The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have Ubuntu 16.04 (Desktop Edition) with OpenVPN server and BIND9 installed. I used a script when I installed OpenVPN. My OpenVPN client is a W10 netbook with 4G USB modem.
When I choose to use Google DNS during OpenVPN installation then I can surf the Internet via OpenVPN just fine (on my OpenVPN client W10 machine). But if I choose to use a current DNS settings (ie. my own BIND9 server), then I can connect from client to server, but DNS doesn't work. I know that I must edit config file of OpenVPN server server.conf AND to also edit client.ovpn client's OpenVPN file too. And I don't know exactly whether my DNS server (BIND9) is properly configured to play this kind of role.
When I go to W10's CMD and do ipconfig /all I do see DNS server with a correct IP of my BIND9 (it's a public IP of my Ubuntu machine, actually). Nevertheless, DNS doesn't work on a client machine and I couldn't find a complete step-by-step manual how to enable this scheme.
Bootstrap 4: Exploring New Features
LVL 13
Bootstrap 4: Exploring New Features

Learn how to use and navigate the new features included in Bootstrap 4, the most popular HTML, CSS, and JavaScript framework for developing responsive, mobile-first websites.

I have to publish CAA records for our domain and our public NS are running on BIND9 under Debian 8. Unfortunately, the current BIND seems to be version 9.9.5 whereas CAA is only supported in 9.9.6 and higher.

What is my best bet short of upgrading my servers... ?
I have set up DFS on the new server (2016)  and  I have created the namespace (newserver\#Oldserver) with a folder called the (Share) linking back to the Net App Nas hidden share.

Then I  changed the DNS entry for the (oldserver to point to the new server)  example
 OLDSERVER changed to
I also changed the SPN for the OLDSERVER as follows:


This all worked fine.

The problem is now that the \\OLDSERVER\SHARE still does not work but I can see \\OLDSERVER\#OLDSERVER\FILES, and I need to somehow remove the #OLDSERVER so that the old UNC paths still work.

What have I done wrong?

I have a RDS farm containing 3 hosts servers and a one server Broker. I installed a certificate signed by a trusted authority on the broker server and when I access web mode on the server broker, my certificate is well recognized. In the deployment configuration options, certificates are trusted and OK.  

When I access the server named RDS.domain.fr  (Round Robin DNS containing the 3 hosts hosts) I have the problem of certificate not recognized by a trusted authority. He gives me the self-signed certificate of the Host server. This certificat have no private key.

I have tried to installed it on my computer (Users and computer) but I have the same problem.

How to change self signed certificat on Host RDS ?

We've got a bunch of VMs running Windows Server 2008 R2. One is the domain controller, the others are members. Each of the VMs has two virtual NICs in the same LAN ( [old] and [new]) as we're moving away from the invalid 192... network.
We created DNS records for the VMs' IP addresses in the new network while deleting the invalid ones from – but they keep appearing again, no matter how often you delete them! How do we get rid of them once and for all?
(Before you ask: Yes, the "Register this connection's addresses in DNS" box in "Advanced TCP/IP Settings" is unchecked.)
We have a Godaddy domain name.  When logging into the account to change the DNS records, I get a message "We can't display your DNS information because your nameservers aren't managed by us."

Why would the nameservers be with someone else?  Eventually I need to change the MX records.  Couldn't I just change the nameservers to the default GoDaddy name servers and then adjust everything after that?  Basically take control again?
I'm trying to find the DNS options as mentioned in the following articlehttps://simpledns.com/kb/154/what-is-a-dns-amplification-attack-and-how-to-mitigate-it
I upgraded a 2008 R2 Datacenter server functioning as a domain controller and DHCP server. I upgraded to 2012 R2 Datacenter. I made it a replica domain controller with DNS and made it a Global Catalogue server and then installed the DHCP server role. I backed up the DHCP database on the 2008 server, copied the file to the new 2012 server and I believe I successfully imported the dhcp database file. I have done this many times. All the scope settings, reservations, lease, etc. showed.
I went to authorize the new server and it says it’s authorized under manage authorized servers but will not issue IP addresses.
When I select IPv4 or Scope within the console, it says the server needs to be authorized.
I have installed and uninstalled everything several times but end up with the same result = no ips being issued.
Suggestions please ????
Hello Team,

This is AD Site & Services and DNS Question

to understand the issue, let me explain through scenario

We have suppose 3 sites.

Site A which having abcd01 DC
Site B which having  abxy01 DC
Site C which having  abml01 DC

Site A DC we have shutdown, and we need Site A users will authenticated through Site B users. But this is not happening, users are getting Site B primary and secondary DNS  which is correct through DHCP

Instead of site B they are being sent by Site B DC to Site C DC, because of this user complaining about slow logon

i have checked site links are properly created in sites and services, between siteA and Site B

Please suggest what could be the issue

Good day,

We have are having problems setting up a trust relationship between two domain.

Currently we are part of a forest called: abc.co.za
Current FQDN: current.abc.co.za
One of the forward lookup zones on our DNS is: companyname.com

New FQDN: new.companyname.com

We have created the conditional forwarders on both DNS servers and can ping both domain names from both sides.

When trying to create trust from current domain we get error on attachments 001
When trying to create trust from new domain we get error on attachments 002

Please also confirm that the current forward lookup zone we have company.com is not causing problems with new domain new.company.com.
Exploring ASP.NET Core: Fundamentals
LVL 13
Exploring ASP.NET Core: Fundamentals

Learn to build web apps and services, IoT apps, and mobile backends by covering the fundamentals of ASP.NET Core and  exploring the core foundations for app libraries.

We had a server named SERVER_A that we are decommissioning on it and it contained a share with software installation directories on it.  We have moved that files and folders to a new server called SERVER_B and and created that share with the same name and rights.  Because many of the software installations on our desktops and laptops still reference SERVER_A I thought I will just create a CNAME record in DNS and point SERVER_A to SERVER_B.  And that works for purposed of pinging the server, but when I try to access the UNC Share-Error.PNGpath of the share at \\SERVER_B\Software, I get the attached error.  Is there a way to accomplish what I'm trying to do because I have a couple shares that I need to be able to access from the old hostname?
I'm moving a physical member server from our data center to an office building. The server is a Windows 2008 R2 server and used only within the network. The office is on the same domain but a different network. The server is used to allow staff to access Peachtree software for accounting needs and has Microsoft terminal server licensing. My plan is only to make IP changes on the server and DNS changes on the domain controllers.

Is there any Active Directory or other needs I need to address before moving it from the data center? Just want to make sure I'm checking off all the boxes prior to the move.
Hi guys,

Was hoping to clarify few questions with your help.

For Exchange Hybrid Migration:
Q1:      Do we need to publish Autodiscover externally and point to the on-prem Exchange infrastructure?
Q2:      At what stage is this required?
Q3: On-prem Exchange 2013 only has internal Autodiscover service URL, do we need to configure external URL also?
Q4: Once all mailboxes in O365, do we point Autodiscover to O365 instead?
Q5: What changes are required in internal DNS
Q6: Do we disable SCP with powershell? Set-ClientAccessServer -Identity servername -AutoDiscoverServiceInternalUri $NULL

Clients have combination of Outlook 2010, 2013, 2016
Outlook Anywhere is enabled

Thank you
I had this question after viewing Can Ping Gateway but NOT DNS Server.

A client of mine has this same issue. The fix in "Can Ping Gateway but NOT DNS Server" did not work. I have applied all of the fix items noted in that thread, including the fix solution.

Some data:

Four computers in this office are just fine. They can ping the gateway located at They can ping the DHCP Server located at They can ping the DHS Server located at I have attached the results of an ipconfig /all command here as the file ipconfig.good.txt.

One computer is having problems. It can ping the gateway at, but CANNOT ping the DHCP Server and DNS Server at I have attached the results of an ipconfig /all command here as the file ipconfig.bad.txt

The problem happened out of the blue yesterday afternoon. The Windows error logs show no suspicious events during that time period. The machine has a clean registry and clean malware status.

All ideas invited.

-- stan

- - - - - -
Stanley Krute
Chief Technologist
Siskiyou Digital Inc.

All the Servers are in Data Center (Colo).
I want to go remotely to all the Controllers (including IDRAG) which are in Colo.

Question: What command would I use to get the above IP addresses?


We have emails send from Amzon server (From our domain name).

My question what is: Amazon SES Domain Verification TXT Records?

Is it an SPF record or it not the same but just another verification process?

DNS SRV record keeps repopulating under the FOrward Lookup Zone _msdcs dc sites _tcp. It was a phantom domain controller removed from Active DIrectory months ago. ADSI Edit was also cleared and doesn't show the phantom DC but DNS is. NO errors in the logs and also tried dnscmd with no luck.

One domain at 2012 R2 functional level. FSMO roles were not on this phantom DC that was removed.

A SPF record is used to authorize specific servers to send an email on behalf a specifc domain.

But which "FROM" exactly the SPF check?

Because in header a spammer can set for example:

smtp.mailfrom = maliciousDomain.com


from = mydomain.com

Because of that it will pass the SPF validation.
We have one server using SSL that purchased on GoDaddy and our domain is www.xyz.com.
Now, we have another server hosting on AWS, and it is still www.xyz.com. We just use it as fail over purpose.
for example, if our main office's power is off, we will switch www.xyz.com's ip to AWS on DNS make easy.

My question is: I want to install SSL on AWS IIS. Where should I get SSL? On Godaddy.com or I can extract from office's IIS?

Become a Certified Penetration Testing Engineer
LVL 13
Become a Certified Penetration Testing Engineer

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.


I have a web app running on Azure at the address steelyard.azurewebsites.net where the following link is used from an email message sent     Dim oLinkAccept As String = "http://SteelYard.azurewebsites.net/offers_to_me?oOfferID=" & oNewOfferID & "&oOfferAcceptDecline=Accept"  

My problem now is that our technical assistant has set up Azure so that the domain www.thesteelyard.co.za can be used for the website as well. My problem is that the following
link does not work     Dim oLinkAccept As String = "http://thesteelyard.co.za/offers_to_me?oOfferID=" & oNewOfferID & "&oOfferAcceptDecline=Accept"

I just want to clarify something about scavenging and dhcp lease time. Does the scavenging Refresh and No Refresh settings have to be equal/or less than the dhcp lease time or does the scavenging period have to be equal/or less to the dhcp lease time? For example if my dhcp lease time is 4 days then should refresh and no refresh period be at most two days a piece? What should the scavenging period be for this amount of time, does it matter?

Thank you.
Our DNS Host

The reply back I got back was that 'we are not your authoritative DNS host for this IP'. The odd thing is that they added other Azure IPs into our DNS zone fine in the past. So, I have a couple of questions about this.

1. We have used the very same Azure IP address for another website fine - our DNS hosting provider never refused to add that A name entry into our DNS zone...we have several other Azure IPs they have entered in for us as well.
2. Shouldn't a DNS hosting provider be able to enter in any public IP for an A name record that we request, regardless of who owns the IP?

If anyone can shed some light on this that would be wonderful. I'm not a DNS expert by any means. Just trying to get an external-facing website published.  I tried contacting our DNS hosting provider account manager but got voicemails.
We have provisioned a HTTPS web server using windows server 2012. An valid SSL certificate with valid CN (Common Name) has been installed on the web server.

However, due to DNS issue some Web client use IP Address (e.g. https://10.x.x.x) on the browser to access our HTTPS server and prompt for warning.  The user will proceed with the warning anyway in order to access the Web service. We are going to have an internal auditing session soon and our question is:

When the end user using IP address to visit our HTTPS site instead of host / CN (Common name) that match with the installed SSL certificate name, we understand a warning will be prompted before connected to the https server but will the HTTPS traffic still encrypted over the transmission during the network communication as we need to get back to our audit department ?

Thanks for your prompt advice in advance.

I have read enough about AD Domain Name selection and see that company.local is a bad idea.
Alternately, it appears that something like corp.company.com is recommended where company.com is registered.

In the case I'm considering, company.com is in use in the outside world.  www.company.com is being redirected to www.company2.com.
So, I understand that I'd choose something like corp.company.com or btfsplk.company.com, etc.

If this is done, is there any particular concern that there could be conflict between www.company.com and btfsplk.company.com if we misconfigure something internally?
If so, I'd be motivated to register btfsplk.com and just use it internally only so there can be no conflict for sure.
Or, would that be overkill?
we have a single exchange mail server which for the most part is working OK. However, we have one client who is trying to email us, and receiving bouncebacks that the account does not exist.

we have an mx record pointing to our mail server as follows :-


On the bounceback we are told :-

mx.google.com rejected your message to the following email addresses:

On checking further I notice that we have acquired several google mx public dns records

Our main or primary dns record is still correctly set at mail.domainname.co.uk

My question is where did all of the google mx records come from, and why this one particular client is having problems getting mail to us when the main mx record points to our mail server correctly? All other mail is reaching us correctly.

Any advice much appreciated.







The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.