DNS

26K

Solutions

26K

Contributors

The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.

Share tech news, updates, or what's on your mind.

Sign up to Post

Environment:
Exchange Online, Federated O365
Goal:
Create a transport rule that tags all external emails as external to raise awareness in users. EXCEPT FOR...domains where we have added their DKIM entries to our DNS

So...here is what I have.
*Apply this rule if...
The sender is located...
"Outside the organization"
and
The recipient is located...
"Inside the organization" (Both entries may not be necessary, but I've fallen to just adding additional rules to try to get it to work)
*Do the following...
Prepend the disclaimer...
"External email, do not open attachments or click links from unknown senders, or in unexpected emails from known senders"
Except if...
A message header matches...
'Authentication-Results' header matches
dkim=pass (signature was verified) header.d=company.com
Match sender address in message:
Header or envelope

What I get back from this is 100% External tagging, even when the DKIM value is valid. Is this not possible?  Poor syntax? I did try dkim=pass only, and it didn't make a difference. I also want to make sure our company name is included.

Any help, thanks.
0
we have a pc that keeps changing the dns address's on the network card.
It should be set to obtain, but randomly changes it to use the following 8.8.8.8 and 8.8.4.4. where as it should be getting the internal server IP from the dhcp server.

I have scanned it for malware and virus using avast business and malwarebytes.
I've looked for startup items and scheduled scripts. nothing
also updated network card drivers

windows 10 pro - fully updated

any recommendations ?
0
I have 2 domain controllers (Windows 2003 Server and Windows 2016 Server) Active directory was working Ok for about 90 days, then suddenly I started getting errors that replication failed. Also, I receive an error "The RPC server is unavailable. This condition may be caused by DNS lookup problem."

I tried to add another Windows server 2016 as an additional domain controller and received the following errors:
1. The Windows server 2003 functional level is deprecated.
2. The file replication service FRS is deprecated. To continue replicating the SYSVOL folder, you should migrate to DFS Replication by using the DFSRMIG command.
3. RID Master "server name" is offline


Please help!!!
0
I published Exchange server via a firewall .We have an MX record and PTR record in our host dns.
The problem is when we send to anybody.the email will looks like that we send it from the firewall IP not the exchange published IP.and we  donot have PTR records for the firewall.some emails domain for some companies we do business with their firewall policies check for ptr record for the sender and when that happen it comes an error message at exchange 451 4.4.0 primary target ip address responded with 554 5.7.1 delivery not authorised(reverse dns record missing attempted failover to alternate host but that did not succeeds either there are no alternate hosts or delivery failed to all alternate hosts) .I donot want to mess with NAT at the firewall.
My question .can i solve this from DNS .our DNS on hostgator.com.And is it possible to have two PTR Record for the same MX record fqdn.
2
We would like to introduce the second IP for SMTP traffics in external DNS(Godaddy). The new IP address will be from a second ISP, so if ISP one link goes down the second ISP will take over and the external users will not feel the delay in their e-mail communication. My question is to understand that: Does Godaddy/or any other  DNS server has the ability to do a health check if suppose the SMTP1 is not reachable, the DNS will forward all traffic to the available/reachable IP address(SMTP2)?
0
I have a problem with my Exchange server ( Exchange 2010 installed on windows server 2008) .the problem is that I cannot send Emails to some domains.these messages on the Queue messages with this error message (451 4.4.0 primary target ip address responded with 554 5.7.1 delivery not authorised(reverse dns record missing attempted failover to alternate host but that did not succeeds either there are no alternate hosts or delivery failed to all alternate hosts) .
my dns server is forwarding queries to my ISP DNS server.and my exchange use my dns for send connectors.
I nslookup these domains and it resolves fine.but when I send to them via telnet it gives me an error message ( 550 5.7.1 unable to relay )
0
Hi guys,
Just a general question on website hosting and registering.

I know it’s 2 sepeRate parts. Website registered with one person and hosted in another place.

Where can I find my dns management console ? Will it be with register or hosting side ?
And when I look for name servers, I points to Microssoft name servers. Does it mean it’s Microsoft hosting my website ?
0
Hi,

I have set up a new BigCommerce store, which is live and operating fine. However, I am having trouble setting up the third party email on the clients domain name and email hosting.

Mail can be sent from the domains webmail but can't be received. I am getting this message when sending to:

all relevant MX records point to non-existent hosts

Any help would be appreciated.
0
I am a jack of all trades master of none admin....We are using G-Suite within Google Admin to peel off some marketing CRM email accounts for analytics and our MX records are pointed at their DNS. I am using Office 365 Administration Microsoft EOP and running a hybrid environment with mostly On Prem Exchange 2013 mailboxes. My problem is that my SPF and DMARC are not setup the way Microsoft says is best practice and we are getting spoofed addresses bypassing EOP into our domain because supposedly the MX is not pointed 1st or only to mail.protection.domain. I am trying to accommodate everyone but not sure how to make sure we are protected 1st before our gmail using CRM marketing side.
0
Dear experts,

I have below Active Directory environment.

2 root Win2016 DCs "company.local"
2 child Win2016 DCs "test.company.local"
FFL&DFL: 2012R2
Platform: VMware 6.5

Recently I have added a RODC (physical server) to place it in one of our branches.
Pre-creation of RODC and its promotion went well except one message "DNS cannot be installed on this domain controller because this domain does not host DNS".
I just went on as I thought I could simply add the role expecting an automatic replication.

After above, DNS zones were not replicated so I checked the event viewer and found 4513 and 4514 errors like below:

Event ID: 4513
User: SYSTEM
COmputer: rodc.test.company.local
Description:
The DNS server detected that it is not enlisted in the replication scope of the directory partition ForestDnsZones.company.local. This prevents the zones that should be replicated to all DNS servers in the test.company.local forest from replicating to this DNS server.
 
To create or repair the forest-wide DNS directory partition, open the the DNS  console. Right-click the applicable DNS server, and then click 'Create Default Application Directory Partitions'. Follow the instructions to create the default DNS application directory partitions. For more information, see 'To create the default DNS application directory partitions' in Help and Support.
 
The error was 5.

I opened up the DNS console on rodc.test.company.local and tried to follow the above instruction…
0
We have a couple of spare servers that want to offer them for hosting. they've both got WHM Cpanel installed, our main server which is the one where the new "hosting" company will be is www.x.com,

the two servers are host1.x.com and host2.x.com, do we need to create name servers for each host1.x.com and host2.x.com so that our clients simply point their domains to ns1host1.x.com and ns2host2.x.com when we create their account on cpanel on host1.x.com?
0
I have some new VoIP phones and for some reason they will not configure on my clients network, when i took them home they work perfectly. I tried Wiresharking on a hub to capture the traffic, however i am at a loss as to what it means of what is causing the issue. The DNS is our Win2012R2 server and this then forwards on to the public Google servers.
wireshark-capture.png
0
Trying to rid ourselves of the RDP Security Warnings when connecting to load balanced Hyper V Failover RDS Cluster.
"The identity of the remote computer cannot be verified."
"The certificate is not from a trusted certifying authority"
And we are using round robin DNS so sometimes you will get a second occurrence of the above message but from a different server.

I have a load balanced 2012 RDS host farm with two collections (one to farm1 for security Group x and one to farm2 for security group y) with two 2016 HA Connection Brokers/Licensing servers. No gateway server. Typical RDP is used to connect from PC one the two farms. The farms are internal - meaning no outside public access. The PC/devices that will RDP to the farm connect through site to site VPN tunnels and CISCO AnyConnect Agents but are not a part of the domain the farms reside in. The internal domain the farms are on for example is domain.net. The DNS entry for farm1 say is farm1.domain.net and for farm2 is - ready?...... farm2.domain.net

That is what end users will RDP to with farm1.domain.net entered in their internal DNS to round robin resolve to the hosts in that farm and same thing for users for farm2.

I see a lot of walk through on certs but since this isn't externally accessible but the clients are not on the same domain the farms are on - not sure how to handle.
0
Hi Team,
I have a project that involves moving my secondary domain controller to a cloud environment on a different not-NATed subnet. Unfortunately, in the process of doing a bare metal copy using VEEAM Agent, my DC02 came up malfunctioning, As a result of tweaking and ruminating it seemed easier to just bring the local copy of DC02 back online. My plan now is to just build a new third domain controller (DC03) and decommission the second one. My post is mostly for the sake of gathering thoughts, advice, and little-known information when it comes to setting up a new DC as this will be my first rodeo.

My current setup (IP addresses are used as an example):
DC01 (192.168.10.100) - Primary DC (AD, DNS, DHCP, Certs) on 2008 r2 on a physical device.
DC02 (192.168.10.101) - Secondary replicated AD and DNS on 2008 r2 in vSphere on an ESXi host.
DC03 (192.168.20.103) - My third DC will be built in a vCloud Director environment, likely running Server 2012 or 2016. This device will also be in a different subnet, Routes have already been established and the machines that are currently there all work correctly with the devices in my local subnet.

Are there any issues replicating AD and DNS from 2008 r2 to 2012 or 2016? Would I be better off just building a 2008 r2 machine in my VCD environment, or perhaps upgrading my primary from 2008 r2 to 2012 or 2016?

What is the industry standard for setting up and configuring a third DC and then decommissioning the secondary, such as in…
0
It appears once again that i am playing the nonstop error game trying to migrate FSMO roles from 2012 to 2016. The site has an existing 2012 DC and I have spun up a new 2016 server to replace it.

I followed this doc https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/upgrade-domain-controllers
Step 10 is where i ran into my first issue. Domain could not be contacted or similar. I have been playing with this for 4 hours now and I cant remember all the hoops i have had to jumped through but this is my best recollection. After making sure both servers NIC DNS settings were good AND running
Set-ADComputer -Identity NewServerName -DNSHostName $null

Open in new window

then
Set-ADComputer -Identity NewServerName -DNSHostName NewServerName.domain.local

Open in new window

I was able to get past this point.

Step 11 looks correct as per the details provided in the doc.

Now, its time to demote the existing DC, sweet! Since the doc now sends me elsewhere I have a better docs that also goes though the demoting process without chasing URL's.
https://blogs.technet.microsoft.com/canitpro/2017/05/24/step-by-step-migrating-active-directory-fsmo-roles-from-windows-server-2012-r2-to-2016/

Starting from "Migrate FSMO Roles to windows server 2016 AD" I checked using
netdom query fsmo

Open in new window

that both the new and old DC showed the new DC as the current owner of all FSMO roles. I moved onto demoting the old DC "Uninstalling AD role from windows server 2012 R2".

Running
Uninstall-ADDSDomainController -DemoteOperationMasterRole -RemoveApplicationPartition

Open in new window

0
I have configured smartermail on Virtual Machine and error what i am receiving is reverse dns is not configured. How to configure reverse dns on azure Portal or is any other alternate way is there?
0
Our Microsoft Exchange Server 2010 is for some reason using the highest number priority MX record before it uses the lowest number.  It continues to have problems sending out emails and the logs are showing its using the highest numbered record.  The problem with several of the domains we send email to is their highest number priority records

My interim fix has been entering a separate send connector for each of the domains have the problem.  I specify the send connector just for that email domain, and instead of using DNS lookup I enter the FQDN of the lowest priority number MX record into the Smart Host area.

Have had to do this for 3 domains now that have high priority number MX records pointing to mail servers that are not responsive.
0
Hi Experts

I'm doing DNS migration from one provider to another and I know @ refers to root domain.

I see an - A record that states as * too.

1What does * refers to in DNS record? I have attached screenshot.
There are two * records.
1 is * that pointing to IP address as shown above and the other is *.domain.com that also pointing to same IP.

Thanks
0
Hi

My redhat (guest OS) having issue for not able to resolve the hostname like google.com but able to ping 8.8.8.8.

I didn't do anything at all just to ensure that it can ping Google first and my network subnet like 192.168.1.0/24 when my redhat added a NAT Network adapter without issue.

After that I connect my fortinet vpn client thr IPSec and still can ping and resolve my private cloud thr hostname.

Next day I do the same thing like connect to my iPad 4G network to my Hp laptop wifi.

Can ping and resolved on my hp laptop even being connected to vpn.

The guest os redhat from virtualbox on nat can ping 8.8.8.8 but not able to resolve now.

Why yesterday can and today can't without changing anything?

Thanks.
0
We are frequently receiving Netlogon 5774 error on our windows 2012 r2. Due to this we are loosing Internet connectivity and also speed is drastically come down from 20mbps to 5mbps.
We donot have any AD server. Its a plain static IP server with leased line and configured via Juniper Firewall.
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'ABCSERVER.COM.' failed.  These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).  

Possible causes of failure include:  
- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers
- Specified preferred and alternate DNS servers are not running
- DNS server(s) primary for the records to be registered is not running
- Preferred or alternate DNS servers are configured with wrong root hints
- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration  

USER ACTION  
Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt on the domain controller or by restarting Net Logon service on the domain controller.
0
I am not able to start my VM on the host ESX i 3.5
I am able to browse the host though web browser and able to log in locally but not able to connect through the Vsphere to get admin control
Need to start a VM which is our DNS and Domain Controller.

i tired to run the VM in command prompt locally by using the command line and get this message
WHEN I TRIED TO TURN ON THE VMIT SAID,
POWERING ON VM:
(VIM.FAULT.InvalidState){
dynamicType= <unset>,
msg = "operation is not allowed.

Please help !!!
0
I get the following error when trying to access a server by Remote Desktop Connection from DomainE with an account from DomainH: "The specified domain does not exist or could not be contacted"
I want to specify that there is an outgoing trust relationship between DomainE and DomainH, so that every user from DomainH to have access to resources in DomainE.
The user has admin rights on the server from DomainE and this is happening for all the users in DomanH and all the servers in DomainE.
I don't get this error if I try to connect with a user from the same domain.
The trust is in place in both domains and DNS works properly in DomainE. Also I am able to resolve any host name from one domain to the other.
The DNS servers from the other domain are set as conditional forwarders on each of the mentioned domains and I've checked the DNS servers that are set to the NICs of the servers from DomainE.
The domain functional level is Windows Server 2008R2 and all the servers are using the same version of Windows. The users from the DomainH use Windows 10 to establish the RDP connection to the other domain.
I get no errors when I try to add users from DomainH to security groups in DomainE.

So could you please give me a solution to this problem?
0
HI 2 Organizations to merge into 1 o365 tenant.
I would like to use 1 Ad connect server (ours) to synch the 2 domains into the 1 tenant to allow the 2 disparate domains (both complete separate dns namespace)

Now both orgs are in separate tenants . AND both have hybrid exchange online.
Now Ive been told that as we "both" have hybrid exchange online - that we will be unable to merge into the 1 tenant.

I would like to know if this is true and why please
0
Our Active Directory domain says is contoso.com, and our cooperate URL is the same https://contoso.com. URL is publically hosted on AWS and has elastic FQDN, In order to make the URL accesible on internal Newtwork, IT team has created A CNAME record against Public FQDN, But DNS services don't let us create a CNAME with Blank Fields stating "A new record cannot be created. An alias (CNAME) record cannot be added to this DNS name. The DNS name contains records that are incompatible with the CNAME record".  

For now we have created a CNAME with www, with this we open the URL as www.contoso.com, but we want to open it without www internally.
0
Got 2012R2 server as  DNS
in event logs,for every 4 hours i am getting this "netlogon warning" - which says dynamic registration or deregistration of one or more DNS records failed with the following error.
No dns servers configured for local system.

why this warning keeps arrpearing for every4 hours, is it critical problem or can be ignored? , any help would be great.
i have also attached the error pic.

few more details
dns- its the same server ip
forwarders. - got google 8.8.8.8 and few open dns servers
0

DNS

26K

Solutions

26K

Contributors

The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.