DNS

26K

Solutions

26K

Contributors

The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have a domain controller Windows 2012 R2 and Windows 2016 and I am trying to find out who added DNS A and CNAME records to the internal DNS zones.

Is there a way to accomplish that?

for example, user firstname.lastname added record "wrongdns" in zone "internal.company.com" ?
0
Trouble with accessing external hosted exchange, from new Windows Server 2019 Domain.

We've got a new Windows Server 2019 Standard install

We've configured the internal domain as "ourdomain.com" We've got external hosted exchange with a smaller company setup as "ourdomain.com"

We've configured internal mx records, autodiscover, and spf records to mirror the external records.

We have used the same setup in Windows Server 2012 R2 and in Windows Server 2016, but in those cases, Office365 is the external exchange host.

Somehow, even though we have not configured IIS, a self-signed certificate from the new server, is what Outlook 2016/2019 detects. Even at external sites, that are not connected to the domain.
Exchange-01.JPG
Exchange-02.JPG
Exchange-04.JPG
Exchange-05.JPG
Exchange-06.JPG
Exchange-07.JPG
Exchange-08.JPG
Exchange-09.JPG
Exchange-10.JPG
Exchange-11.JPG
Exchange-12.JPG
Exchange-13.JPG
Exchange-14.JPG
Exchange-15.JPG
0
Hello everyone,


I have a Cisco ASA 5516 with two inside interfaces. One is for customer LAN and another is for a few branch offices connected via a router that is connected to the 2nd Inside interface (All those offices are in the same building connected by a FO backbone. Customer is going to replace an old ASA 5510 where almost the same config already works.  

LAN network is 192.168.0.0/24 connected to 1/3 on ASA

Branch Offices are connected to 192.168.2.0/24 connected to 1/4 on ASA
 
I want to be able to ping and have unrestricted traffic between them.

Currently I have a laptop connected to int 1/3 and another one connected to Int 1/4 but no ping.

Someone please help!

Here's the configuration

ASA Version 9.8(2)17
!
hostname ASAFCHFW
domain-name mydomain.com
enable password $sha512$5000$pt2nRGQbSXA8K3vdow+Ztg==$kGNfDJREqQCQ+jO7m0bxmQ== pbkdf2
names
no mac-address auto

!
interface GigabitEthernet1/1
nameif Outside
security-level 0
ip address x.x.x.131 255.255.255.240
!
interface GigabitEthernet1/2
nameif DMZ
security-level 10
ip address 172.16.31.1 255.255.255.240
!
interface GigabitEthernet1/3
nameif Inside
security-level 100
ip address 192.168.0.2 255.255.255.0
!
interface GigabitEthernet1/4
nameif Branch_Office
security-level 100
ip address 192.168.2.1 255.255.255.0
!
interface GigabitEthernet1/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/6
shutdown
no nameif
no …
0
I need assistance with a DNS and MX Records issue.  I setup setup a new company I am hosting but the are not receiving any emails. They were using mailenable but they are now on my Exchange server.  I am using hosting controller as the front end.

One of the email addresses are receptionist@pyrosealant.com
0
All,
We are planning an upgrade from 2008 R2 domain/forest to 2012 R2. Deploying 2016 DC's but keeping it down a level due to 3rd party app limitations. Our network guy wants to break out DNS onto separate servers. We can't achieve this because our DNS is AD integrated and I don't want a secondary zone as RO. I've spun up 2 new DC's and would like to have the network team use them for DNS specifically. Has anyone, or advice, on how to deny authentication to these DC's so we can rely on them for DNS only? Remove from Sites and Services? Group Policy settings? Any help is greatly appreciated. Thanks!
0
I am new to learning computers, but I needto learn as much as I can and one of the areas that's been most difficult has been networks. I have an HP DeskTop computer and a Lenovo ThinkPad, both of which I use and also two Android phones. All of these things live with me in my small room. The network is set up via wireless adapter from my desktop and the entire building is seriviced by a broadband internet connection. This is kind of a hotel with some guests like myself staying for a prolonged period of time, so I often see a lot of people online and sometimes on my network. I want to make my own safe network with VPN and Firewalls and DNS and proxy... as much as I can do to stay invisable to prying eyes.
0
I have an MVC 5 project where I have local processing RDLC reports using report viewer 14. For some reason I have a report that is called and after about 1 minute and 40 seconds and my site says that "No data was heard from..." in Chrome, and in IE it thinks there is a DNS problem after that 1 minute and 40 seconds. I have confirmed the SQL Query running in just a second. I am thinking that the biggest time factor is I am using a Matrix in my report.

I guess I would like to know how to extend my timeout. I have had other stored procedures that take a long time to run and I used the below reference and it fixed that. But I do not know how to fix this problem.

https://www.codeproject.com/Questions/238245/Dataset-xsd-Timeout-Problem
0
Hello -

I'm trying to figure out if our email delivery measures are set up correctly.

We use Office365. With that being said, is it necessary to add our public IP address into the SPF record? Would it help with anything or it's enough to add "v=spf1 include:spf.protection.outlook.com"

Second,

When emails are sent internally, analyzing the 'header', it says dkim=none (message not signed), dmarc=none. Is this normal? I do see the correct info when sending to external address, though.

Thank you for your help!
0
Recently we implemented proxy server and our domain joined workstations are configured to use the proxy through GPO.  We have disabled the option to change proxy for all.  There are laptops which are domain joined; when they connect outside our domain still the proxy option is checked.  We are looking for a solution to handle this situation automatically; without having the user to manually check/uncheck the option for the proxy.  I was looking at proxy.pac and seems there are some limitations to it and chrome does not work well with these settings in place.  can anyone suggest how can i overcome this.

Regards.
0
AD-tpology-converted-merged.pdfDear Experts,
Hope u are doing well, I need your suggestions, I am facing the issue of Exchange server losses the internet connection(Image is in attachment) and down time observed. Mr. Mahesh helped me and We found lookback IP was added as an alternative DNS in exchange server. So I removed it. And I assume the problem is solved. But again I have observed  exchange server down time same as before...Therefore I did troubleshoot and I found the same alternative DNS lookback ip as in Exchange server, 127.0.0.1 was added as an alternative DNS in my Domain controller, I dont understand what is the actually problem? Is the AD server alternative DNS and Exchange server alternative DNS was creating this problem together.
Can you please advice me on this issue?
Now I have removed lookback IP from both exchange and DC, So can I assume it will not looses its conenctivity with DC?

Please review the AD and Exchange pics.
MAny Thanks
0
unable to get DNS service up and running.

[root@dns01 named]# systemctl restart named
Job for named.service failed because the control process exited with error code. See "systemctl status named.service" and "journalctl -xe" for details.
[root@dns01 named]# journalctl -xe
-- Unit named-setup-rndc.service has begun starting up.
Mar 16 21:02:23 dns01.cioft.com systemd[1]: Started Generate rndc key for BIND (DNS).
-- Subject: Unit named-setup-rndc.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit named-setup-rndc.service has finished starting up.
--
-- The start-up result is done.
Mar 16 21:02:23 dns01.cioft.com systemd[1]: Starting Berkeley Internet Name Domain (DNS)...
-- Subject: Unit named.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit named.service has begun starting up.
Mar 16 21:02:24 dns01.cioft.com bash[11622]: cioft.com.lan:9: unknown RR type 'define'
Mar 16 21:02:24 dns01.cioft.com bash[11622]: cioft.com.lan:11: unknown RR type 'internal'
Mar 16 21:02:24 dns01.cioft.com bash[11622]: cioft.com.lan:12: #.cioft.com: bad owner name (check-names)
Mar 16 21:02:24 dns01.cioft.com bash[11622]: cioft.com.lan:13: unknown RR type 'define'
Mar 16 21:02:24 dns01.cioft.com bash[11622]: cioft.com.lan:14: #.cioft.com: bad owner name (check-names)
Mar 16 21:02:24 dns01.cioft.com …
0
On SBS 2011, I'm not able to connect to the DNS Server and getting the "Access was denied. Would you like to add it anyway?" message. I'm also seeing errors 4000 and (mostly) 4015 in the DNS event logs.

I've already tried running netdom pswreset, which executed successfully but have didn't solve the issue.

I've also tried seizing FSMO roles (which also completely successfully) but to no avail. It looks as though DNS and Active Directory have lost trust with one another, but I'm running out of troubleshooting ideas. Let me know if there's additional information that I can provide.
0
I created a new site and built a domain controller there called DC3. I built another new server at the site and added the new dc as a dns server. When I ping the domain name it returns the IP of either DC1 or DC2 (after ipconfig /flushdns). "nslookup domain.com DC3" also returns just the first two dc's. What am I missing?
0
I have a Bind installation setup on CentOS7 which is receiving slave files from a master server via RNDC.  Everything is working, however each slave file which is created is done so in the /var/named directory.  I would prefer they get kept in the /var/named/slaves directory.  Is there an easy way to change my named.conf file so that slaves are stored in a different directory than the /var/named?
0
We have branch office with 10 computers. The main office has 60 computers. We have two DC's on main site running 2016. We had a domain controller in branch office running 2008 and we have now removed it. We had a lot of issues with not replicating and dsn issues when that was around. I am not sure if these things happend becuase of replication issues and curruption in AD due to bad internet connection. We have done without out it and now issues so far. We have pointed primery and secondary DNS to main site DC's. The only issue is that if the main site has an internet issue, then the branch office would not be able to get online since the both DNS is pointing to the main site. I don't want to put in a DNS server that is none domain on the branch site as I know that will create issue even if its the secondary. Please let me know what you think.
0
Lately we have been dealing with increasing amounts of workstations and servers that are losing trust relationship with our domain. Our Functional Forest level is Server 2012, and all of the affected machines range from Windows Server 2008 to Windows Server 2016, as well as Windows 10 on the workstations. I know that the Computer Machine Password gets reset every 30 days, but I have deployed a computer to a new user ( no image used to create the PC, it was a barebones windows install with the whole setup done manually) and within 1 week of that user starting, she received a domain trust relationship error. This recently happened to our Exchange server which is Server 2008 and the Reset-ComputerMachinePassword command did not work and we had to remove and re-add to the domain, so part of me thinks that it is the machine password and part of me thinks its an issue with some other networking component. We have three sites and so far the main site that I am located in is the only one to have these types of trust relationship issues. When speaking with Microsoft they said it is because the machine cannot find the domain controller, but they gave no evidence or a process to follow to try and pinpoint why this is the case. Is anyone else dealing with a similar issue?
1
SBS 2011  ---  AD (--> DNS / Exchange) ...

Kinda looks like a bad/corrupted password to access the AD??

Microsoft Baseline Analyser results are a mess!  (see attached xml)

Full story:

About a month ago rekeyed the public cert (was only using 1 domain of SAN upgraded to accommodate AcitiveSync - new mobile worker coming onboard).
Cert didn't import properly - had to manually bind to IMAP (used by an internal Mac user).  Probably irrelevant.

Ran Windows BPA at that time and fixed a few things up, applied updates etc - **looked generally ok** - a few warnings AD/DNS/Exchange all working well.  Few issues I could live with were left unattended (Sharepoint, Windows SBS Manager & SQL - none of which are used) .

Purchased and installed a new Pulbic Certificate (old one was running out).

Server failed to import a new public certificate (godaddy - may have done something wrong in the import process?  I didn't import the intermediate certificate first - would that be an issue?)   Wasn't stressed by this (have seen this before), so...

I did a couple of updates (normal security rollups etc, since uninstalled to no effect) and rebooted the machine.  

*****Problems were after reboot.

Noticed Exchange issues first (EMC wouldn't open).  MS Exchange Address Book and Information Store stuck in 'Starting' state.    IMAP4, EdgeSync, Forms-Based Authentication not started.

Lots of Exchange Events - seem to stem from not being able to talk to AD.

** DNS …
0
We are experiencing a problem with a particular Windows 10 laptop computer on our network.  When traveling and using wireless networks, everything is fine.  However, when the user of the laptop tries to log into the office domain network (wired Ethernet, Windows Server Essentials Login error message.2102 R2), the mapped drives to the server are often marked with red Xs and the user receives this message:

"The system cannot contact a domain controller to service the authentication requests.  Please try again later."

No one else has complained of this problem, although most of the workstations on the network use Windows 7, if that could be a factor.  Also, with the problem Win 10 laptop, the server does not show up at all under "Network" in Explorer.  With the Windows 7 machines, it does.  Network discovery is activated on the server.  However, on the Win 10 workstation, the default "Shared Folders" desktop icon works in that it is possible to open and save files on the server from the workstation.

Thanks very much for any suggestions or assistance anyone can offer.
0
I have 2 dns servers on our network
server13
       windows server 2008 R2
server18
       windows server 2008 R2

server13 is our primary dns server and everything is working normally
   
server18 has the following problem

1. PING www.google.com works normally = 216.239.38.120
2. nslookup www.google.com 208.67.220.220 works normally
3. nslookup www.google.com returns

          Server:  server18.jbcnet.loc
Address:  10.10.40.25

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to server18.jbcnet.loc timed-out

4. forwarders are
       8.8.8.8
       8.8.4.4
       local isp dns
       local isp dns # 2

5. root hints are enabled and working

6. it has a static ip address pointing to itself as the primary dns
7. it also points to server13 as its secondary dns address



nslookup degug out follows


Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.


Default Server:  server18.jbcnet.loc
Address:  10.10.40.25

> set debug
www.google.com
Server:  server18.jbcnet.loc
Address:  10.10.40.25

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NXDOMAIN
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        www.google.com.jbcnet.loc, type = A, class = IN
    …
0
I read somewhere that you could do the following hybrid deployment.

1) Two dedicated Exchange 2016 "hybrid servers" that are F5 load balanced

2) Create a new namespace called hybrid.contoso.com. (Why would we need a new namespace?)

3) Create internal and external DNS A record for hybrid.contoso.com (same IP addresses?)

4) Publish hybrid.contoso.com through the F5 load balancer. (Is this done on the external F5 or both the internal and external F5. We also have BlueCoat device)

4) Point the existing autodiscover record to hybrid.contoso.com (external). (Again why would we do this? Will that mean clients need to be re-configured?). Can we just use a CNAME to redirect autodiscover to hybrid?

5) Point the existing EWS services to hybrid.contoso.com (external). (I supposed this is used for mailbox migration path?)

6) Create two A records called smtp1.contoso.com and smtp2.contoso.com and configure send and receive connectors in Exchange online to send contoso.com mails to these smart host addresses. (I don't know why this is needed cause we are enabling centralised transport and I though this would be created automatically)

Thank you.
0
i installed Cisco Umbrella Roaming client and now i am unable to access my internal sites

all home users are unable to access internal site once they connect to VPN, for VPN we use Cisco Anyconnect

after i uninstall Cisco Umbrella roaming client i can access

please help
0
I have a few questions about Office 365 migration best practices:

1) if we use an existing mailbox server as the hybrid server. Will this mean only one server in the org is the hybrid server?
2) Do you only get one "hybrid" licence for running the HCW?
3) Is the mailbox migration route the same as the email flow route?
4) Does a migration endpoint require a a) SSL certificate b) public DNS record c) internet facing
5) Someone suggested 'NATing EXO and EOL' directly to bypass 3rd party devices between EOL and EXO, How can this be done?
6) We have an existing F5 load balancer for external email and internal email. Will this cause any issue during a migration?

Thanks
0
We are investigating the option of implementing an SPF record for our email environment. Due to it being a DNS specific record, I was wondering if there are any capabilities to monitor email that is blocked as a result of implementing the SPF record?

For example:
Scenario 1 - We want to see the email that is actually being blocked/spoofed
Scenario 2 - We implemented the SPF record, and we missed one legit IP. We want to be able to monitor if we miss a critical email from a customer/vendor.

Are there options/tools to monitor SPF records?
0
Hi

We are using Exchange 2013 and we have 2 sites (office and DR site) .Each site got 1CAS and 1 Mailbox.

Recently after some changes in management, the new management would like to change the domain name from mail.olddomain.com to mail.newdomain.com.

Basically management wants to change everything to newdomain.com/ newdomain.local for Outlook/ OWA and mobile access.

For above requirement, do we need to setup new Exchange environment and do mailboxes migration from existing server to new server with new domain?
Or we can just unjoin from old domain and join to new domain? What should be proper plan to follow?

Thanks
Rgds
BMT
0
First of all I apologize for the inconvenience, I would be happy if you found the time to answer me.
I have a problem in CURL, complicated: the time: starttransfer_time: 10s +
and redirect_time: 10s +

Local:
- with easyphp (php version 5.5.8) the total time does not exceed one second. (no problem)
- locally on a vmware: debian 9 and php 7.0 (no problem too)

On the server:
on a dedicated server debian 9 php 7.0: starttransfer_time = 10 s +
on a debian 8 php 5.6 dedicated server: starttransfer_time = 10 s +

On a shared hosting 1and1:
(php 5.6 (no problem the time does not exceed a second) but for a week, the problem happened starttransfer_time = 10 s)

that's why I changed the hosting to a dedicated server (but it does not solve the problem)
-------------------------------------------------- --------------------------
it's the same code (same algo)
I can not understand, locally everything works fine but on the server 10 s +,
i think this is not a problem related to the version of php or system, i think this is a problem related to network configuration or SSL or something in the data transport and hostname resolution .

 (NB: the server is very powerful compared to my local configuration,
in server: 4 core and 8GB RAM and the bandwidth: 1000 mb+ / s)
locally: 1GB RAM and 1 core: bandwidth: 8mb / s)

when i run in curl command line the page is load very quickly

My code in PHP CURL

		
                        curl_setopt($ch, 

Open in new window

0

DNS

26K

Solutions

26K

Contributors

The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.