DNS

26K

Solutions

26K

Contributors

The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi, I have a strage problem  with a 2012 R2 Domain controller. This machine is in a datacenter. All server in datacenter can reach this machine without problem, RDP, DNS and so on.
Through a VPN I can only ping the server. The really strange thing is that disabling firewall RDP connection is rejected at once, with firewall enabled I obtain an internal error. DNS timeout (i cannot join to the domain).
Through tcpdump I can see packet flowing without problem, simply the server decides to not answer anymore.

To troubleshoot MTU issues now MTU on all interfaces involved is really low (1358).
Actually I can reach all other server in datacenter from remote and I can reach via RDP remote site from "problematic" server.

What I've missed to try?
2012 server R2 - domain controller - AD Connect installed


below tcp dump, you can see packets from local server (10.23.250.133/27) to remote server (10.23.250.2/27)

23:15:57.410162 Port3, IN: IP 10.23.250.133.49405 > 10.23.250.2.3389: Flags [SEW                                                                                                                     ], seq 1489785327, win 8192, options [mss 1318,nop,wscale 8,nop,nop,sackOK], len                                                                                                                     gth 0
23:15:57.410737 Port1, OUT: IP 192.168.232.1.49405 > 10.23.250.2.3389: Flags [SE                                                                                         …
0
Currently we plan to apply for a new domain so that all users will have their email on same domain.
I am new to this type of process and would like to see if someone could review what i come up below and advise any missing item that critical to this project.
1. Apply and register a new domain name e.g. abcd.com
2. Register and verify new domain name  in public DNS
3. Register and verify in MX record
4. Add the new dimain name to exisitng exchange server
5. Create new email account for each user
6. Comfigure and test with testing user account

Many thanks in advance.
0
Hello,

I need some input on this issue with our only server which is a SBS 2011 Standard server and is our domain controller, DHCP and DNS server. This server has 1 NIC.

Every boot the following events are logged in the DNS logs:

- Event ID 4000: the DNS server can't open de Active Directory
- Event ID 4007: the DNS server was unable to open zone [NAME] in the Active Directory from the application directory partition [NAME]

After 1 minute or something like that I get event ID's 2 and 4 indicating that DNS services started successfully.

screen
My problem with this is that some other services won't start correctly, because it takes DNS/AD DS too much time to start up.

The NIC is using 127.0.0.1 as the DNS Server.

This started happening after a unsuccesfull uninstall of ESET File Security. After using this tool the driver of the NIC was re-installed. Does anyone know where to start looking?
Knipsel.png
0
I can ping the website and it returns an IP address. I do a trace route and it resolves.

Our DNS sever has a different zone than the website address. Example, website is thisdomain.com and our domain on DNS is xyz.local. For giggles i even created a www record to point to the website address.

When i try to reach the website via the ip, it wont resolve either.

I plug directly into our modem, i can hit the website. I plug into our switch, behind a cisco firewall, cannot hit the site. I logged into the firewall, and i believe i turned it off. Still cannot reach the website.

I have used freeproxyserver.co and i can reach the website.

Help Please
0
unable to join the domain in to client machine
0
We have a handful of computers that keep trying to go out to the internet looking for wpad.dat.  We do not use a proxy internet server.  We do have an "in line" Barracuda Web filter between the core router and the firewall.  We know the external address where these requests are going, and know that (currently) this is not a threat.  We have tried to disable any automatic configuration for internet connections via gpo, but continue to have computers send the requests.

How do you block an outgoing wpad request at the firewall using a Sonicwall NSA 3500?

thank you.
0
(1) how can i know subnet mask & default gateway of any ipv4?
(2)Explain  dns server in detail?
0
EE,

This may be an easy one. I created a CNAME called WEB for an internal web site but it's not working. I can ping the CNAME record and it returns the source A record FQDN. But when I put the CNAME into the browser http://web/stuff, it doesn't work. I'm not sure why the browser doesn't qualify it.

/k
0
I am trying to add a laptop to inventory. It's just not working. I setup an single scan for the device by IP address but Spiceworks is not finding it.I have gone through the suggested steps in  Spicework's Inventory Troubleshooting | Finding Missing Devices.

WMI and DNS are all set but the device is not being found.

The Authenticated user is setup correctly.

From the Spiceworks server I have run the following query:

c:\wmic /user:xxxxxx /password:xxxxx /node:10.150.254.202 systemenclosure get serialnumber

I get an access Denied

I run the following query in the laptop:

c:\wmic systemenclosure get serialnumber

I received the correct information

The local Administrator account is authorized in the WMI setup on the local computer.

I am confident that the Firewall is setup correctly for I am able to do my weekly scans without a problem.I have several scan operations setup for several different network segments that are scheduled for different days of the week and they all run without errors

Any suggestions would be appreciated
0
I have not able to ping the router from ASA and unable to ping mgmt interface from the router.
current topology loos like ROUTER (192.168.2.1) ---> ASA (Standby/Active) ------> Switch 1 and 2.
Your help is much appreciated. Thanks.
-------------------------------------------------------------
System IP Addresses:
Interface                Name                   IP address      Subnet mask     Method
Ethernet0/1              DMZ                    192.168.3.111   255.255.255.0   manual
Ethernet0/2              FailOver               172.16.254.254  255.255.255.0   unset
Ethernet0/3              inside                 192.168.2.211   255.255.255.0   manual
Management0/0            mgmt                   192.168.4.1     255.255.255.0   manual
-------------------------------------------------------------------------------------------------------------------------------------------------------------
Gateway of last resort is 192.168.2.1 to network 0.0.0.0

C    172.16.254.0 255.255.255.0 is directly connected, FailOver
C    192.168.4.0 255.255.255.0 is directly connected, mgmt
C    192.168.2.0 255.255.255.0 is directly connected, inside
C    192.168.3.0 255.255.255.0 is directly connected, DMZ
S*   0.0.0.0 0.0.0.0 [1/0] via 192.168.2.1, outside
APOLLO# ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
?????
0
  • Main site A
  • Remote site B
  • Point to point connection between Main and Remote site
  • A & B in same same domain
  • we have internal DNS and External DNS servers
  • Internal DNS is within our domain, internal domain: local.web.com
  • External DNS is with 3rd party DNS providers, our domain: web.com
  • External Public IP nat'ed at firewall to internal IP of website IP.
  • External DNS name mapped to public IP

within our network we can load the website using the Internal URL address. However, resolution of external url is not working, failing with:
HTTP Error 404. The requested resource is not found
. If i were to load the external URL on my cell phone or with an external connection the site loads up with no issue.

I can't figure out why the external URL is failing to resolve within our network. Both internal and external URLS are different.

The only thing I can think of is that i may need to have an conditional forwarder but that makes no sense since I can resolve other external addresses.
0
I had this question after viewing "Remote Desktop cannot verify the identity of the remote computer because there is a time or date difference..." error.

i have a similar issue since a reboot few days back. on my DC
Identity to the remote computer cannot be verified. remote computer is not configured to support server authentication.

Everything was working fine with RDP for years now. but recently after a reboot the server is not connecting with network level authentication.
time zone and time settings are good
certificate is not expired, still valid with the FQDN
IP address or the name both gives the same warning
DNS is good, no changes in DNS or IP or network card or remote settings

i can only connect if i disable NLA
0
We had our DNS changed and was wondering what I need to do on server side to get this up and working? Thank you (Not an expert in DNS)

Ron
0
I have an app that uses a service. I need to test the app from within our domain and over the internet. The customer has both the production service and the a new test version of the service running on the same server. What i'd like to do is set up a dns zone that resolves to a different IP address based on whether its being requested from the domain or over the internet. From here I can set up the web servers (IIS) site bindings to redirect the request based on the IP address to either the production or test service. How can I configure this in the Windows Server DNS Manager?
0
It seems in order for BIND dns forwarding to work, i need to enable "recursion yes;" in named.conf.
We don't want to use recursions, only enable forwarding.


To explain further: we have two Solaris machines with non global Solaris zones. on these machines, we have for each a non-global solaris zone with dns. The solaris machines are dns authorative of there own dns zone. In some cases, they need to be able to resolve hosts outside of there own dns zone (for example a mail host).


i tried global forwarding

options { ...    
    forwarders { <ipdns1>; <ipdns2>; };
... }

and also per zone forwarding
zone "extdomain.com" {
        type forward;
        forwarders { <ipdns1>; <ipdns2>; };
        forward only;
};


but it seems when using nslookup to the outside world, it only works when recursion is set to yes. This causes slow ssh login's on the Solaris machines.
0
Hi, I'm wondering if someone can help me. I've spent hours researching but cannot find a clear answer.

I've configured an SPF record on my public DNS server.  v=spf1 mx a -all

I'm confident the SPF record is configured properly. The SPF check fails when trying to send to my gmail from a valid internal email using this external mail server: https://emkei.cz/

Where I'm confused is when I try and send to a valid internal address from a valid internal address using the above mentioned external mail server. This server is not permitted to send on behalf of my domain so why are the messages still getting in?

I'm running Exchange 2010 and the header of the email has this:
Received-SPF: None (myserver.mydomain.local: validaddress@mydomain.com does not
 designate permitted sender hosts)

Why isn't my exchange server checking it's own domain's SPF record? Thanks in advance!
0
We moved DNS from a retired 2003 server to another server.  But we left both up for a while to make sure everything came across to the 2012 server.  I have been hearing some users mention particular web sites not coming up.  One user earlier today couldn't get anything on the web to come up so I did a release, renew and flushdns and she was fine.

After looking at reports I see errors saying none of the IP addresses that are being used are registered.  The attached file shows current entries but only for the DHCP scope.

The person who disabled the retired server did his work over the phone.  I think he or we missed something.

I've attached a partial screen capture of the zone we use.  I came onsite long after some changes were made so I don't know if or when to clean up old name servers.  Any help would be appreciated.

DNS Zone Info
0
After connecting to network via VPN, I am able to access to resources by DNS name, but some resources I can access only with IP address not DNS name.  Any idea ?

Thanks!
0
I am having a serious issue routing our MVC 5 application to an external URL subdomain using our ISP GoDaddy.

I have several websites ASP.net, third party application that I host internally on IIS on a private server 192.168.*.* these applications are NAT in my firewall to public ip address on our comcast network 50.202.*.*. We host our domain at GOdaddy and were able to route the NATed ip to subdomain webpage.mydomain.com....we have been using this technique for years and we resolve external url's using subdomain.mydomain.com.  On our internal dns I have webserver 192.168.*.* A record to www so we are able to route internally www.mydomain.com/webpage. The issue I am having is with the MVC 5 application which is published to the same web server I am able to access internally www.mydomain.com/webpage but we cannot access externally webpage.mydomain.com we can only access by      
http://publicipaddress/webpage.

I have the same NAT because it is on the same webserver/IIS, I setup the subdomain in Godaddy and the http://publicipaddress/webpage works for MVC application but, not the webpage.mydomain.com. I have been working with the programmer and verified all IIS settings, I verified DNS settings with GoDaddy technician, but my programmer is still only using the default rout in the MVC application. Everything I have read so far which there are multiple ways of doing this says we need to add the webpage.mydomain.com into the MVC application routing table. Is there anyone …
0
I have an internal web server (called: serverhostname) with 1 site that has been assigned 2 wildcard SSL certificates. the site has 2 IP's attached

1st certificate (*.*.mycompany.com) is for external access. This works fine and the www name is fairly short and easy to remember

2nd certificate (*.*.ny.mycompany.com) is for internal access. This works fine and loads in any browser.

The issue I have is that the URL for internal access is to long and complicated as it uses the FQDN of the server that's hosting the site. The entire URL is serverhostname.ny.mycompany.com. I like to shorten it down so it's easier to remember. I tried using a CNAME alias  but I can't get it to resolve correctly.

I created a CNAME called staff with FQDN as staff.ny.mycompany.com pointed to the FQDN of the target host serverhostname.ny.mycompany.com. When I try to load the URL using the CNAME alias, I get the following error

staff.ny.mycompany.com uses an invalid security certificate. The certificate is only valid for the following names: *.mycompany.com, mycompany.com Error code: SSL_ERROR_BAD_CERT_DOMAIN

I pinged the CNAME and found that it was resolving to the IP address associated with the external certificate. I can't the CNAME record to point to correct IP address
0
Mostly server 2008 R2 environment, mixed Physical and Virtual, all VMs are on ESXi hosts.  

Randomly and seemingly without pattern, my overnight backups to a NAS have been failing for 'bad path'.  When I check the path the next day, all is well.  However, I finally got to see this happen during the day on one server, and the backup NAS can be pinged by name and IP, can access the interface over HTTP, but cannot be accessed via UNC from this server.  It can be accessed via UNC by other servers at the same time.  

I'm not seeing system or DNS log entries on the servers that correlate in any meaningful way.  And the backup device (ZyXEL NSA320) logs are minimal - no log entries at all since the last time I logged into it.   The router is a SonicWall TZ 205, and the logs on it don't seem to indicate a flood or routing problem at the affected times, but I'm having difficulty viewing them in browser and exporting them isn't working right (only exports whats displayed, not the selected duration).  Where should I go in my troubleshooting at this point?  

Something to note, there is an MPLS connection between this site and two others, and the other sites use services from this site (such as the mail server) but from different domains with their own DCs.  I wouldn't think this would have any affect, just want to lay out all the puzzle pieces.
0
Hello,
We have a network system that loadbalances 2 Vsat 15 Meg lines through a Draytek 2920 and uses a Microtic to get DNS from an ADSL line.
The purpose of this topography is to enable 30 or so PCs to operate on the network without overloading the hughes modem TCP connection limits.

The system worked well for a while but now we have periods of 5 - 10 minutes where no webbrosing can take place and we get timeouts.
The sessions in the Draytek rareley exceed 500 per Wan port so the Hughes (have a limit iof 512) should not be the issue here.
Please advise what I should be looking at on my browser and on the network to try and understand why the page loads are stalling.

My assumption is that this may be a DNS issue, I do however need assistance in using the right tools to diagnose the problem.
0
When using survey moneky our mails are going to everyones junk
Survey monkey support for free users is only by email and so far not very helpful

They have suggested this page

https://help.surveymonkey.com/articles/en_US/kb/What-are-the-IP-addresses-to-your-website-for-our-firewall-configurations

where is says this

SPF & DKIM Records

If you need to verify the authenticity of our emails, you can send the following links to your IT department.

SPF & DKIM Records
surveymonkey.com
smo.surveymonkey.com
research.net
go.surveymonkey.com
lr.outbound.surveymonkey.com
t.outbound.surveymonkey.com
hr.outbound.surveymonkey.com
m.outbound.surveymonkey.com
lr.surveymonkeyuser.com
hr.surveymonkeyuser.com

im not too clear what i need to add to my TXT record for the SPF, usually id expect to add something like include:servername.com

Can anyone advise me.

Thanks
0
Need someone to give a quote on fixing up a SBS 2011 Essentials install. We had a power surge that seemed to have toasted a drive that has since been replaced but in the process it seems there are now DNS issues, gpupdate fails and of utmost importance is the server backups seem to take forever and the client backups no longer work with it saying the service isn't started. I have dumped the server backup catalogue and the client computer backups in hopes that it was corrupt and this may have solved it but no luck. I think the server backup will run (albiet slowly) however the client backups won't.
0
I was working on a remote desktop via VPN when it paused and starting trying to reconnect.  I did a quick ping of the machine I was RDP'd into and it resolved to 198.105.254.17.  A few seconds later it was resolving properly again.  I looked up the IP and it showed it belonged to Search Guide.  Kinda concerned about the wrong resolution.  Running Server 2012, internal DNS's with forwarders to ISP. Anyone seen this, thoughts on where to begin ?
0

DNS

26K

Solutions

26K

Contributors

The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.