what's on your mind.

Sign up to Post

Dear experts,

I am new to the DNS and DNS load test. Now i have task to test Load Test on two BIND9 servers [RHEL6]. I had googled it and i found dnspref is good tool to evaluate throughput and latency. However, I need a script to do this task. I will be very helpful for me if any one share the info.

Hi, I'm migrating from 2011 sbs to windows 2016 std server.

So far I have migrated AD, DHCP and DNS to win 2016. For some weird reason, the DNS on the win 2016 keeps locking up after 2 days. To the point, you can't even restart the service.
I need to restart the server itself.
I have removed and reinstalled DNS from scratch on the new server and the same happened this morning.
I even transferred the fmso roles over the weekend as some last ditch attempt.

this is causing issues with client workstations as there DNS is pointing at the new server.

any idea's ?
I connected the DNS from aws to my web host (Dream Host) with a wordpress extension from aws and have waited quite a while and still do not see the default wordpress blog on my website. I do not know what to do.
Hi Experts,

DKIM CNAME for office 365, i have the 2 values in my godaddy DNS but when I run a DKIM test using DMARC analyzer or MXTOOLBOX it fails


can anyone provide a solution for these errors? I am a little new to this DNS stuff.

C:\Users\pwrigley>dcdiag /test:dns

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = Server18
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\SERVER18
      Starting test: Connectivity
         ......................... SERVER18 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\SERVER18

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... SERVER18 passed test DNS

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : jbcnet

   Running enterprise tests on : jbcnet.loc
      Starting test: DNS
         Test results for domain controllers:

            DC: Server18.jbcnet.loc
            Domain: jbcnet.loc

               TEST: Delegations (Del)
                  Error: DNS server: server13.jbcnet.loc. IP:
                  [Broken delegated domain jbcnet.loc.jbcnet.loc.]
                  Error: DNS server: server18.jbcnet.loc. IP:
                  [Broken delegated domain jbcnet.loc.jbcnet.loc.]

Let me begin by saying that my IT guy is no longer available and I am not an IT expert but I am able to work through most issues.

My previous setup was a domain server that handled DNS and DHCP on a windows 2012 server.  It still exists and still has those functions.

My new setup is a sonic wall firewall to be PCI and HIPAA compliant.  This is provided by our healthcare software provider.  However, they are not providing IT services.  The sonic wall also provides DHCP and DNS services.

Here is what I think I want:
-The sonic wall to handle all things internet and DHCP
-The windows 2012 server to manage the domain log ins, active directory, file sharing, and group policy.

So - what do I need to do on the server?  What do I need to change on client machines in the TCP/IP settings?

I am sure that you will need to ask more questions.  Thanks in advance for your questions...

PDC died. Purchased a replacement. When I tried to join the domain I received the following error:

An attempt to resolve he DNS name of a domain controller in the domain being joined has failed.

From the second domain controller that was still functioning I seized the FSMO roles. Thinking that was the problem. No luck same error when trying to join the new server to the domain.

Stopped and restarted the netlogonservice and get these:

Log Name:     System
Source:       NETLOGON
Date:         5/30/2018 1:27:55 PM
Event ID:     5774
Task Category: None
Level:       Error
Keywords:     Classic
User:         N/A
Computer:     sacdc-admin2
The dynamic registration of the DNS record 'DomainDnsZones.SACDC.ORG. 600 IN A' failed on the following DNS server:

DNS server IP address:
Returned Response Code (RCODE): 5
Returned Status Code: 13

For computers and users to locate this domain controller, this record must be registered in DNS.
Have a AD domain that we have inherited.
Was a 2008 AD, 2008R2 AD and 2016 AD Servers and they are not replicating.  
Added a new 2008R2 server, carried out promotion and joined to AD as another controller.  SYSVOL and NETLOGON not created.
Demoted that test server.
Cleaned up AD with ADSI Edit and verified all details in AD Sites & Services.  
Demoted the 2008 Server and am now left with a 2008R2 Server and 2016 Server that are not replicating GPO, SYSVOL and NETLOGON.
Not sure if i should demote the 2016 Server to get back to one DC and fix that.
300 + users, Exchange 2016 so am nervous.
Any assistance would be appreciated.
Hi. We have some problems with DNS resolution in our network. Maybe, we made some misstakes in the DNS config...

Basically, the clients at the different subdomains alltimes have set the DNS servers from their local subdomain, then the DNS-Servers itself has set the DNS-Servers from the Root-Domain as primary forwarders. And on the Root-DNS-Servers, the DNS-Servers from our ISP are set as forwarders. Essential to know is, that roles like Exchange, ERP-Servers... are installed on servers located in the root domain but the users and clients are member of the child domains. Now we have often some issues with name resolution, exchange connection errors (autodiscover problems) and so on. But no explicit error messages on the systems. So i think there are general issues in the DNS Config.

We have the following AD- and DNS Setup (names are changed for security reasons) :

Domain Name:  COMPANY.local
Location:  Headquarter (Schlossrued, switzerland)
Members:  Only central Servers like Exchange, Fileservers (DFS) and other central Applications are member of the root domain. No Clients and no Users!
Domain Controllers: 2 DC on the main location (Windows 2016), 1 DC in every other location. All DCs are GC and have DNS installed.
DNS-Config:  The DCs has as the first DNS Server and the second DC as secondary entry in Network properties. DCs in other location also have as first an one of the DCs in HQ as second DNS. …
After doing a crossforest migration for about 1000 user, some of the migrated user's computers were migrated using a 3rd party free tool called Profwiz which shows more success than ADMT from a previous experience.

Due to some Network standards we were not able to change the DNS to point to the Destination Domain's DNS. So migrated computers are using the Source Dc's DNS through router DHCP.

Some of those migrated users have found that they are no longer able to login to their PCs and that their PCs lost domain access and when we checked.

The common event IDs between those clients who were disjointed from domain are as following:

Event ID
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

The system failed to update and remove host (A or AAAA) resource records (RRs) for network adapter
with settings:

The system failed to register host (A or AAAA) resource records (RRs) for network adapter
with settings:

The system failed to register host (A or AAAA) resource records (RRs) for network adapter
with settings:

The system failed to update and remove host (A or AAAA) resource records (RRs) for network adapter
with settings:

Only 2 computers out of 20 got this error
This computer was not able to set up a secure session with a domain controller in domain CALIKSOA due to the following:

I would appreciate any thought on this.
I am working on a 2008 R2 domain and am having an issue with DNS.  We have three DC/DNS servers, two in Iowa and one in South Carolina.  Running BPA on each reports, "DNS: The DNS server <ip address> one Local Area Connection must resolve the name of this computer."  Double-clicking the error, it shows the Issue:  The DNS server <ipaddress> on Local Area Connection did not successfully resolve the name of the address (A) record for this computer."  I have verified that the (A) records all exist.  Each server's NIC does include it's own IP address in DNS, but not as the first DNS server.  Removing server IP address and re-running BPA, it gives the warning, "Local Area Connection on the target computer that is a DNS server does not have its own IP addresses in the list of DNS servers," and logically does not give the error.  The servers all have IPv6 enabled.   If I add the IPv6 Address to DNS for the NIC's IPv6 configuration, I get the same error regarding "resolve the name of this computer" along with a number of other IPv6 related errors.

I have tried numerous things found online, but to no avail.  What am I missing?  I would greatly appreciate any guidance and suggestions.
Windows7/64-Verizon router.modem :

Been getting regular Event ID 1014 with different DNS servers not repsonding: i.e. dns.msftncsi.com;  rc.managedoffsitebackup.net; all timed out after not responding.
Is it possible to customize the "look and feel", layout, etc for Amazon AWS's SAML Federation Landing Page?


When we signin to our company "federation page" it redirects us to "https://signin.aws.amazon.com/saml" (as it should), which displays all of
our AWS accounts/AWS Roles to sign into. However, it's ugly and not really organized/categorized in any way (so you have to always scroll up/down
to find the account you want or do a "Ctrl-F").

I know we can customize our first landing page (company federation landing page), but can we change anything for the redirect/second SAML landing page?
Hi I have 2 iis instalations on different servers within same network. 1 x iis is hosting rdweb, 1 x iis has a website. I would like users to connect via vpn and be able to access the website. Ports 80, 443 are currently forwarded to the rdweb iis server. I'll have a dns entry remote.domain.com pointing to the external IP for the RDWEB. how do i get differentdomain.com to point to the second IIS server? Read some things about IIS redirect, not sure that if thats the way to do this? IF it is detailed instructions would be helpful :)

We have a Windows 2012 DNS server that is not behaving they way I had thought it would based on the MS documentation I found.
Round robin is disabled, and subnet prioritization is on.  
There are 2 local subnets (192.168.0.x/24 and 172.28.1.x/24), and one remote subnet of 172.28.150.x/24
DNS entries:

Name resolution works as expected (no round robin), and query return matches the IP of the local subnet it originated from.  For example:
DNS query for ServerA from host always returns
DNS query for ServerA from host always returns

But, DNS queries for ServerA from the 172.28.150.x network still return in a round-robin fashion, alternating between and
The 172.28.150.x network cannot route to the 192.168.0.x network, and so the query fails 50% of the time.  Or, I guess to be more accurate, the query doesn't fail, it just returns an IP that is not contactable by the requesting host on the 150.x network.  EDITED for clarity - I need the query from the 172.28.150.x network to return the address in the 127.28.1.x range.  There is not an option at the moment for a route to the 192.168.0.x network.

Based on the docs I found, I was expecting and hoping that the DNS server would return the "closest match" that it could find to the IP of the originating requester, starting with the left-most octet.  But this doesn't seem to work.  I have confirmed with …

We have a one-way domain trust, where users from DOMAIN1 will access files and folders from DOMAIN2. DNS appears to be working correctly to SERVER1, and I can map other shares on DOMAIN1 using the server's name no problem... however on one particular share on the same server, user's cannot navigate to nor map to using the FQDN  or alias of the server. It only works by IP address.

Any thoughts on what would cause this or how I can troubleshoot? Unfortunately I don't have administrator privileges on DOMAIN1, but on DOMAIN2 I do.

I have a client with a single label domain.  They have a 2003 AD and We added a couple of windows 2012 R2 ADs.   we ran into an issue with DNS not updating properly described in this ariticle: https://support.microsoft.com/nl-nl/help/300684/deployment-and-operation-of-active-directory-domains-that-are-configur     The registry changes on the client PCs fix the problem but I don't want to have to make this change to every PC every time we authenticate to the domain.  The recommended solution seems to be to a new server with a new domain and migrate to it.   If we have to I'll go down that road but here is my question: Does anyone know if there is a DNS / AD configuration change that can be made so we don't have to completely build a new domain and migrate?  One more thing, the network was functioning fine and I could authenticate new PCs to the domain even with the single label domain so something makes me think someone figured out a solution on the DNS / AD side of things but it didn't get transferred to the new AD / DNS.
I am unable to resolve dns over site to site vpn.  I have several remotes sites connected to the main office through a meraki site to site vpns.  I can resolve by ip addresses but dns does not resolve.
We're a WIndows network with a standard range of DHCP, DNS are on a server and I have a few wireless nodes on static IPs acting in bridge mode.

For quite a few clients, they will login, be assigned an IP, can access internal network utilities, but can't access the internet. The only way I can get them on is to assign them a static IP in an excluded range within their network settings. Primarily happens on the wireless networks but those get the most traffic and has happened wired in.

What could be going on that they'd be assigned an IP from DHCP, can access internal network utilities (email, shared drive, printers) but can't get an outside connect to the internet?
i am having connectivity issues to my db, just want to recheck my DNS an DHCP settings,  (new server ) what all steps should I perform to check the correct configurations, ( i am new to windows administration ) , i have 2012r2 and db running on server essentials?
Currently having a problem with our exchange server. One user is receiving this error ("cpanel4.wsiph2.com rejected your message to the following e-mail addresses: Your server IP address [xxx.xxx.xxx.xxx] is missing a reverse DNS entry." ) whenever he sends email to one particular email address. A few months ago he was still able to send an email to that email address without any problem. Please help.
When I setup our Office 365 Tenant I didn't want to use our Primary Domain right off the bat as I wanted to get things up and running and tested before I switched the Production Domain DNS over to O365.   When Doing this, the ApplicationUri and the AccountNamespace both reflect the Domain Name I chose when I created the Federation,  <ID>.<Domain.Name>

Microsoft Said the only way to change the  <ID>.<Domain.Name> is to destroy the Federation Trust and the Hybrid configuration and re-create everything! Not something I want to do.

My Questions:
  1. Besides the Internal Communications between the On-Premise and O365 servers is this  <ID>.<Domain.Name> visible to anyone?  
  2. If we eventually have everything in the Cloud and do not have an On-Premise Exchange Server, will this name go away at that point?

Get the Federation Trust ApplicationUri from On-Premise
[PS] C:\Windows\system32>Get-FederationTrust

Name                 ApplicationIdentifier     ApplicationUri
----                 ---------------------     --------------
Microsoft Federat... 000000004005162E          <ID>.<Domain.Name>

Open in new window

Get the Federated Organization Identifier AccountNamespace from On-Premise

[PS] C:\Windows\system32>Get-FederatedOrganizationIdentifier | fl AccountNamespace
AccountNamespace    :   <ID>.<Domain.Name>

Open in new window

My clients company website is visible on internal domain but if users take their devices externally they are unable to view it. The domain name is the same as the website address (not sure if that makes a difference.

I'm assuming its a DNS issue but any advice anyone can offer would be greatly appreciated.
Hi Guys
I have created a new domain as the old 2003 Server crashed and none of the BDC/PDC are working.
We are using a mixed os for the desktops of win XP/win8 and 10. Created a new 2012R2 server as a virtual server and seems to up and running.
However we are unable to connect any XP desktops to the 2012 server. I can ping the serevr but cant resolve the DNS or join the domain.
I did read a article on here, about changing  dependon service as follows


Original Value: SamSS Srv2

Change to: SamSS Srv

would appreciate any help please
tks in advance
Website can't be reach internal network!

I have weird issue came up. we have company website that hosted on Godaddy.com and working. I can access from outside of my network and without our router/firewall. I used my laptop directly plug into ISP modem and can access the website fine.  I can ping by ip address of the site and name of the address.  I can ping www.website.com or website.com just fine.
I can nslookup from internal computer and came up with correct ip address. I cleared the cache on internal DNS server.  I tried turn off firewall (Cisco RV345P).
None of these working. Help!!!






The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.