The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.

Share tech news, updates, or what's on your mind.

Sign up to Post


We have recently added a number of CNAME records into our 123reg portal for external DNS for a hosted marketing platform to work e.g. comms.domain.co.uk - CNAME - track.c.data..(etc) (see attached).  

The problem we have is that links within these marketing emails on machines on premise do not work.   It looks to be DNS related.   We have split DNS configured on premise.

The support company providing the marketing solution do not know what to configure, as to i.  

We have domain.local and domain.co.uk on prem.  I dont want to break it!

Any ideas?
Cloud Class® Course: C++ 11 Fundamentals
LVL 12
Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

I am researching how to change our exchange send connector to send outbound email through our spam appliance. We are doing this for compliance reasons. Any suggestions on what all I need to change as far as DNS, and mail routing would be much appreciated. I have recently taken ownership of our spam and email servers so I am somewhat green when it comes to major changes like this in a production environment.

Our Environment:
3 Server Exchange 2013 DAG.
3800 End Users.
DNS Roundrobin.
All inbound mail goes through the spam appliance.
We have purchased licensing for out bound mail filtering.
What are the best methods to translate or determine what an IP v6 address equivalent IP v4 address is?
I have a customer whose external company website has been upgraded to HTTPS with associated certificate, since this upgrade, if the customer accesses the website on their internal network it warns that the corticate is not valid, the customer then proceeds to access the website. Once on the website the customer noted that it is not updating showing latest changes to the website. If you access the website external to the network it works fine showing the updated changes. The problem seems to be only apparent when accessing the website from the internal network. The customers network is attached to a server 2012 standard with Exchange server 2016 and has a self-certificate. I have tried clearing the cache on the server and flushed the DNS but to no avail.  Is this a case of a missing DNS entry to accommodate the upgrade to the server, currently the DNS server has a www A record pointing to the External website IP address.

Is it possible the problem is nothing to do with the 2012 server settings but is caused by the the Web designer when upgrading the website to HTTPs?

 Does anyone know what may be causing this problem
i want to set up DMARC AND DKIM,

I have proof point and mailboxes in offic e365

where do i need to set up in external DNS or any steps defined.

i believe SPF is set up in external DNS
If I have 2 domain controllers in 2 different sites and both have IPv6 checked in TCP stack, do I need to define the dynamic IP address in AD Sites and Services?

I had an issue with SYSVOL GPO replication where one of the domain controllers was using the IPv6 address of the other domain controller to access its SYSVOL, but the address was not defined in AD Sites and Services.  I unchecked and did some other things that resolved the issue... but I need to know best practice for this please. thank you.

Hello Experts

I have a question concerning Lync Hybrid with O365 DNS record

I working with a client and this is the current configuration of his public dns:

access  A IP Adress of EDGE Server

_sip._tls.mydomain  SRV access.mydomain   0 0 443 access.mydomain
_sipfederationtls._tcp.mydomain           0 0  5061 access.mydomain

While reading a couple of documents i read about a sip entry instead . like here : http://blog.insidelync.com/2016/08/dns-records-in-a-skype-for-business-hybrid-deployment/

 so for my Hybrid setup to work DNS wise should i recreate all in sip or  i should

sip A IP Adress Edge Server

_sip._tls.mydomain  SRV sip.mydomain   0 0 443 sip.mydomain
_sipfederationtls._tcp.mydomain           0 0  5061 sip.mydomain
I have subscribed to Office365 essentials and configured each of my 15 users with an online account. I have synchronised these with Azure Domain Connect.
My domain is <mydomain>.onmicrosoft.com and I have added mydomain.co.uk which I have set as default. I have added the DNS entries as specified by Office365 and these verify OK with the domain verify on the Office365 portal.
For example: I have a user called Fred Bloggs and he has a user ID of bloggsf@mydomain.onmicrosoft.com and an email address of fred.bloggs@mydomain.co.uk

I am now trying to configure an email client. I have emClient and Outlook2013 but I can't get either to work with the user's email address.
with emClient I've tried entering the email address and letting autodiscover do the work but it fails.
With Outlook2013 I've tried similar but again it fails. I've tried giving it the server name of outlook.office365.com and entering various combinations of email address and user ID but nothing works. I'm at rather a loss really to understand why nothing works. I've checked and double checked the DNS entries and I'm 99% certain they're correct. I think it's got to be something to do with Office365 but I've no idea what. Anyone got any ideas? It's driving me mad.
Hello, we are currently migrating some websites into AWS VPS hosting (or whatever they call it I’m not in billing), and want to know what other people use as a DNS provider, does AWS provide DNS services, if not what DNS providers do you use to host websites.
In particular we are looking for DNS services that can do things like SPF and DKIM etc.. (so not afraid DNS)

I thank you for your help in advance.
I have an internal server that has been running a 3rd-party web app for 2 years, no problem. The app starts via crm.webserver.com/webappname. It works fine from any external computer, but internal users receive the message: There is a problem with this website's security certificate. I restarted the server, iis, the pcs, nothing works. I flushed dns, browser cache, used different browsers, nothing works. There are no viruses, a/v running normal.  This morning it started working again for some unknown reason, then stopped working on one pc with the same message. App vendor says it is a network issue and cannot help. There is a godaddy cert for the iis server that appears fine and has another year on it.  Thoughts?

Windows Server 2012, Microsoft Windows 7
Protect Your Employees from Wi-Fi Threats
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

Our network is spread in 5 countries, one of our site we are not able to access any folders on there servers (Windows 2012 / 2008), they cant access folders on other country folders as well . Have tried this link, but it didnt make any difference.

LAN hosts not resolving for xxx.local DNS lookups

I have a LAN using the extension of ".local" with NAS, printers, systems, etc. After a power outage due to storms I find that hosts on the LAN have issues resolving for printers and my NAS. When I ping them from the client they cannot be resolve. If I ping the IP all is fine. I do a nslookup for the name nothing, nslookup of the IP nothing. If I go to the FW which is my DNS and DHCP server (all my local hosts that I know of get Static DHCP reservations) it can ping the FQN and the IP.

I have a combo of Windows, OSX, and Linux hosts all with issues.

I reading some other articles I "think" that DNS domains like ".local" are becoming reserved by apple, google, linksys, etc -- although I cannot find that printed exactly.

So *IF* .local is reserved what is a good name for a LAN home network? If home, mine, etc safe?

if .local is up for grabs then any other ideas?


I'm looking to implement SPF, DKIM and DMARC at my current client.

SPF has been implemented in a soft fail configuration until all mail servers are identified. They have the following setup:

Exchange 2010
Mimecast - through which the vast majority of email is sent
An external provider (esendex) is used to send certain emails -

THe Exchange servers and Mimecast dns entry has been added to the SPF.
Esendex record\server information will be added to the SPF once received.

As my client has a legal services division they need to know that by implementing DKIM, emails will not be blocked by recipients. Whereas SPF has a soft fail configuration, I can see no such config for DKIM. The actual creation of the DKIM keys seems v straightforward for Mimecast. Will I have to create a separate key for Esendex?

Do mail providers reject messages if the DKIM signature doesn't match? Is there a way to check those who do and don't from the main players?

What is the best way to implement DKIM with testing prior to making it live? All I can find are checking tools to use once the record is in place. They won't take that risk. I could state the case for a test email domain but at most I could only send email to the main providersd and see what happens.

I have also seen reference made to setting up a DMARC policy of none prior to setting up SPF and DKIM - is there any merit to this?

I want to add the DNS Suffix in an Powershell script or command. Anyone got an idea how to do this?

Thanks in advance.

This Part
We are hosting a website for another (non-profit) domain.  I'm trying to figure out how to properly set up in DNS.  I'm wondering if I setup a separate zone for their domain and then put the www record there.  However, I'm not certain and was hoping for some advice.  Actually, I wanting this to resolve internally (10.2.102.*), and we are hosting the web page internally.  Do I just set up a new zone, and point www to our hosting server? Our DNS is Windows 2008 R2 and integrated with AD.


Based on the builtin PowerShell command
Resolve-DnsName -Name bing.com -Type NS -DnsOnl

Open in new window

I need some help in fixing or modifying my PowerShell script below to perform:

1. Get the public IP address of the domain names in the .TXT file (or .CSV)
2. Get the DNS server responsible for the domain in the input .TXT file
3. Export the list as .CSV like below:

DomainName, PublicIP, DNS Server (NameHost)
www.domain1.com,, NS1.domain1.com
www.domain1.com,, NS2.domain1.com
www.domain2.com,, NS1.domain2.com

$InputFile = 'C:\Domainlist.txt'
$addresses = get-content $InputFile
$reader = New-Object IO.StreamReader $InputFile
while ($reader.ReadLine() -ne $null) { $TotalRecords++ }
write-host    ""
write-Host "Resolving DNS on each domain..."
foreach ($address in $addresses)
	## Progress bar
	$percentdone = (($i / $TotalRecords) * 100)
	$percentdonerounded = "{0:N0}" -f $percentdone
	Write-Progress -Activity "Performing DNS Resolve" -CurrentOperation "Working on domain: $address (IP $i of $TotalRecords)" -Status "$percentdonerounded% complete" -PercentComplete $percentdone
	## End progress bar
		Resolve-DnsName -Name $address -Type NS -DnsOnly
		Write-host "$address was not found. $_" -ForegroundColor Green
write-host    ""
write-Host "Pinging each address..."
foreach ($address in $addresses)
	## Progress bar
	$percentdone2 = (($j / $TotalRecords) * 100)

Open in new window

Hi Guys,

I have a 'www' A record added to the forward lookup zone in DNS for the company website (hosted externally to the local domain).

I can ping www.website.com from any workstation internally and it resolves to the correct external IP.

However, I am unable to open the site.
Initially I thought it was a browser cache issue, but it happens in IE and Chrome.  The record was inserted last week, but it still gives error:

The site can't be reached
server IP address cannot be found

nslookup gives the correct website address and external IP.

Any ideas will be appreciated,
Dear Experts

We are in process of setting up very small IT infra where local dns (private dns server) be done on ubuntu server16.4.4.  We will be hosting web based application server in on-premise and for the internet we have 2 service providers  both are of different,
1.  ISP 1 provided device enabled with the dhcp service for the network and it is ON with the subnet of  this is more stable connection
2. ISP2 also provided device and enabled with DHCP service for the network and they are asking to turn it ON -
purpose of 2 service provider is to have backup when one is down operation can happen with other service provider
As of now I have not yet turned ISP-2 modem/router ON as this will also function as DHCP server and in a network 2 DHCP server cannot be enabled.
Please suggest the best practice
1. Should I have to ask ISP-2 to configure for different subnet like and configure one DHCP server in linux server define 2 subnets here and stop both service providers ISP-1 and ISP-2 modem/router DHCP service but when the clients systems boot which subnet to be released as ISP-1 may be down and but the DHCP server release the IP of subnet ISP-1 , how to switch here to another subnet - NOT sure if this is good way to go with please suggest
2. stop dhcp service of ISP-1 and ISP-2 devices and configure dhcp server in linux but with one subnet only but segment the ip range for ISP-1  router and gateway sections pointing to ISP-1 in dhcp …
Recently took over exchange and when our web company renewed the sites cert with a wildcard users are getting the error "The Security certificate has expired or is not yet valid" See screenshot. The expired cert is not in exchange.
Tracing how Outlook clients are going to www.domain.com
External SRV: _autodiscover._tcp.DOMAIN.com --> mail.DOMAIN.com
External A record: email.DOMAIN.com --> External Private IP
External A record: email2.DOMAIN.com --> External Private IP
Internal_tcp folder under forward zones: _autodiscover --> mail.DOMAIN.com
Internal forward lookup A record: mail --> LAN IP of exchange
Internal forward lookup A record: mail2 --> LAN IP of exchange
How do you know if your security is working?
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

I need to add a DNS entry for a domain that is not mine, but connected by VPN. Additionally, it is the name of a public domain.

Our network (net1.local; is connected to another (domainX.com; via VPN.
Domain.com is also a public domain with a public IP range.

I have a request to map to oracle.domainX.com.
Can and how do I do that without causing issues with accessing the actual domainX.com websites and features?
I have always had my DNS managed by my ISP.  We are now in a consortium of schools and the new ISP we will be going to soon does not do DNS hosting.  I am not sure of the process for handling my own DNS hosting.  We have our school website that is johnsonburgareaschooldistrict.net and that site is hosted and the company (Weebly) does the DNS hosting for that site.  Will I need to do anything with them when we change ISP's?  Also we use a service called gaggle.net to host our email.  How does the DNS hosting affect our emails?  Finally, I am sure that our domain (jasd.k12.pa.us) registrar (Pittsburgh Supercomputing Center) will need to be informed of the changes.  I would appreciate it if anyone could give me a simple list of ordered tasks needed to be accomplished to change our present DNS hosting from our present ISP to some new DNS Hosting Service like Cloudfare or someone similar.  Your assistance is greatly appreciated.
My understanding with DMARC is it allows you to configure your DNS to instruct e-mail servers that receive e-mail from senders from YOUR domain/e-mail server on how to handle a failed DKIM or SPF.
However, what if those recipient servers have their own e-mail gateway that is set to "allow" failed DKIM or failed SPF.
Does the DNS rule at your domain win over the recipient's server's inbound rules?
I have a windows server 2008 R2 server and then 25 client machines.Today i formatted once client machine and then I tried add to domain.But now not able to join domain client machines.My DNS also correct and then NETLOGON service also running in server machine.I am facing different issue.

My Domain name was xxx.com .Past years I was using xxx.com domain name use to join domain.But now i enter xxx.com not taken.If i enter xxxx asking server username & password.If i enter server username password then get error message only.

How my domain name changed.I go to my server then check there showing xxx.com only.My IIS also running perfect and my other host application laso working fine incluse my previous existing client machines also working fine with xxx.com domain.
I have some remote offices that I want to setup with RODCs. This will be my first time doing this so wanted to find out about some of the consequences of doing this.

The remote offices are connected to the primary site with Site to Site VPNs - the primary site will have the live writeable Active Directory.

1) If the Site to Site VPN goes down the RODC can't reach the primary AD server in the primary site. Will this be a problem for users in the remote office for authenticating and using DNS for local and web DNS resolution?

2) If I were to go with a full writeable AD in the remote site - if the VPN goes down, will the users experience any sort of outage?

3) Any other suggestions on this line?
If I enable SPF blocking on my Barracuda on premise or any email system for that matter does this mean that domains with out an SPF will be automatically blocked OR does it simply mean that if an SPF record is present it will check it and block it if email doesn't match the sender address. We'll keep soft and hard fails out of this questions to keep it simple  :  ) thanks






The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.