[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More







The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.

Share tech news, updates, or what's on your mind.

Sign up to Post

Good evening Experts,
I recently installed a server 2012 R2 Active Directory Domain at home ( test environment) , however, I am not able to join the domain with any of my test machines. I will summarize with screen shots and descriptions the steps I took to configure the domain and then make it ready for joining.

First here is a screen-shot of the domain and DNS:
Screen-shot of the system  information:
I am able to create accounts. users, groups, ou's and all the other features of a domain except joining. I will now show you a screen-shot of the DC's ip scheme.

I was able to join one of my machines to the domain:
Here is the ip setup of both the working machine and the non working machine.

 this is what happens when I try to join the domain from the other computer:
Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.

DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "CURETON.DENTAL.COM":

The query was for the SRV record for
Check Out How Miercom Evaluates Wi-Fi Security!
Check Out How Miercom Evaluates Wi-Fi Security!

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom on how WatchGuard's Wi-Fi security stacks up against the competition plus a LIVE demo!

We configured a Url redirect to an external blog provider in our external DNS service-like go daddy.

Our domain: company.com
Redirected name: newlink.company.com
Target address: blogprovider.com/newlink

The new name will resolve off our network (like from a cell phone) but not on network.

Internally we use Microsoft DNS configured with our ISP name servers as forwarders for name resolution.

Do we need to add any entries to our Microsoft DNS to get it to resolve correctly on network or just wait for the DNS changes to propagate through the internet and get to our forwarders?
I was setting up a second domain controller for a client yesterday and ran into a number of errors.  The SYSVOL and NETLOGON shares are not being shared.   I've tried a non-authoritative restore, restarting DFS and rebuilding the domain controller.

DCDIAG shows the following errors:

 Testing server: San_Leandro\UTILITY-OP
    Starting test: Advertising
       Warning: DsGetDcName returned information for \\utility.rjpdom.com,
       when we were trying to reach UTILITY-OP.
       ......................... UTILITY-OP failed test Advertising
    Test omitted by user request: CheckSecurityError
    Test omitted by user request: CutoffServers
    Starting test: FrsEvent
       * The File Replication Service Event log test
       There are warning or error events within the last 24 hours after the
       Group Policy problems.   Failing SYSVOL replication problems may cause
       An Warning Event occurred.  EventID: 0x800034C8
          Time Generated: 12/12/2018   15:15:29


   Replicating Directory Changes In Filtered Set

Although repadmin shows proper replication:

    San_Leandro\UTILITY via RPC
        DSA object GUID: 2a0602ef-2516-479d-8363-06b03b66b1a1
        Last attempt @ 2018-12-13 08:57:53 was successful.

    San_Leandro\UTILITY via RPC
        DSA …
site.local (now sitewithsplit.com) worked perfect earlier with SSO when it had a name from a local DNS server.

Now it’s been moved to DMZ (Internet IP), with a new name sitewithsplit.com. But it’s also accessible from the local net with a local IP. From the internal network sitewithsplit.com gets the internal IP. And from Internet it gets the public internet IP. This is from what I understand a spilt-dns configuration.

Should it be possible from the internal net (with an authenticated user) to use the integrated Windows Authentication (SSO)? And from outside not?

From what I’ve read, it should be possible to use the same SSO function (Integrated Windows Authentication) on sitewithsplit.com if it has a local IP. (Authenticated AD user on a Windows 10 computer running in local net).

sitewithsplit.com has been added to Trusted Sites in IE settings and Security Settings, Logon, select 'Automatic logon with current user name and password' is on. Before, it was in Intranet Zone.

Also, Settings > Internet Options.
Click the Advance tab.
Under the Security section enable the option for Enable Integrated Windows Authentication. Is on.

I test this in Internet Explorer and Edge. It should also work in Chrome.

When entering sitewithsplit.com it should automatically log in with an authenticated user with a machine connected to the local net. But I get prompted for username and password. So, my question is:

Is it possible to use Integrated Windows Authentication …
The user wants to get back a domain that they once had, but that now has a domain status of "Domain Status: pendingdelete"

We need advice on whether there is anything that can be done other than waiting in suspense every day to see if the domain has been released by the registrar and is 'back in circulation'.

The domain name is not a desirable name.  I doubt if there are dozens of people who want this name
I see from a whois that the Registrar is ENOM

I'd like to register it with DYN.COM
Can ENOM be contacted?
Can anything but waiting be done?

Shouldn't my Child domain AD Integrated DNS DC's have replicated copies of the parent Domain AD Integrated DNS Zones???

I am tasked with optimizing and fixing DNS in our company.  

We currently have the following AD infrastructure.  

DC's are 2012, and 2012R2

Domains Are:


when i check the DNS of the one of the child.parent.com dc's i dont see the zone parent.com in the forward lookup zones folder.

But from the Parent.com DC  i do see the child.parent.com zone.  

Replication is working correctly.  So this might be a stupid question but as i am looking through things, if the parent.com zone is AD integrated, shouldn't it replicate to the child.parent.com domain as well?
When I type my domain name (e.g. "example.com") into Safari on my iPhone, I am directed to the unsecured version (http://example.com).

Same behavior with Edge on desktop: if I type example.com in the URL bar, I am directed to the unsecured version.

On Chrome however if I type example.com https://www.example.com is loaded.

My site is hosted on Heroku with DNS by Google domains:

Heroku Config
Google Config

Open in new window

How do I ensure the encrypted version of the site is always loaded?
We have a site to site VPN setup between Site A and B using Sonicwall's.  Site A is the main site which also is setup with an SSLVPN.  The users need to access the SSLVPN from within the LAN as well because we have a bunch of RDP and VNC bookmark's that they use.  We have remote.domain.com:4433 setup for this SSLVPN access.  This works fine when outside of the network and when at Site B.  Site A would not connect because it was hairpinning.  Sonicwall support said we could not setup a hairpin NAT rule for the SSLVPN.  To get around this, I setup a DNS zone for domain.com and create an A host record within the local server DNS to point remote.domain.com to the LAN IP of the sonicwall.  Now Site A can access the SSLVPN portal page from within the LAN.  BUT, now site B cannot because that DNS record is forcing the connection over the site to site VPN which the Sonicwall does not allow.  Sonicwall support said there was no way to get it to work over the site to site VPN.  I know I could create RDP and VNC shortcuts for all remote users on their desktops, but that would be messy and much more difficult to maintain.  Does anyone have any tricks to get this to work?
We've got a Linux server which has been running as a mail server (Sendmail) for years

DNS listings for SPF, DKIM, DMARC and ADSP has been in use for the past 3 months with no issues.

For DKIM we're using OpenDKIM and two days ago we've installed OpenDMARC and are still in the testing phase (We're not sending reports at this time)


For the life of me I can't figure out what I'm missing

I'm trying to figure out how to get Sendmail via OpenDMARC to follow an established policy of a received email by Rejecting or quarantining a email (as specified) if the message alignment fails .
Hi guys,

I'm looking to be able to download a WhoIS database to do lookups against aruond 300 domain names we own. Our FD has asked me to do a WHOIS which to do for that many names manually is colossal. Do you guys know of a way to do this via a database download at all?

Thanks for helping
Why Diversity in Tech Matters
LVL 12
Why Diversity in Tech Matters

Kesha Williams, certified professional and software developer, explores the imbalance of diversity in the world of technology -- especially when it comes to hiring women. She showcases ways she's making a difference through the Colors of STEM program.


I have problem with DNS.
The remote users can not login to the domain (Pacific.local).
The DNS’s IP address:
Status (from remote machine)
      + I can ping the IP address
      + But I cannot ping the domain (Pacific.Local) (Please see the attachment for the error message)
The things that I do:
      + I created the hosts file (one line only which is      pacific.local
      + The outcome:
            ++ I can ping the IP address
            ++ I can ping pacific.local
            ++ But the problem is still the same… the same error message

Any Suggestion?

in a python script how can i get all the ip address of  the DNS servers on the network.

Thank you for your help.
SPF record - our MX is to a  third party it then forwards to O365. What do I put in the spf dns record - the third party server IP only - or do i also need to put in O365 email server (MS server) Thanks
I want to point our network's dns to a subfolder on a fileshare server.

I understand that dns only points to IP.  So, I added a dns record to point to the Win 2012 server that has the share.    At this point, I am at a loss how to get the hostname to point directly at the subfolder.  

Is there a virtual mapping or redirect I could setup in Win Server?
I'm in the midst of moving one of our clients to AWS and I am looking for some assistance.  

Their current setup is they have 3 servers on site:

1.  Active Directory, File Services, Print Server, User Profiles, DNS
2.  RDP / Citrix server
3.  Windows 7 computer running indexing software for document management solution

I have already migrated all of their servers to AWS.  I plan on leaving a domain controller on site as well as a print server.

AWS is connected to head office via a VPN tunnel.

The subnet at head office is and the subnet in our AWS VPC is

My questions are:

1.  Would best practice be to host DNS on Route 53 (AWS), on our cloud based or on prem?
2.  Is it practical to have Roaming Profiles from a cloud based file server?  In anticipate this will significantly slow down login times.
3.  When we move the domain controller from on site to the cloud how do we update DNS records so workstations and servers are authenticating against the cloud based DC?  I'm not certain if the SRV record has to be changed.

Any advice or tips would be greatly appreciated.


Hi ..

Using powershell how can i change DNS suffix name globally not only for one network adapter.

Referring to the above link: it refers to another link below:

Would like to assess how accurate the comparison esp between Quad9 (which takes its threat intel
from APWG, Bambenek Consulting, Cisco, F-Secure, Mnemonic, Netlab 360, Payload security,
Proofpoint, RiskIQ & ThreatSTOP ... 18+ of them) vs CleanBrowsing.

The 2nd link gave CleanBrowsing top ratings in various security aspects though various links has
rated CloudFlare & Quad9 as giving higher speeds: so far has not found any links that say Quad9
/CloudFlare as better than blocking malicious or bad IP/domains.

I can't find any links that mention which are the threat intels that CleanBrowsing source from.
Anyone knows?

is there another way to verify the accuracy (just like verifying 'fake news') of the comparisons
in case it's  marketing-driven

Saw that Quad9 is free (but one site indicates we can buy Support service): does Quad9 send
regular reports to users (eg: how many bad IP/domains it has blocked or what protections it
has rendered for the past week/month) ?
I have just recently installed Server 2012 R2 and am trying to install Active Directory on it. Here are the steps I took:

New Server
IP and Dns Settings
Went to Administrative tools to find ADUC
This is what ADUC showed
This is my result
Your input and/or solution to getting DC up will be appreciated.
I have a failed domain migration from Server 2012 Essentials to Server 2016 Standard.

I'm concerned as the Server 2012 Essentials server needs to remain live and in production until the new server is up and running.

During the initial domain migration, I found that DNS issues were preventing certain aspects from working. As a result, I chose to drop "domain.local" and the old server's IP into the new server's hosts file to get through some of the difficulties. At the time, the NICs were set on both servers as follows:
Primary DNS: (The opposite server's IP address)
Secondary DNS:

Having done this, the symptoms I noticed was that I was unable to edit a group policy. I get "Failed to open the group policy object. You might not have the appropriate rights." and "The system cannot find the path specified".

DCDIAG showed that there was an advertising error. This I seem to remember was because I'd left the hosts file in place which pointed "domain.local" at the old server - but I'm not 100% sure of this.

Some googling brought me to realise that the new server was not sharing any Sysvol or Netlogon folders. Someone suggested tweaking a registry entry to force it to show the sysvol folder - I did this, and although it now passes the advertising section, it fails on the netlogon section:

 Starting test: NetLogons
         * Network Logons Privileges Check
         Unable to connect to the NETLOGON share! (\\DC-01\netlogon)
         [DC-01] An net use or …
Virus Depot: Cyber Crime Becomes Big Business
Virus Depot: Cyber Crime Becomes Big Business

The rising threat of malware-as-a-service is not one to be overlooked. Malware-as-a-service is growing and easily purchased from a full-service cyber-criminal store in a “Virus Depot” fashion. View our webinar recording to learn how to best defend against these attacks!

OK, Friends. I need help with DNS, DOMAIN CONTROLLER on Windows 2016 Stadard

I try to find out how to add additional DC to my Windows 2012R2 functionality forest but I have so many problems.

I'm in the middle of moving all my 2012 R2 servers to new hardware with new OS  - Windows 2016

I have installed new OS for server that will be my new DC with FSMO role.
I did this many times in the past so whole procedure is straight forward but not this time
My problem is that since I'm running out of IP addresses in my 10.0.0.x family I've decided to extend my subnet by installing Superscop on my DHCP server. This was done a year ago and all is working OK since.

I've changed network mask for all computers from to to give them access to 2 subnets 10.0.0.x and 10.0.1.x
Simple yes ?
I've confirmed and my DHCP server is assigning IP from new subnet / second superscope as soon as first is full. This is what I want.

So I've installed new server and I've installed AD DS role on it.
All went smooth. I've restarted server and run configuration to promote this new server to be a third DC

and here we go:
I'm getting an error.

On first step - Deployment Configuration I have error:

The wizard cannot access the list of domains in the forest. The error is: The network path was not found.

I did a lot of research in internet but all points to DNS issue which in my configuration is OK.

I have 2 DCs in network:

Master: - also DNS,…
I need to compare/evaluate various DNS security products, meant to to prevent
users accessing malicious sites;  not sure if it'll help with spam (say user register
their emails in unsolicited sites & got spammed from hereon).

A few products below come to mind but I don't know how to go about
Cisco Umbrella
Greenteam Internet
OpenDNS (now under Cisco)

Much appreciated some guidelines & inputs
Hi Experts,

Recently I have purchase an TP-Link VR900 for my HOme use, but its disconnect after 15-20 min. getting an DNS error, I tried to put google DNS (, ) but still the same issue. the Modem has a latest firmware. please advice.


Win10 (, dns: (ad)  has disabled ipv6, firewall and can ping to ivhvm1 (pdc) but i can't join domain. Thanks.


 C:\Users\Administrator>dcdiag /v /c /q
         [IVHVM1] No security related replication errors were found on this DC!  To target the connection to a specific source DC use /ReplSource:<DC>.
         There are warning or error events within the last 24 hours after the SYSVOL has been shared.  Failing SYSVOL replication problems may cause Group Policy problems.
         ......................... IVHVM1 failed test DFSREvent
         ** Did not run Outbound Secure Channels test because /testdomain: was not entered
         An error event occurred.  EventID: 0x00002720
            Time Generated: 11/24/2018   16:12:20
            Event String: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
         An error event occurred.  EventID: 0x0000271A
            Time Generated: 11/24/2018   16:12:20
            Event String: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
         An error event occurred.  EventID: 0xC0080003
            Time Generated: 11/24/2018   16:12:21
            EvtOpenPublisherMetaData failed, publisher = VirtioSerial, error 2 The system cannot find the file specified..
            (Event String (event log = System) could not be retrieved, error 0x2)
Honored Experts.

My company has an anoying problem with our Office365 based mail system.

Our problem is, that mails from the contackt formular on our web site often goes to our spam folder.

We are told, that this should be a problem with the SPF records. However these looks fine to me.

Our corporate web shop is https://cotonshoppen.dk
In SPF I see 3 records. One for Outlook/Office365, One for our web shop provider (Goldenplanet.dk) and one for our news mail system
Can anyone help me with this issue?
I have a host that is managed by vcenter 6.5u2

If i make a change to the DNS IP's from within the Esxi console on the host, will it cause the host to lose connectivity?  

I am asking because, i noticed the host is not pointing to the right DNS servers.  And i would like to make the change but am affraid it will cause the host to lose connectivity to Vcenter momentarily as the Esxi host applies the changes.  

Your thoughts






The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.