The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.

Share tech news, updates, or what's on your mind.

Sign up to Post

My DC and Exchange server will not start properly because DNS is not available. When I open dns I get "Access Denied". From Powershell I get this result from Test-DnsServer:

Test-DnsServer : Failed to initiate Test-DnsServer operation on server SERVER
At line:1 char:1
+ Test-DnsServer
+ ~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (SERVER:root/Microsoft/Windows/DNS/PS_DnsServer) [Test-DnsServer],
    + FullyQualifiedErrorId : WIN32 5,Test-DnsServer

Open in new window

I have tried:
netdom pasw

Open in new window

, but get an internal error occured. I had stopped the KDC

Test-ComputerSecureChannel -repair

Open in new window

gives this result:
 "The server is unwilling to process the request. (Exception from HRESULT: 0x80072035)"

Error 4000 and 4007 in the event log

got a sbs2011 server. which has active directory in it. and also acts as dns and dhcp
often in event viewer, getting this error -  5782(netlogon errror)
attached pic of it
any ideas to solve it?
netlogon-errors.PNGipconfig -
ip add-

forwarders- and
I'm using IIS version 10.0.17763.10. I have configured the reporting site in
This reporting site is working in a local network. Instead of giving IP address  ( or Localhost , I would like to use a name for the site like http://crmreport:3456
I have changed in the site bindings but it did not work. Please see the screenshot below.
website name
After that, I have changed the settings in HTTP Redirect, but that also did not work for me. Please see the screenshot below.
Please let me know in local network how to rename site name instead of IP address or server Name.
iis redirect
Need to save the Response times for attached list of DNS url's  in output file as more readable manner . Currently I am getting output, but I want in the format with date, time and Milliseconds side by side without manual formatting) I am happy to use csv as well.

Below is the script that I use,

## The URI list to test
$URLListFile = "C:\Users\p783750\Desktop\DNS\URLList.txt" 
$URLList = Get-Content $URLListFile -ErrorAction SilentlyContinue
  $Result = @()
  Foreach ($Uri in $URLList) {
  ##$sw = [Diagnostics.Stopwatch]::StartNew()
  nslookup $Uri 
 ## $sw.stop()

Open in new window

Output I get is: ( I want the date, time and Milliseconds side by side without manual formatting)

Server:  UnKnown

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Name:    aviva.com

Days              : 0
Hours             : 0
Minutes           : 0
Seconds           : 4
Milliseconds      : 807
Ticks             : 48075261
TotalDays         : 5.56426631944444E-05
TotalHours        : 0.00133542391666667
TotalMinutes      : 0.080125435
TotalSeconds      : 4.8075261
TotalMilliseconds : 4807.5261

Server:  UnKnown

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Name:    nab.com

Days              : 0
Hours             : 0
Minutes           : 0

Open in new window

I had this question after viewing How to Script NSLOOKUP Requests to an Output File?.

Hi I need to capture the response times for the DNS Lookup urls. Currently with the below script, I am only getting Date, Time, IP and Name of the Domain. I would appreciate if you can update the below script for getting the Response time as well.

setlocal enabledelayedexpansion
cd /d %~dp0
set server=
set csv=%~n0.csv
set timeout=10
set retry=3
echo FQDN Mass NSLOOKUP by Giovanni
if [%1]==[] (
      if not exist iplist.txt (
            echo Posted @ http://www.experts-exchange.com/editAnswer.jsp?comid=39142818
            echo useage: %0 [iplist.txt]
            echo         Where iplist.txt contains IP Address of each target, one per line.
            goto :eof
      ) else (
            set list=iplist.txt
) else (set list=%1)
if not exist !list! (echo IP Address list file [!list!] does not exist.&goto :eof)
for /f "tokens=*" %%a in (!list!) do (
      call :lookup %%a
if exist !csv! type !csv!
goto :eof

set fqdn=
set ip=
set /a c=0
for /f "skip=2 tokens=2 delims=:" %%i in ('nslookup "-timeout=!timeout!" "-retry=!retry!" %1 !server!') do (
      set val=%%i
      set /a c=!c!+1
      if not [!val!]==[UnKnown] (
            if [!c!]==[1] (
                  set fqdn=!val!
                  set fqdn=!fqdn: =!
                  echo Found %1 [!fqdn!]
            if [!c!]==[2] (
                  set ip=!val!
                  set ip=!ip: =!
I had this question after viewing Changing the primary domain dns name of this computer is failed.

Greetings Experts,

When attempting to join a Windows Server 2016 workstation to the domain, the "Welcome to <name> domain." message box popped up --> clicked OK, "waiting" cursor appeared and after 30 seconds received a notification windows: "Changing the Primary Domain DNS name of this computer to "" failed."
The server seemed to successfully join the domain after restart. A computer object was created in AD Computers, but DNS record was not created till about an hour later.

The server was configured with a static IP, pointing to both internal DNS DCs. Both DC1 and DC2 are running on Windows Server 2012 R2.

I've received several windows logs under Application in Event Viewer that domain join filed. (see images attached)

This server will act as a Windows Deployment Server and I am unable to start the WDSServer.

I have gut feeling, that something is going on on the DNS or AD. We only have one AD, no trusts.

Also worth to mention that we join our domain user mydmainname instead of mydomainname.com

Please advise.
Exchange 2010 SP3
i ad stumbled upon customer that has 3xCAS/HUB + 2x MBX and some configuration issues so trying to get everything resolved before any further migration....

Each of CAS servers has multiple IP addresses which all register itself into internal DNS
There is no CAS array created so each DB points to other CAS.
There is NO load balancer so they are manually changing the rule on FW to which CAS should the published DNS record be forwarded.

Public users (non domain) interminately have connection issues(authentication prompts), i presume the problem is with not having CAS array so when some CAS is unavailable Outlook doesn't know to resume the connection even though it "proxy" thru same public DNS record ?
Dear All

             i have made below bat file to client desktop, and found that 1 computer showing the wrong ip address after click on the bat file, the ip show the old DC & DNS server, any idea what goes wrong ? any idea to get it fix and showing the real computer ip address ?

@echo off
REM myip.bat
REM script to return just the IP address of the current host.
REM Works on Windows 2000 / Windows XP
FOR /F "usebackq tokens=2 delims= " %%i in (`nslookup %computername%`) do set myip=%%i
Echo IP Finder
ECHO -----------------------------------

ECHO My IP Address Is: %MYIP%
ECHO My Computer Name Is: %COMPUTERNAME% 
ECHO -----------------------------------

Open in new window

2 Recently installed HP elitebook laptops with windows 10.
Client has windows server 2012 which is the DNS server in their domain.
They have a Meraki access point, and when one of the laptops leaves the wifi network, it doesn't work on other wifi networks.
Upon investigation, the wireless adapter's properties had the IP address of their domain server in the TCP/IP properties under: use the following DNS server addresses:  instead of obtain automatically, as it should be.  We removed it and changed to obtain automatically, but every time she's in that network, it changes back.  
The other laptop does not have this issue.
I've never encountered this before, and not sure what is changing it or how to stop that behavior.
This question is also a piggyback on my newly asked question about:  SCCM clean up regarding clients showing up on DNS duplicate wise.


 The issue of DNS scavenging was brought up, but was shot down because of the affects it could have.  Also need some type of best practice resolution to this as well.  Preferably with some document links and solutions.
I am working on a DNS issue that we are experiencing on our SD-WAN as well as our SSL VPN connections. Domain computers are unable to register with DNS and receive an Event ID 8020 when trying. My MPLS sites, and anyone locally in our main site are able to register without any problem.

When I disable “Secure Only” DNS then they are able to register. But I want to use “Secure Only” for obvious reasons.

Anyone seen anything like this?
Hello, we have setup this Windows 2016 server which is also DNS and DHCP server for our network.

We have a remote site with a different network and there is a VPN between the sites.

We need to be able to resolve hostnames from the remote site, using the server in the main location as DNS server for the remote network too (not DHCP, only DNS).

We're having trouble doing this though. The VPN works perfectly if we use IPs, but we can't seem to resolve names of hosts in the main network using computers in the remote network.

For instance, I have a PC in the main network called firmfs. I can't reach it if I use \\firmfs though, I can only reach it using its IP address.

The router/firewall in the remote network is configured correctly though. It uses the main DNS as a DNS server and delivers it through DHCP.

So I was wondering if there is some setting in the DNS server itself which I don't know about, something telling the server to accept DNS requests from computers outside the domain's network.
I have never seen anything like this before. I am helping out a client and they are having intermittent connection issues. The event viewer shows in their SBS 2011 server shows constant logons and logoffs as if the users are being constantly kicked then re-authenticated. But here is the weirdest part. We can ping google.com, but not or

Typically it's the other way around pointing to a DNS issue, but why would be able to ping Google.com but not the IP address? It's this way on all of the domain computers. However, the SBS2011 server can ping just fine. I'm very confused by this one.
Hi All, i am battling with a  replication issue to a newly promoted DC, i made sure DCDIAG was 100% clear on main DC before i promoted the new server to the DC.

Everything during the DC promo went fine and server rebooted, logs on good and all looks well, but there is no Sysvol or Netlogon replication folders.

Checked DFS management on both servers and there are warnings that the initial replication is waiting

I have tried to force it from Sites & Services but nothing, DFS logs on both servers show log 5004

"The DFS Replication service successfully established an inbound connection with partner %severname% for replication group Domain System Volume"

And all the DNS logs look fine, the sysvol & netlogon will just not replicate to the new server, any assistance will be greatly appreciated

I am no expert on this but have replication elsewhere without issue, its like something is blocking the replication, tried turing off the firewalls but no luck

Main server and FSMO role holder is 2012R2, new server is 2019

Could it be the server Antivirus?

Any help please
I am running Lync 2013 with a single frontend server. I have all the DNS records properly created in the right zones.If I am connected externally with no VPN connected, I can sign in just fine. However if I connect the VPN, I cannot sign in. If I sign in before connecting via VPN, the connection to Lync stays up. Any idea what's going on? I have included my failed sign-in logs from a laptop:
1 Login: FAIL (hr = 0x1)
Executing wws method with windows auth auth, asyncContext=24D1A558,
 context: WebRequest context@ :654951288
  ExecutionComplete? :1
  Callback@ :26A64A7C
The server returned a trust fault: 'The request scope is invalid or unsupported'.
The fault reason was: 'The AppliesTo element of web ticket request points to a different web server or site.'.

.CLogonCredentialManager::QueryForSpecificCreds() Credential user 0x10B36540 id=15 querying for specific credentials, credSuccess=2, targetName=Microsoft_OC1:uri=dspahn@medcompnet.com:specific:LAD:1, upn=
1.1 ExecuteWithWindowsOrNoAuthInternal: FAIL (hr = 0x3d0000)
Executing wws method with windows auth auth, asyncContext=24D1A558,
 context: WebRequest context@ :654951288
  ExecutionComplete? :1
  Callback@ :26A64A7C
550 5.7.23 The message was rejected because of Sender Policy Framework violation -> 553 SPF (Sender Policy Framework) domain authentication;fail.
How might I solve this DNS issue?  We have a windows domain hosted in AWS - say xyz.com.  And we have our internal domain which is xyz.net. There is a secure tunnel between AWS and internal.  

The developers do not want to access the AWS servers using IP addresses. But there are many public IP address for xyz.com in Route 53.

If I set up a zone transfer from AWS to internal, then I think I will manually have to add all the public IP addresses. And that sounds like a recipe for trouble because they change fairly frequently.

Are there any better options?  The AWS servers the developers need access to have private IP addresses.
The dynamic registration of the DNS record '_ldap._tcp.Default-First-Site-Name._sites.contoso.com. 600 IN SRV 0 100 389 mail.contoso.com.' failed on the following DNS server:

This is an ongoing issue.  Server A started as the mail server, Server B as terminal server - Server A got crypto, so I made Server B the mail server while I formatted and reloaded Server A and installed exchange and moved everything to Server A - so both servers had AD and Server B was the GC - recently had to wipe out server B and reload - Server A gets the above message and at times we're having problems receiving mail.  there are references in DNS to Server B though it no longer has AD - how do I get rid of all the DNS records on Server A that reference Server B when it was the GC
We recently moved our Web site to a new server at a different IP address.  The web site can be viewed outside of our internal network by any device connected to the Internet.  However, when we try to reach the site from our internal network we get an error.  I have tried flushing DNS cache and that has not helped.  I do have an A record for www on our internal DNS server.  It has the correct IP address.  This is obviously a DNS issue but I don't know where the problem is.
I'm running a Windows network with SBS 2011 as the DC, though I've moved DNS and DHCP control to a VPN Firewall/Router.

Since I've done this, the server shuts down once a week.

I'm assumign this is because it's viewing the DHCP role on the router and a second DC and is having some kind of a trust crisis. Is there any way around this without moving DHCP back to the DC?

Thanks in advance.

We are migrating about 50 GB of data from cPanel to cPanel using the migration tool.
Our test was successful and all the data was in the destination folder. However, we would like to change the DNS now and I am sure that some data will not be in the new server while the transfer was happening and definitely during the DNS propagation.

cPanel technical support recommended me to use rsync to sync the data from the old to the new server.
I am only interested to sync emails, nothing else.

Is this a simple command? Or do I need to hire someone with network skills to do it without messing up the server with the original files?

Thank you all.
I have a VM network/distributed port group 192.168.21.x.1 which is tagged as VLAN 21

I have 2 servers in the VLAN 21 VM network. Both are able to resolve DNS address and access the internet (these 2 servers were added by someone else)

Recently I had to add a new server to the same VM network/Distributed port group and after adding it, the VM could not resolve DNS at all. If i move the server out of that network/port group into another one DNS resolution works again. DNS servers are listed and they are the correct DNS servers.

  • Can not resolve internal DNS server name but can ping internal DNS servers fine with no issues
  • Can reach/ping default gateway
  • Can ping servers/workstations on different subnets with no problem
  • Checked and windows firewall is not blocking DNS access
  • The server can ping internet addresses if I have the public IP. I can ping yahoo, google fine just fine
  • Tested with another server, same result.

I am at a lost right now to what it could be that is stopping DNS resolution when 2 other servers are fine.
Reinstalled Server 2008 R2 Standard  and joined to domain.   Workstations that reboot aren't being updated with the domain name resolution for our PITSQL server.    Ping'ing from the workstation that can't open our SQL app, is unsuccessful.   Workstation is running Windows 7 Pro, The Domain Controller is SBS2011.
We have a UTM Sophos XG 85. The client is having issues with the websites loading very slow. I put another router in all fine.

Any suggestions?

Hello All,

During the Team Center migration we had an issue where the DNS cache on all Domain.com forest DNS servers needed to be cleared as some were responding with the old IP address of the server that was moved (and is in the domain2.com domain). After testing it appears that the default TTL is set to one day. I am asking for opinions on what this should be set to going forward. Should we make it a global change or do it on a record by record basis depending on use case? Should we make it a low default until we get through are IP address reconfigurations?

If I look at the ad.Domain.com domain it looks as though the default TTL for the DNS record is one hour.

I fear this will be an issue for us going forward with the DC 2.0 migrations.






The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.