The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.

Share tech news, updates, or what's on your mind.

Sign up to Post


With this PowerShell cmd:

 Resolve-DnsName servername

Sometimes I got: IPAddress or IP4Address

What the difference? Both are IPV4

Why is that?
HTML5 and CSS3 Fundamentals
LVL 19
HTML5 and CSS3 Fundamentals

Build a website from the ground up by first learning the fundamentals of HTML5 and CSS3, the two popular programming languages used to present content online. HTML deals with fonts, colors, graphics, and hyperlinks, while CSS describes how HTML elements are to be displayed.


One of our clients is having problems accessing their website externally (Internet). The website is hosted locally on a web server. The website can be accessed using their pubic IP but not the FQDN.

When we try using the FQDN, we get a "site can't be reached" message stating that the private IP for the web server cannot be reached.

We ran nslookup for the FQDN and it pointed to the correct public IP. We ran a tracert and it pointed to the correct public IP. The settings on the web server appear to be correct (using IIS).

We suspect that this is a DNS issue and would appreciate any help in solving this issue!

I am attempting to add a Windows 2019 Server to a Forest/Domain with a 2008R2 Functional Level.
The primary function of this server will be internal DNS.
Most of my questions are related to DNS and in what order I need to do things.  
I have created the Site and new Subnet in AD Site and Services.
When I attempted to promote the 2019 server as a DCit would not permit it, I am getting a DNS related message, "A delegation for this DNS server cannot be created because the because the authoritative parent zone cannot be found.
I have a domain Group "A" with a domain username "X" as a member.
The domain Group is a member of another domain Group "B"
Domain Group "B" has permissions in a workstation fileshare.

But, user "X" can't acccess the fileshare.

Group B permissions
Group A member
User "X" member

What should I be looking out for with this kind of failure?
Or, did I miss something obvious?
Most often, the failed accesses pop up a Credentials dialog.  Now, I know that IF Windows credentials already are saved then normal file access will generate this result.  Removing the credentials fixes this.  So, I rather don't expect to be asked for Credentials in this case.

If I go ahead and enter the credentials for User "X", access is obtained!  

I do notice that some accesses in the sessions list show the computer name as name@domain
Another shows its IP address, which makes me wonder about DNS.

Any insights?
Hi Experts,

we have two old DCs -> Win2008R2 + DNS
and we have two new DCs -> Win2016STD + DNS

We have to remove the old DCs from the network.
Can you provide a tool, to check the source for incoming connections ?
I need to know where these old DCs are configured and entered.

We have over 1000 VMs and some physical hosts and many locations.
Hi there,

I am having a rather strange issue. I manage a small AD environment that was working fine. Something has changed and I cant work out what. The issue appears to be DNS related. Currently I can ping hostnames by netbios or IP, but not FQDN. Any suggestions as to why this might be the case?

Thanks in advance.
I'm setting up AD Connect to sync my 2 separate on-premise AD's to Azure. These AD's are completely separate, but share the same O365 tenant. The domains are set up as siteA.local and siteB.local.

I have a Azure VM with ADConnect installed. It has 2 VPN connections: VM to siteA and VM to siteB. The VM only has 1 configured NIC. It is a member of the siteA domain.

I was able to complete the ADConnect setup (after a bit of mucking around with the DNS so it could resolve both AD's).

The problem now is: ADConnect will now only successfully sync with 1 AD, which happens to be the AD that is set as the preferred DNS server in the NIC's configuration.

Example: siteA IP = siteB = If I set the NIC preferred DNS server as, siteA will successfully sync. If I set the NIC preferred DNS server as, siteB will successfully sync. ADConnect seems to ignore the alternate DNS servers. When I try and ping (eg: siteB.local), I get the same result.

Ok cool no problem - so I put 2 entries in the hosts file -   siteA.local   siteB.local

After this, I was able to ping siteA.local and siteB.local and resolve their IP's - no problem.

But unfortunately, I still have the same issue - ADConnect still only resolves the 1 AD (dependant on the NIC preferred DNS server). I tried a few different things, including an azure private DNS zone but it didn't work (I probably didn't configure it properly).

Any …
Hello there,

Our company is using O365 Exchange and recently I received a letter from a vendor that we work with to implement the standards below.

1. Trasport layer Security (TLS)
2. Sender Policy Framework(SPF)
3.Domain Keys Identified Email (DKIM)
4. Domain-based Message Authentication, Reporting and COnformance (DMARC)

Does anyone knows how to apply these standards in O365 Exchange and what will I need to do.
Been awhile since I have done a Exchange migration (little rusty), and getting use to the new Web interface for Exchange Admin Center. Seems I have an issue with internal mail. Here is the breakdown of our setup.

We are migrating to Exchange 2016 from Exchange 2010 (just the two exchange servers). I have Installed Exchange 2016 on the new Exchange server. Changed DNS entrys for “mail” and “autodiscover”, Imported SSL certificates. Running both in coexistent. All 2010 email and OWA works fine (as it did before on 2010 Exchange box).
Exchange 2010 server name is Eagle1.  Exchange 2016 server name is Eagle16.

I have move one mailbox over to new Exch2016 server database for testing. I can send and receive all email from outlook and OWA to outbound sources. (no problems externally).

Internally I can “Receive” email from other mailboxes on exchange 2010 server, but the test mailbox (on 2016 server) cannot send email to any internal mailboxes. (2016 test mailbox can’t send email successfully to the mailboxes on 2010 server).

Now again, I’m a little rusty, but the send and receive connectors all look good (as far as I can tell).
Not sure if I need to do anything with the IIS server. The test mailbox gets the 2016 OWA, and all other users get the 2010 OWA (they are still on Exch2010 server).

I did find this while fumbling with Exchange PowerShell. Looks like test emails are staying in queue (all to internal 2010 mailboxes), and when I look closer at queue, I see …
I have two domains like:

company.org and company.com.

Up to now the primary domain was company.org. For the webpage the primary domain should be company.com. How can I redirect with dns to www.company.com so that the url appears with company.com?

At present:

company.org IN A
www.company.org in A

company.com. IN A
www.company.com.  IN A

Now when I enter www.company.org the first page display www.company.org and it changes on the second page to www.company.com. How can I make it appear company.com after entering www.company.org on the first page?

Thanks for help!
Exploring SharePoint 2016
LVL 19
Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

We now have two websites that we cannot reach from the inside our our domain/network. We don't have a DNS zone for these domains in our DNS and its not the same as our internal domain.

These domains have a forwarder on GoDaddy's public DNS to a page on our main website (https://domain.com/sitepage), this main website does not share a DNS zone in our internal DNS either. When we try this site outside of our DNS servers it works okay, some computers even work okay for one of the domains, totally weird. When you point DNS to Google on a computer that cannot resolve it, it works okay. When you ping the site from the outside and inside they go to the same IP which matches public DNS A records.

The only difference in when using NSLOOKUP is the server used to resolve the site, but it resolves to the same IP when we use our internal DNS.

Flushing DNS, registering DNS, clearing Cache on DNS servers, changing DNS server (3 DNS Servers) forwarders to something else does not seem to do the trick. All servers running Server 2012 R2 and Server 2016.

The webpage will end up telling you this (does not matter if you add https:// or https://www. or www.):

This site can’t be reached (website here) took too long to respond.
Search Google for (domain here) org
We currently have a Cisco firewall/router (x.x.x.1) handling routing for a dedicated private circuit that securely connects our business with our vendor.

We also have a Fortinet firewall/router(x.x.x.4) for our internet service through our local ISP.  

Each local PC is configured with the .1 Cisco as the default gateway.   From my understanding (don't have access to the Cisco but this is what I'm being told) the Cisco has a default route using the .4 Fortinet device.

From my understanding, all traffic not meant for our vendor is routed back to the .4 Fortinet router via that default route in the Cisco router.  

There are 2 conditional forwarders configured in the local DNS server that point to IPs on the vendor's network.  I'm assuming DNS servers at their location.  I'm guessing since the PCs have the .1 router as default gateway and along with the conditional forwarders is what is routing traffic to the correct circuit.   I should ask, am I correct in assuming the conditional fwders are pointing all vendor traffic to the next hop over the .1 gateway and if the traffic isn't asking for that specific next hop the conditional fwder is providing it is routed back through the default gateway of .4?  

What I'm trying to figure out is how to correctly re-configure all PCs to use the .4 as their default gateway.   I want to do that because right now, using .1 as the gateway is causing the internet speeds to be very slow.  When I test a PC by changing the gateway to …
We have a server with multiple A records pointing to one IP. The server names srv1 and mydomain.
the reverse DNS entry is pointing to srv1. I installed a Linux server. The Linux server is resolving srv1 when I run nslook up, but not mydomain. It is strange that Windows PC are resolving both names.
How do I make the Linux to resolve both server's name?
I have Windows Server 2016 box with DNS configured.  From the server itself, I can query DNS entries that are configured, including making new ones up.  I'll get back whatever I put in the zone.

But from workstations, they can resolve public websites just fine using that Windows box, but they cannot resolve any local addresses.

What am I missing?
I have two servers plugged into the same switch but I am not able to ping one of them. When I do a traceroute to the IP the server that I have connection to hits my firewall on the first hop and the server on the second hop and completes the trace. The server that I do not have access to hits one of my switches on the first hop and then reports that destination is unreachable. What causes the first hop to go to that switch instead of the firewall like the working one?
I am trying to add a cname for autodiscover in WHM. I am not familiar with WHM.

The instructions from my email provider are:

autodiscover.yourdomain pointing to autodiscover.messageexchange.com

I have tried entering it as suggested but after saving it appears as below in WHM

the cname entry at the moment(mydomain is replaced with the actual domain)

Am I doing this right?
In the domain we have two sites - HQ and DR

HQ Site - W2K8R2, WS2019_DC1 (FSMO), WS2019_DC2
DR Site - W2K8R2_DR

We cleanly demoted a W2K8R2 DC which was the bridgehead server for the other site in the domain at the HQ site

The old DC remained in AD S&S registered as the IP bridgehead. I think this is preventing the DR DC replicating with HQ.

Each DC has itself for primary DNS followed by the others

At HQ I have done the following:

Changed the bridgehead server for IP to be WS2019_DC2 then deleted the old W2K8R2 object from the HQ site.
Used Repadmin /syncall /AedqP to push the changes out. This returns for the DC at the DR site

The following server could not be reached (topology incomplete):

On the problem DC:

The AD S&S changes have not updated due to replication issues

Its event log  has KCC errors to do with the topology IDs (1855, 1311, 1566)

The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.

My next thought is:

1) Manually make the same changes on the DR site DC (change bridgehead and delete the old DC object from AD S&S
2) Run repadmin /kcc *

See if that kicks everything back into action.

Recently, I deployed a new Windows Server 2016 - Std as a domain controller.

It's not being used for other than AD replication, AD-Integrated DNS, AD Sites & Services, etc.

In other words, it will eventually become my new PDC, but not at the moment.

Well, I was reviewing my steps and realized that it would be nice to change the IP address of this new DC before I go any further.  The main reason for the abrupt IP change is for future server deployment management/documenting.

The IP change would remain in the current subnet (VLAN).

Is there any issues I may cause or run into if I would proceed in changing this new DC's IP address now?

If you need further information to assist in answering my question, just let me know.

Thanks in advance.
Hi Team
I'm having issues with DC replication, DNS issues etc
PCs are unable to join the domain where DC05 is.  
Please help.

Rowby Goren Makes an Impact on Screen and Online
LVL 19
Rowby Goren Makes an Impact on Screen and Online

Learn about longtime user Rowby Goren and his great contributions to the site. We explore his method for posing questions that are likely to yield a solution, and take a look at how his career transformed from a Hollywood writer to a website entrepreneur.


We are looking to implement DKIM and DMARC, we already have SPF enabled and working.

I understand DKIM and DMARC to quite a good level, however one thing I do not seem to be able to find a clear answer on is implement steps, by this I mean the process of rolling this out (mainly order of DNS changes);

I guess that with DKIM, as long as its not enabled on your outgoing smarthost then you can apply the public DNS record and it is simply ignored by all as the Email header has not been modified?

However with DMARC if a DMARC record exists in your DNS, even with DKIM disabled/deactivated does the DMARC record get quried by your recipients? I have read that some companies use DMARC with only SPF so I assume the answer is Yes it does impact your Emails even with DKIM disabled.

We have a number of third parties so we are trying to align all our DKIM DNS records before activating.

Recently, we promoted Server 2016 DC's (Domain Controllers) from Server 2012R2 machines.  All FSMO roles have been successfully migrated over to the 2016 server(s) and the primary 2016 DC has the schema.  I ran a dcdiag on the new DC and received no errors but, for some reason when I change the IP's from the old DC's (Both primary and secondary) to the new ones, access to Internet sites take anywhere from 20 secs to getting a page cannot be displayed.  Everything else, works in the domain.  Email, file share access, printing, etc.  The only issue is the delay to the Internet.  The only thing I haven't done was to rename the new servers with the old servers' names.  I had to migrate the IP's because there are way too many back end configs throughout the network that point to those IP's.

Any clue on what may be causing the delay in Internet access?  I'm thinking maybe a DNS issue.  I just don't know where since DNS shows all 4 servers in its zone(s).
On one server, a Windows Server 2012 R2, I cannot seem to ping outside of the Forward Lookup Zone that it's DNS record exists. I have two FLZs: domain.local and domaininc.com. If I try to ping a FQDN I have created a record for in domain.com FLZ, I get no response. The record is setup to point to a host in the other FLZ domain.local. Additionally, if I try to ping something like google.com, I get the same result of it saying, "Ping request could not find host google.com. Please check the name and try again."

All my other servers in the same cluster work just fine. I've changed out the vNIC in VMware host and set to DHCP and assigned static IP; same result. Thoughts on what could be causing this?
I have a laptop here I recently reloaded with W10 for a user.  I am trying to deploy ESET antivirus through the admin console.  ESET is installed on our backup DC (DC02).  The agent deploy task kept failing so I went to the machine and was able to ping the DC hostname from the laptop but from the DC, I can't ping the laptop if I use the hostname, it fails because it is trying to ping the wrong address (  The IP of the laptop is and when I ping that, I do get a response (this is the network adapter address, not wifi).

I flushed the DNS on both DCs and tried again but it is still seeing the laptop with the wrong IP. isn't a used IP right now, it is nowhere on the network.  I removed the laptop from the domain, removed it from AD and from ESET, shut it down, flushed the DNS on the DCs again.  Started the laptop up, joined the domain (it pulled the same address from the network adapter), moved the laptop into the correct folder in AD, sync'd AD with ESET, tried to push the agent again but it failed.

I went back to the DC and it is still associating the hostname of the laptop to

Any ideas on what else to try? I can't deploy the laptop until I have ESET on it.
Hey there Experts!

I'm running into a frustrating issues with being unable to update DHCP DNS server on CISCO ASA via SSH.
Logging into the ASA we're processing the following CLI CMDS:

ASA-Hostname: Enable
(successful authentication)
ASA-Hostname# dhcpd dns (dns server needed here)

Unfortuantely we're getting an error thrown at the d in the dhcpd command.
I apologize if this is too simple of a question. I tend to avoid Cisco like the plague and maybe I'm missing a step here.
Researching online the DHCPD CMD seems to be the one that I'm needing.

Your help is appreciated!
Dear Experts

I am hoping someone can assist me with the following issue. I have SPF and DKIM configured on my domain, which appear to be setup correctly but when I examine the message header of an email I sent I see the following entry "None (protection.outlook.com: za.cfao.com does not designate permitted sender hosts)"

Just to add I am using Exclaimer for signature management.

Please can someone examine the header below and advised if I configured something incorrectly.

"Delivered-To: nsadheo@gmail.com
Received: by 2002:a4f:c15:0:0:0:0:0 with SMTP id 21csp930979ivm;
        Wed, 21 Aug 2019 06:30:56 -0700 (PDT)
X-Google-Smtp-Source: APXvYqyk6Zvuz4Zzp1WUwoJQlz3EsF/mENO5B7uNOXkWXKiQUJ9CmIl25//eS3gDvDa/NqaFIZJg
X-Received: by 2002:a17:906:158c:: with SMTP id k12mr31626198ejd.83.1566394255976;
        Wed, 21 Aug 2019 06:30:55 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1566394255; cv=pass;
        d=google.com; s=arc-20160816;
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;






The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.