[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

DNS

26K

Solutions

25K

Contributors

The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.

Share tech news, updates, or what's on your mind.

Sign up to Post

we have 4 domain controllers running windows 2008 R2. the domain controllers are also running DNS, DHCP services and certificate services.

we want to move to windows 2016 as the base operating system.

is an inplace upgrade of the domain controllers supported and advisable

or should i install new windows 2106 servers move roles and export and import dhcp scopes.

how about certificate services, if i upgrade the os form windows 2008 to 2016 on the domain controller will it upgrade certificate services also.
0
Challenges in Government Cyber Security
Challenges in Government Cyber Security

Has cyber security been a challenge in your government organization? Are you looking to improve your government's network security? Learn more about how to improve your government organization's security by viewing our on-demand webinar!

Hi Experts.

Got a question we seem to disagree on amongst colleagues.

In "modern" Windows environment (2008, 2012, 2016) with multiple DNS servers within unique AD (let's keep it simple for argument sake and not talk multi AD or forests), what is the best practice when it comes to IP assigning.

#1. Each DNS server has itself (loopback) as unique DNS entry in the TCP/IP settings, and any second DNS is declared in the Name Servers tab.
#2. Each DNS server has itself (loopback) as Primary DNS entry AND any second DNS is declared as Secondary DNS entry in the TCP/IP settings.
#3. Each DNS server has the secondary DNS declared as Primary AND itself (loopback) in the TCP/IP settings.

All three scenarios seem to work 99% of the time, when it comes to AD replication mostly, but at times, we like to point fingers at each others config for any downtime that occurred, and subsequently buy a round of coffees for the team :)

Any Experts wish to comment ?
Cheers.
0
I'm looking to implement two domains on two separate DC's within same subnet. One will be forest domain and the other will be a child domain. For eg. Domain "test.com" will be forest domain with ip "192.168.1.2" on DC "A" and domain "test.local" will be a child domain (of forest domain "test.com"), with ip "192.168.1.3" on DC "B".

What's the best way to set this up with respective DNS lookup settings, so that servers in domain test.com can be resolved in DNS of domain test.local on DC "B" and similarly servers in domain test.local can resolve in the DNS of domain test.com in DC "A" .
0
We noticed below error  in the DNS server which is AD integrated. The DNS is set to use forwarder.

"COM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by PID     10cc (C:\Windows\System32\dcdiag.exe).

An error event occurred.  EventID: 0x000027sC"
i can ping from our server and trace out too.

What is the fix for this?
0
I have managed to block YouTube.com using DNS entries for the relevant domains. This is because it uses too much bandwidth that we don't have.
Anyway it's just a temporary measure, but I'd like to display a webpage that explains the blockage to users. I've been looking up dns redirects to an internal IIS server that has the page on it, but I though there might be an easier way that one of youay have heard of .... ?

This is how I blocked YouTube if anyone's curious, I followed the method here, except I haven't put in a CNAME alias yet.
https://social.technet.microsoft.com/Forums/en-US/04aaf74a-b43e-4a06-be62-126a5a57cf36/you-tube-dns-config?forum=winserver8setup
0
I have configured a Cisco 4321 router. A Windows PC can successfully access the internet when using dhcp, but when I configure the PC with Static IP, then it can only ping a website e.g. google.com, but cannot browse the internet. I do have a static route and NAT enabled but not sure why it will not resolve DNS request on the Cisco when not using dhcp. I'm new to this so I'll need clear guidance. Thank you.

Here is the config:
!
!
ip name-server 192.168.15.1 139.130.4.4 8.8.8.8
ip dhcp excluded-address 192.168.15.1 192.168.15.99
ip dhcp excluded-address 192.168.15.200 192.168.15.254
!
ip dhcp pool dhcp-pool-1
 import all
 network 192.168.15.0 255.255.255.0
 dns-server 192.168.15.1 139.130.4.4 8.8.8.8 
 default-router 192.168.15.1 
!
!
!
!
subscriber templating
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
diagnostic bootup level minimal
spanning-tree extend system-id
!
!
!
redundancy
 mode none
!
! 
! 
!
!
interface GigabitEthernet0/0/0
 description $ETH-WAN$
 ip address XXX.XXX.XXX.XXX 255.255.255.252 (X is the Static WAN IP assigned by the ISP)
 ip nat outside
 media-type rj45
 speed 1000
 no negotiation auto
!
interface GigabitEthernet0/0/1
 description MAIN LAN
 ip address 192.168.15.1 255.255.255.0
 ip nat inside
 ip nbar protocol-discovery
 negotiation auto
!
interface GigabitEthernet0
 vrf forwarding Mgmt-intf
 ip address 192.168.16.1 255.255.255.0
 negotiation auto
 no mop enabled
!
ip nat inside source list NAT-LIST-LAN interface GigabitEthernet0/0/0 

Open in new window

0
I have a customer that's running a server with Server 2016 Essentials on it that we setup about a year ago. The SSL cert expired a few weeks ago and we renewed the SSL cert through GoDaddy, generated a new CSR, re-keyed, downloaded and installed the updated cert. All standard stuff we do all the time.

Anywho... Anywhere Access works as expected without error but VPN is no longer working as it used to or how our other Server 2016 and 2012 R2 Essentials boxes work. We ran the repair wizard and restarted services, the server, etc. No change.

VPN client connects, but we can't access the remote server shares offsite via UNC ....\\FQDN  or via \\IP ...unless we manually enter the Essentials server's IP in the VPN adapter options - "Use the following DNS Server".

So, what I'm failing to understand is why the remote server's DNS isn't automatically traversing over VPN. It's not a big deal... it's working. I just don't understand why I now have to do this extra step that I never had to do before. I've setup dozens of 2012 R1 and R2 Essentials servers, and probably 4 or 5 of 2016 Essentials... and this is the first one that we've had to add the DNS server to the adapter's config.
0
What is the purpose of in-addr.arpa within Server 2016 DNS?

in-addr.arpa
0
What are the PowerShell Commands to import the PowerShell DNS server administration module within Server 2016?
0
Looking for some input from those of you who have demoted 2008r2 dc servers (also DNS, GC, WINS) from AD and promoted 2016 (though 2012r2 might also be okay) DC (also DNS and GC, WINS) into AD. I will be running all the dcdiag diagnostics, repladmin, etc. utilities to verify everything worked, but was wondering if anyone has any good Event Log ID's that I ought to look for on any/all of the steps to accomplish task noted above. So Event ID's that either show common errors or those that indicate success. Again always appreciated in advance. Cheers :-)
0
Rowby Goren Makes an Impact on Screen and Online
LVL 12
Rowby Goren Makes an Impact on Screen and Online

Learn about longtime user Rowby Goren and his great contributions to the site. We explore his method for posing questions that are likely to yield a solution, and take a look at how his career transformed from a Hollywood writer to a website entrepreneur.

Within Server 2016 DNS Manager what are SRV records used for?

SRV records
0
Within DNS manager, what are the values in the brackets "[ ]" within the Data column?

Data values
1
My client has an SBS2011 server, which cannot ping or browse outside world. Server points to itself only for DNS (192.168.1.10) in network settings.  However, client computers, which also only point to server for DNS can browse Internet just fine.  So, it appears problem on server is really it’s DNS Client. How can I fix this?  (Note: server has other issues eg: domain services are whacked... but I anticipate these will go away once DNS is working again)
0
I have multiple sites on my internal network all connected with IPSec tunnels.   Each site has a Windows domain controller.  In addition to the domain controller, each site also has a NAS which serves as a file server.   My issue is this.    I want to publish a specific DNS name within one of the internal zones.   Assign each site a version of this name that points to the local NAS device.      I have all the IP information defined in sites and services.   When I have the DNS name something like mydnsname.mydomain.com I want the systems to return the IP of the local device.  What I'm seeing is from corporate, when I reference the device I'm getting random responses from across all of the offices.    
  Is there a way to make DNS prefer IP's on the site I sit on instead of round robin looking through the list of available servers?
0
hi,

Variety of performance problems after dcpromo out a 2008 r2 dc. General slownes of apps edms - some scripts run slower.
Very hard to pinpoint cause. ran dcdiag all clear - all DNS reference to old dc gone - no legacy mapped drives or any connection to old dc to be found'
raised functional level of domain to 2012 r2  - we have 2 dcs very simple single site domain. now just 2 2012 dcs

the fsmo roles all accross to 2012 r2 dc. - 1 thing that did happen is the fsmo holder server had many patches applied not the wannacry patch that causes slowness.
the point is is that the 2012 r2 dc is just that just a dc with dns - its not used for anything else. i dont see how it could cause slowness accross applications
I have read that SMB signing can cause slowness - when you run 2012 - thing is the 2012 dc/s have been in place for years no issue.

before we dcpromoed out the 2008 rs server we turned it off for 2 weeks - and had no issues. Its only post the dcpromo and 2012 functional level up and perhaps the patching of the dc that the weird sslowness in some apps has raised its head.

what can raising the functional level and dcpromo do to slow the network. ?? thanks
0
With an internal domain name such as fisherk12.org and now also having an external website fisherk12.org how do we configure the local DNS so users on the local network can see the website when they browse to fisherk12.org or www.fisherk12.org?
0
Hi Expert,

What could be the best practice for member's AD DNS setting?

Normally at Primary AD, the preferred DNS setting is point to it own IP, secondary IP is point to backup AD or member AD,

should we add in all member's AD IP address's into primary AD's DNS setting?

for member AD, preferred DNS is point to primary AD's ip address?

For my case, i'm having 4 Active Directory

please advise

Thanks
Alfred
0
Hi Expert,

i having a customer which host their own domain name, there are Nameserver 1 and nameserver 2,aka NS1 and NS2, and they hosted thier own exchange server as well.

Right now, they having a DR site, which have passive Exchange server, which just replicate the database.

If they plan to setup a new NS3 server at DR site, what could be the advise? should i replicate it from primary DNS or i should setup the standalone NS3.

NS1 = ISP A,  NS2=ISP B,  NS3 =ISP C
0
I am trying build and publish a SPF record correctly.  We have Small Business Server 2011 which has Exchange 2010.  Our domain is hosted by a third party.  We have two domain names, one that points to another.  When creating the SPF,  I will be using the internal IP address  of our SBS that sends mail.  I was going to include the following TXT under my forward lookup zone: "v=spf1 mx a ip4:192.168.3.234/24 -all"  I understand that I also need to publish the SPF records with the DNS servers hosting our domain.  My question is,  do I provide my host domain provider the same TXT record I created for my mail server which has my internal IP?
0
OWASP: Threats Fundamentals
LVL 12
OWASP: Threats Fundamentals

Learn the top ten threats that are present in modern web-application development and how to protect your business from them.

I have created a VM in Azure cloud and created a website in it.   (Windows 2016 Datacenter server . IIS site)  .  I can access a website in VM using IP .  ( LIke http://13.67.30.100/Mysite) . This need to be accessed by many users within my customer's company .  So what should be done ( Either at Azure or at the customer company ) for the site to be available by name instead of IP   like http://MyApp/Mysite  ( I don't want the to join www like www.myapp.com  . This is to be available in just the company intranet)  

I know on an individual level, I can do the hostname mapping  in the host file.  But I am looking at a company level solution
0
Hello, All;

Virtual Machine
Windows 2016 Server
Windows DNS
Belkin Router

OK, the other day my port 53 became unavailable, I did not find out about it, until last night.
All my other ports are reachable, but port 53 is NOT.
I have it opened in my Router, and I can telnet 53 on the VM Server itself.

The servers have been running fine for several months.
Can someone please let me know what I need to check, as this has all my sites down as well as the Mail Server.

Wayne
1
We have a computer on our network that we believe has malware that our A/V software hasn't discovered and isolated. We have IPS traffic saying it went out looking for an external URL. We believe it will do it again. I have 2012 DCs and even with DNS logging enabled, it does not identify which IP/workstation asks for X website through a recursive DNS query.

I'm looking for a solution similar to tracelog that will deliver source IP looking for a destination IP on the internet through our DNS servers. I can't find a version of tracelog for Server 2012. a pic of what tracelog provides is attached.

I've tried performance monitor/data collector sets and can view in event viewer, but it does not provide source IP and destination IP. I do NOT want to use wireshark/packet captures.

How can i setup DNS logging to provide source IP and destination IP on the internet so the next time the IPS sees it happen i can match timestamps?
ExampleTracelog.docx
0
Dear expert,

I need to stop or disable or start or start-delayed services using powershell or bat or anything that works.
I know there is several ways using: get-service and sc.
Here is what things go very difficult:
The command source machine is a domain joined server and the target machine is a not domain joined server. I got this error:
Get-Service : Cannot open Service Control Manager on computer 'Server'. This operation might require other privileges.
Im out of idea... any tips and solutions?
0
We have a school internal domain name fisherk12.org and recently moved the offsite hosting to a new provider now also using fisherk12.org.  Previous hosted site was fisherk12.com . Problem we have, when going to new site from local network, we get an extra www attached, so it ends up www.www.fisherk12.org.  DNS records are at GoDaddy for offsite.
0
Hello is it possible to deny access to a A host in Windows 2016 DNS for a subnet

So for exemple i don't want that the subnet 172.16.1.0/24 can know about the host OWA

So for exemple if 172.16.1.50 ping OWAi don't want him to know the ip adress

The reason for this is that we have Cellphone and when they connected to the VPN email client don't work because they tried to reach OWA with the internal ip

So i want them to use the external public ip of OWA instead when connected to the VPN

Thanks for the help !
0

DNS

26K

Solutions

25K

Contributors

The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.