DirectAccess 2012 has wrong DNS servers listed

Similar Messages

• My airport extreme cannot connect to the internet because it says it has no DNS servers. How can I fix this?

  I just moved and am setting up a new apartment. Verizon put in internet service yesterday. I got a network going on my airport extreme but it could not connect to the internet because it says it has no DNS servers. help! What do I do now?

  Ensure that the ethernet is connected to the WAN port (with the dotted circle).
  You may have to reset and reconfigure your Airport Extreme.

• Airport not distributing DNS servers over network

  Hi everyone,
  I connect to the Internet over ADSL (ISP: Arnet Highway, Buenos Aires, Argentina) using PPPoE from my MacBook Pro.
  I have my ADSL modem connected to the Airport Extreme (802.11n) and distributing IP over DHCP just fine. Every device that joins the network obtains a valid IP.
  However, DNS servers aren't distributed by the router over the network. Every connected device has to be manually configured to set the DNS servers of my ISP to be able to resolve hosts, instead of 'asking' these addresses to the router, as it should be.
  Initially I thought there might be a problem obtainig the DNS servers from the ISP. So in the Airport Utility, in Internet / PPPoE settings, I've manually set my ISP's DNS servers, which should be distributed over the network to all connected devices.
  This doesn't happen, and every somebody new joins my wireless network I have to manually change the DNS servers for that connection which, as I'm sure you'll agree with me, can be quite annoying. Not to mention what would happen if my ISP decides to use dynamic DNS addresses.
  Thanks for any help you might provide.
  Cheers.

  Hello belbo,
  I connect to the Internet over ADSL using PPPoE from my MacBook Pro.
  Is your Macbook Pro Network configured to use PPPoE or DHCP?
  I have my ADSL modem connected to the Airport Extreme (802.11n) and distributing IP over DHCP just fine. Every device that joins the network obtains a valid IP.
  Is NAT enabled on the AE? Are the valid IP Address obtained from your ISP or from the AE?
  However, DNS servers aren't distributed by the router over the network. Every connected device has to be manually configured to set the DNS servers of my ISP to be able to resolve hosts, instead of 'asking' these addresses to the router, as it should be.
  When you setup the AE to use PPPoE did you enter a Domain Name or a DHCP Client ID?
  Initially I thought there might be a problem obtainig the DNS servers from the ISP. So in the Airport Utility, in Internet / PPPoE settings, I've manually set my ISP's DNS servers, which should be distributed over the network to all connected devices.
  The DNS servers listed in the AE aren't distributed to each Network Device but are only used to translate names into IP addresses when need by a Network Device.
  This doesn't happen, and every somebody new joins my wireless network I have to manually change the DNS servers for that connection which, as I'm sure you'll agree with me, can be quite annoying. Not to mention what would happen if my ISP decides to use dynamic DNS addresses.
  If your AE is distributing IP Address using DHCP and NAT then this should not be a problem but I'm not sure without more information about the questions I asked.
  Later.
  Buzz

• How do you setup a server to use multiple DNS servers that are not connect to each other?

  Is there a way to setup a server that connects to two different domains to use the proper DNS server for name resolution?
  Let say there are two DCs: serverA.subdomaina.domain.com and serverB.subdoamainb.domain.com.  The domains are independent and not connected.  Now you need a common server that is connected to both and need to resolve names from both
  domains.
  Is this possible?
  I have setup a server in a workgroup.  One NIC has the subdomaina.domain.com connection specific suffix and the other nic has the subdomainb.domain.com.  Each NIC has the DNS server listed for the domain it is connected to.
  This configuration will resolve FQDNs of one domain but not the other.  This I believe is due to the fact the server only querys one DNS server and doesn't try the other DNS server.
  Is there any way to make the server try another DNS server, if the first one doesn't have the entry?

  Hi,
  Thank you for posting in Windows Server Forum.
  Here adding to the words of “Tim”, a forwarder is a DNS server on a network used to forward DNS queries for external DNS names to DNS servers outside of that network. You can also forward queries according to specific domain names using conditional forwarders.
  A DNS server on a network is designated as a forwarder by having the other DNS servers in the network forward the queries they cannot resolve locally to that DNS server. You can refer information regarding forwarders and how to configure from beneath link.
  Understanding forwarders
  http://technet.microsoft.com/en-us/library/cc782142(v=ws.10).aspx
  Configure a DNS Server to Use Forwarders
  http://technet.microsoft.com/en-us/library/cc754941.aspx
  Hope it helps!
  Regards.

• How to modify DNS servers on Macbook Air

  Is there a way to modify my DNS servers from my wireless connection?
  Im connected to a wireless network at my office.  Im getting the IP address, using DHCP and I get DNS servers and search domains greyed out.
  But the first few DNS servers listed are from a secondary domain which are slow as molasses.
  id like to bump up my ISP's and Google's DNS server to the first spot because my intial web surf is slow.  Is there a way to do that?

  If they're greyed out, they're being passed down from your network's DNS server (often your router). You can enter your own values in there to override, just click the plus button on the lower left.
  Matt

• Enterprise DNS servers are not responding when using Windows NLB with Direct Access 2012

  Hi
  We have installed Direct Access 2012 as one server installation:
  - Two network cards. First one in DMZ and second one in internal network
  - Two consecutive IP addresses configured in DMZ because of Teredo
  - PKI because of Win7 Clients IPSec
  - Our corporate network is native IPv4 so we use DNS64/NAT64 and DA-server is configured as DNS
  - DA-servers are VMWare virtual machines 
  One server installation works fine and now we want to use Windows NLB as load balancing. NLB installation goes fine too,
  but problem is DNS. If we still try to use DA-server as DNS there comes error message below
  None of the enterprise DNS servers 2002:xxxx:xxxx:3333::1 used by DirectAccess clients for name resolution are responding. This might affect DirectAccess client connectivity to corporate resources.
  When trying to configure DNS using Infrastructure access setup, DNS cannot be validated when using DA-servers DIP or cluster VIP. Only domain local DNS looks to be ok but those have no IPv6 addressess. So how DNS should be configured when using multicast
  NLB? 
  Tried to remove name suffix then adding again => Detect DNS server => DA-server IPv6 address found => validate => The specified DNS server is not responding...
  Then tried to ping detected address => General failure
  NLB clusters are configured as multicast and static ARPs are configured too. Both clusters can be connected from those subnets as they should be. 
  Any clues how to fix this?
  ~ Jukka ~

  Hi,
  Your question falls into the paid support category which requires a more in-depth level of support.  Please visit the below link to see the various
  paid support options that are available to better meet your needs.
  http://support.microsoft.com/default.aspx?id=fh;en-us;offerprophone
  Regards,
  Mike
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• I have an Imac running snow leopard and have recently installed a cannon i-sensys lbp7750Cdn printer since then I can't get the printer working and the air port has lost the DNS servers; if it ever had them!!! but it dose not look happy. Can any one help

  I have an Imac running snow leopard and have recently installed a cannon i-sensys lbp7750Cdn printer since then I can't get the printer working and the air port has lost the DNS servers; if it ever had them!!! but it dose not look happy and it is telling me so. Can any one help please?

  Snow Leopard breaks quite a few drivers - my Canon exhibited the same problem.
  I eventually found updated drivers on the Canon website. You can try that with the HP, but if the all-in-one is more than a year or so old, don't hold your breath.
  You can also try Software Update to see if it will offer new drivers, or failing that go to the Support Downloads site and search for HP updates.
  In fact there's a new one for HP at the top of the list just now.
  You may not necessarily want the latest one, though - check the specs to see if your model is covered; if not, search for the previous update etc.

• KB2919355 2012 R2 update crashes DNS servers which load zones from file

  I allowed KB2919355, the Windows Server 2012 R2 update 1, to install on a pair of standalone servers which run just DHCP and DNS for an isolated network. They are dedicated physical servers. Because they are not joined to an AD, they load their DNS zones
  from file. As soon as KB2919355 is installed the DNS server service "terminates unexpectedly". It does this within seconds every time you try to start it. Only event 7034, "The DNS Server service terminated unexpectedly", is logged.
  Uninstall KB2919355 and the DNS service returns to normal.
  DNS.exe is replaced by the update: the previous version was 6.3.9600.16384; the update version is 6.3.9600.17042.
  To see if this might be being caused by my zone files I then built a new Server 2012 R2 virtual machine, put all updates on it including KB2919355, and then added the DNS role. Sat there without any configuration changes from the default the DNS Server service
  continued to run. Then I made the one change, to load zone data on start-up from file. I had not created any zones or made any other changes. The result was a DNS Server service which crashes and will not stay running for more than a few seconds. Change
  back to the default "load from Active Directory and Registry" and the service runs normally again.
  This looks horribly like a bug.

  The zone data is stored in the zone file.
  Neil has the right approach (IMHO) in loading the zone info from the registry.
  The zone file itself has all of the zone records and can be transferred to DNS secondaries through either AXFR or IXFR zone transfers. If your secondaries are BIND DNS servers, remember to click the BIND compatibility check box in the properties dialog box.
  The "load zone data" setting only controls the boot process of the DNS server and not the actual storage of the zone records.
  Hope this helps!
  Ed Gallagher

• List all DNS servers in an AD Forest

  Is there a way (preferably powershell, of course!) to find all DNS servers in an AD forest?  Not domain controllers running DNS but ANY Windows servers running DNS.
  Here is the situation...I have one root domain to which I am adding a new domain controller.  There are roughly 20 child domains which should all have their dns servers set to forward to my root domain for unresolved queries.  I need to change the forwarders on all DNS servers in the Forest (I've got that part figured out).  However, I know that not all Domain Controllers in all of the domains are DNS servers and vice versa (not all DNS servers in the domains are domain controllers).
  So...anything that I can query to find all dns servers in the Forest (short of querying every server in the Forest for the existence of the DNS Server service?)
  I've searched but can't seem to find anything in wmi.
  Thanks,
  Nate

  That would just list all DCs within a domain (not even in the entire forest).
  You can use DNSLint (http://support.microsoft.com/kb/321045) or dnscmd (assuming you’re hosting your AD DNS Zones on Microsoft DNS Servers) to query for
  NS records.
  Regards
  Christoffer Andersson – Principal Advisor
  Enfo Zipper
  "EXRAPUL" wrote in message news:ea6d0f00-0bc0-4786-b63b-c618e51ff264...
  Hi Nate,
  Yes, we can find list of DNS servers by using a command "nltest".
  Here is the syntax nltest/dnsgetdc:<forest name>
  example: nltest/dnsgetdc:microsoft.com
  Enfo Zipper Christoffer Andersson – Principal Advisor

• DirectAccess 2012 not able to connect

  I've got a Direct Access 2012 instance running and clients are unable to connect. I'm really not sure why. I've got all green check marks in the Operations Status page.
  I've uploaded the DCA results
  https://onedrive.live.com/redir?resid=270A675D98E09864!109&authkey=!ACNgL-_6rvNy5Co&ithint=file%2ccab
  https://onedrive.live.com/redir?resid=270A675D98E09864!110&authkey=!AFUtqtOirbg3UxI&ithint=file%2ctxt

  John,
  Thanks for your reply.  Where do you see one IP configured?  I have two configured on the external facing NIC.
  I followed the link you suggested and got this output:
  Microsoft Windows [Version 6.3.9600]
  (c) 2013 Microsoft Corporation. All rights reserved.
  C:\Users\richard>netsh dns show state
  Name Resolution Policy Table Options
  Query Failure Behavior                : Always fall back to LLMNR and NetBIOS
                                          if the name does not exist
  in DNS or
                                          if the DNS servers are
  unreachable
                                          when on a private network
  Query Resolution Behavior             : Resolve only IPv6 addresses for names
  Network Location Behavior             : Let Network ID determine when Direct
                                          Access settings are to
  be used
  Machine Location                      : Outside corporate network
  Direct Access Settings                : Configured and Enabled
  DNSSEC Settings                       : Not Configured
  C:\Users\richard>netsh namespace show effectivepolicy
  DNS Effective Name Resolution Policy Table Settings
  Settings for SDSIDA01.richardenterprises.net
  DirectAccess (Certification Authority)  :
  DirectAccess (IPsec)                    : disabled
  DirectAccess (DNS Servers)              :
  DirectAccess (Proxy Settings)           : Use default browser settings
  Settings for .monitor.richardenterprisessystems.com
  DirectAccess (Certification Authority)  :
  DirectAccess (IPsec)                    : disabled
  DirectAccess (DNS Servers)              : 2002:46a8:346c:3333::1
  DirectAccess (Proxy Settings)           : Bypass proxy
  Settings for .richardenterprisessystems.com
  DirectAccess (Certification Authority)  :
  DirectAccess (IPsec)                    : disabled
  DirectAccess (DNS Servers)              : 2002:46a8:346c:3333::1
  DirectAccess (Proxy Settings)           : Bypass proxy
  Settings for .richardenterprises.net
  DirectAccess (Certification Authority)  :
  DirectAccess (IPsec)                    : disabled
  DirectAccess (DNS Servers)              : 2002:46a8:346c:3333::1
  DirectAccess (Proxy Settings)           : Bypass proxy
  Settings for .qa.richardenterprisessystems.com
  DirectAccess (Certification Authority)  :
  DirectAccess (IPsec)                    : disabled
  DirectAccess (DNS Servers)              : 2002:46a8:346c:3333::1
  DirectAccess (Proxy Settings)           : Bypass proxy
  Settings for .staging.richardenterprisessystems.com
  DirectAccess (Certification Authority)  :
  DirectAccess (IPsec)                    : disabled
  DirectAccess (DNS Servers)              : 2002:46a8:346c:3333::1
  DirectAccess (Proxy Settings)           : Bypass proxy
  Settings for .dev.richardenterprisessystems.com
  DirectAccess (Certification Authority)  :
  DirectAccess (IPsec)                    : disabled
  DirectAccess (DNS Servers)              : 2002:46a8:346c:3333::1
  DirectAccess (Proxy Settings)           : Bypass proxy
  C:\Users\richard>ipconfig /all
  Windows IP Configuration
     Host Name . . . . . . . . . . . . : richard-x240
     Primary Dns Suffix  . . . . . . . : richardenterprises.net
     Node Type . . . . . . . . . . . . : Hybrid
     IP Routing Enabled. . . . . . . . : No
     WINS Proxy Enabled. . . . . . . . : No
     DNS Suffix Search List. . . . . . : richardenterprises.net
                                         richardenterprisessystems.com
                                         monitor.richardenterprisessystems.com
                                         qa.richardenterprisessystems.com
                                         staging.richardenterprisessystems.com
                                         dev.richardenterprisessystems.com
  Wireless LAN adapter Local Area Connection* 13:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft Hosted Network Virtual Adapter
     Physical Address. . . . . . . . . : EA-2A-EA-0C-E2-8E
     DHCP Enabled. . . . . . . . . . . : Yes
     Autoconfiguration Enabled . . . . : Yes
  Wireless LAN adapter Local Area Connection* 12:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
     Physical Address. . . . . . . . . : E8-2A-EA-0C-E2-8F
     DHCP Enabled. . . . . . . . . . . : Yes
     Autoconfiguration Enabled . . . . : Yes
  Ethernet adapter Bluetooth Network Connection:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
     Physical Address. . . . . . . . . : E8-2A-EA-0C-E2-92
     DHCP Enabled. . . . . . . . . . . : Yes
     Autoconfiguration Enabled . . . . : Yes
  Wireless LAN adapter Wi-Fi:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Intel(R) Dual Band Wireless-AC 7260
     Physical Address. . . . . . . . . : E8-2A-EA-0C-E2-8E
     DHCP Enabled. . . . . . . . . . . : Yes
     Autoconfiguration Enabled . . . . : Yes
     IPv6 Address. . . . . . . . . . . : 2600:1012:b127:be8e:fd9d:3679:f76d:187c(P
  referred)
     Temporary IPv6 Address. . . . . . : 2600:1012:b127:be8e:7c0d:e512:7d90:c46d(P
  referred)
     Link-local IPv6 Address . . . . . : fe80::fd9d:3679:f76d:187c%4(Preferred)
     IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Lease Obtained. . . . . . . . . . : Wednesday, July 30, 2014 9:19:11 AM
     Lease Expires . . . . . . . . . . : Thursday, July 31, 2014 9:19:11 AM
     Default Gateway . . . . . . . . . : fe80::215:ffff:fe8f:9ec2%4
                                         192.168.1.1
     DHCP Server . . . . . . . . . . . : 192.168.1.1
     DHCPv6 IAID . . . . . . . . . . . : 384314090
     DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-3B-27-B3-28-D2-44-8C-13-06
     DNS Servers . . . . . . . . . . . : 192.168.1.1
     Primary WINS Server . . . . . . . : 192.168.1.1
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Ethernet adapter Ethernet:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . : richardenterprises.net
     Description . . . . . . . . . . . : Intel(R) Ethernet Connection I218-LM
     Physical Address. . . . . . . . . : 28-D2-44-8C-13-06
     DHCP Enabled. . . . . . . . . . . : Yes
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter isatap.{0A3ACF23-D6FD-47F6-91B8-E5E43DF81BAA}:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter Teredo Tunneling Pseudo-Interface:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv6 Address. . . . . . . . . . . : 2001:0:d10c:afc3:3401:ede1:b92e:2f98(Pref
  erred)
     Link-local IPv6 Address . . . . . : fe80::3401:ede1:b92e:2f98%21(Preferred)
     Default Gateway . . . . . . . . . :
     DHCPv6 IAID . . . . . . . . . . . : 553648128
     DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-3B-27-B3-28-D2-44-8C-13-06
     NetBIOS over Tcpip. . . . . . . . : Disabled
  Tunnel adapter iphttpsinterface:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : iphttpsinterface
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv6 Address. . . . . . . . . . . : 2002:46a8:346c:1000:bc7f:1f46:b190:e852(P
  referred)
     Temporary IPv6 Address. . . . . . : 2002:46a8:346c:1000:4e3:9a37:3998:f4ac(Pr
  eferred)
     Link-local IPv6 Address . . . . . : fe80::bc7f:1f46:b190:e852%22(Preferred)
     Default Gateway . . . . . . . . . :
     DHCPv6 IAID . . . . . . . . . . . : 369098752
     DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-3B-27-B3-28-D2-44-8C-13-06
     NetBIOS over Tcpip. . . . . . . . : Disabled
  C:\Users\richard>nltest /dsgetdc:
  Getting DC name failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
  C:\Users\richard>
  Thanks

• BigPond - Mail from your ISP is temporarily rejected due to DNS Block List

  I've been trying to send mail to people who have Bigpond.com email addresses and received the following message concerning the unable to deliver the emails. For some reason, Mac.com is being seen as a spam address and is currently blocked.
  Who at Mac.Com can following the instructions below to resolve the problem which are relatively straight forward, but it's not a specific mac issue, but their mail servers
  Anybody through any light on how to get Mac.com to investigate the problem?
  ----- Transcript of session follows -----
  ... while talking to extmail.bigpond.com.:
  MAIL From:<[email protected]> SIZE=318276
  <<< 451 Mail from your ISP is being temporarily rejected due to a DNS block list. Your ISP can resolve this issue. More information is here <a class="jive-link-external-small" href="http://">http://bigpond.custhelp.com/cgi-bin/bigpond.cfg/php/enduser/stdadp.php?pfaqid=12829
  <[email protected]>... Deferred: 451 Mail from your ISP is being temporarily rejected due to a DNS block list. Your ISP can resolve this issue. More information is here http://bigpond.custhelp.com/cgi-bin/bigpond.cfg/php/enduser/stdadp.php?pfaqid=12829
  Warning: message still undelivered after 4 hours
  Will keep trying until message is 4 days old
  
  Reporting-MTA: dns; smtpoutm.mac.com
  Arrival-Date: Sun, 30 Sep 2007 03:12:48 -0700 (PDT)
  Final-Recipient: RFC822; [email protected]
  Action: delayed
  Status: 4.3.0
  Diagnostic-Code: SMTP; 451 Mail from your ISP is being temporarily rejected due to a DNS block list. Your ISP can resolve this issue. More information is here http://bigpond.custhelp.com/cgi-bin/bigpond.cfg/php/enduser/stdadp.php?pfaqid=12829
  Last-Attempt-Date: Sun, 30 Sep 2007 08:07:49 -0700 (PDT)
  Will-Retry-Until: Thu, 4 Oct 2007 03:12:48 -0700 (PDT)

  Resolving such issues can be complex. It is important to recognize that you've done nothing wrong.
  The bounces occur because your ISP has chosen to subscribe to a blocking list maintained by one of several such services. In your case, BigPond is querying the Trend Micro MAPS RBL list each time it receives inbound smtp transactions, and for some reason, addresses or address ranges assigned to .Mac mail for such traffic have been added to this MAPS RBL.
  BigPond can do nothing, really, but sever its link to MAPS, and is highly unlikely to do so. Beyond reporting the issue to Apple as indicated above via .Mac support using the web form located here, there is really nothing you can do. It is up to MAPS to remove the block based upon a request from Apple.
  This sort of relative stupidity occurs quite frequently. We have chosen to use the services of spamhaus.org to limit SPAM on our internally operated mail server, and face the same issue with mail originating through domains maintained by T-Mobile, who has unfortunately found themselves on the Spamhaus PBL, or policy block list. I haven't been able to locate someone at T-Mobile responsible for resolving the issue, so mail originating outside our domain via T-Mobile HotSpots or the T-Mobile cellular data network—traffic that is legitimately relayed through our server to users outside our subnet—is blocked.
  While I generally applaud the efforts of SPAM blocking services like MAPS and Spamhaus, I am beginning to believe that the unintended consequences of their services negate the value they otherwise provide. And, they operate with impunity and are unwilling to talk to affected users or notify sanctioned providers on behalf of affected users. They simply add the offending addresses to their many block lists, and leave it to others to correct what they see as a violation.

• My Ipad (Ipad 3) has the DNS changer bot.  What do I do to remove it?

  I have the DNS changer bot on my Ipad (the New Ipad).  I have tried to download MacScan, but safari does not allow it.  How do I get rid of it?
  I went to the FBI check website with my Ipad and the page was red.  I know "they" say that this can't happen, but it has!
  Help!

  Your Ipad isn't infected -- it is very likely the router that you are going through to get internet service, has had its DNS servers changed.
  The message you got is legit.  Google announced they would notify people here:  http://googleonlinesecurity.blogspot.com/2012/05/notifying-users-affected-by-dns changer.html   Go search news.google.com for DNS changer.  Your ISP may also have been trying to notify you over the last few months as well.  
  Check the DNS server settings on your router.  The malware sometimes changes the DNS server settings on your router.  If you find the DNS servers on your router have been changed to the bad ones, change them to something you trust (your ISP's, Google's etc) and then change the password on your router.  If there are other computers in your house, check those as well - you might have a pc that is the source of the infection.  Make sure your router is secured so only you can get on it, not your neighbors.
  Here is a list of the bad DNS Servers:
  85.255.112.0 through 85.255.127.255
  67.210.0.0 through 67.210.15.255
  93.188.160.0 through 93.188.167.255
  77.67.83.0 through 77.67.83.255
  213.109.64.0 through 213.109.79.255
  64.28.176.0 through 64.28.191.255
  To make the comparison between the computer’s DNS servers and this table easier, start by comparing the first number before the first dot. For example, if your DNS servers do not start with 85, 67, 93, 77, 213, or 64, you can move on to the next step. If your servers start with any of those numbers, continue the comparison.

• SQL 2012 Management Studio Remote Servers Service Status Slow/Stops Working

  This is a huge annoyance.  I manage about 50 SQL instances of SQL Server versions 2005-2012 and I noticed that it takes 1-2 seconds to load the service status (green arrow) on each individual server.  If you then connect to a server, you have to
  wait for all the statuses to be loaded first in the Registered Servers list before it loads the statuses for servers in the Object Explorer.  This happens whether the servers are registered in Local Server Groups or Central Management Servers, and whether
  I have access to all servers (as windows local administrator and sa), or not.  It also happens regardless of whether I run as Administrator or normally on my instance of SSMS (which is SQL 2012 Development on Windows Server 2008 R2).
  These servers are also registered in alphabetical order by group and server name, which means that if I have "DEV" groups, they will be registered before "PROD", unless I rename accordingly.  It sometimes takes a few minutes, if
  I'm lucky, to get a server I connect to to load, which means I can't use SSMS to really manage any remote servers and start/stop/pause/resume/restart services.
  Worse, sometimes due to a server becoming unavailable (due to updates/patches/failovers), SSMS is unable to load the service statuses anymore for any new server connections made to object explorer, resulting in the loss of ability to view/change service statuses. 
  In this case, there is no way to recover (Refresh of Central Management Servers does nothing), except to close SSMS and open it again, and then wait again for all the statuses to load.
  I have lived with this since first installing SQL, and regardless of the Windows Updates and SQL patches applied, the problem has never gone away.  This also happens if I load SSMS in Windows Server 2012.  Its starting to become a huge issue now
  that I have to patch several servers each month.
  I have already checked WMI permissions, GPO, firewall, etc. as per all the suggestion on the internet, including this post
  http://www.sqlservercentral.com/Forums/Topic825246-146-1.aspx.  None of these suggestions have made a difference, as my real problem is one of connectivity and performance, and
  not security, which most of these suggestions apply to.  Of note, all servers are in the same domain, firewall is disabled across the board, correct permissions for local administrators exist for remote registry settings, WMI, GPO, etc, and all service
  accounts and windows accounts that are used are local admins and sysadmins.
  My work-around has been to delete the Central Management Server and any local server group registered servers, close and re-launch SSMS, and then connect to a server I'm interested in via Object Explorer.  Otherwise, close and re-launch will take forever. 
  My other alternative is to RDP into the remote server and manage services via SQL Configuration Manager locally.
  If anyone has any ideas on how to fix this, or make it go faster, I'd really appreciate it.
  Diane

  Hi Satish,
  Thanks for taking the time to reply.  Yes, I actually am already using work-arounds (i.e. methods other than SSMS) to accomplish my tasks.  My issue is that this is supposed to be working and provide a nice GUI so that you can easily visualize
  any issues, and address them directly, without having to hodge-podge access via scripts or 3rd-Party tools.
  Since no one else has any comments, I guess there are no plans to make remote server administration work with SSMS properly then, and that kludge methods are the only ones being advocated.
  Diane

• Domain Controllers that are DNS servers DNS Client settings

  [Copying verbatim from a mail by Joe ]
  So I have been pinged by a few folks recently on configuration of client DNS settings on Domain Controllers that are also functioning as DNS Servers. Lots of debate. I understand there has been long time debate within MSFT as well.
  From http://blogs.technet.com/b/askds/archive/2010/07/17/friday-mail-sack-saturday-edition.aspx there
  is the quote
  "3.When referencing a DNS server on itself, a DNS client should always use a loopback address and not a real IP address."
  From http://www.microsoft.com/en-us/download/confirmation.aspx?id=9166 (Windows
  Server 2008 R2 Core Network Guide)
  "9.        In Preferred DNS server, type the IP address of your DNS server. If you plan to use the local computer as the preferred DNS server, type the IP address of the
  local computer.
  10.       In Alternate DNS Server, type the IP address of your alternate DNS server, if any. If you plan to use the local computer as an alternate DNS server, type the IP address of
  the local computer."
  From http://technet.microsoft.com/en-us/library/dd378900(v=ws.10).aspx (DNS:
  DNS servers on <adapter name> should include their own IP addresses on their interface lists of DNS servers)
  "The inclusion of its own IP address in the list of DNS servers improves performance and increases availability of DNS servers. However, if the DNS server is also a domain controller and it points only to
  itself for name resolution, it can become an island and fail to replicate with other domain controllers. For this reason, use caution when configuring the loopback address on an adapter if the server is also a domain controller. The loopback address should
  be configured only as a secondary or tertiary DNS server on a domain controller...
  Add the loopback IP address to the list of DNS servers on all active interfaces. The loopback IP address should not be the first server in the list."
  ESPECIALLY "For this reason, use caution when configuring the loopback address on an adapter if the server is also a domain controller. The loopback address should be configured only as a secondary or tertiary
  DNS server on a domain controller." and "Add the loopback IP address to the list of DNS servers on all active interfaces. The loopback IP address should not be the first server in the list."
  Why shouldn't loopback not be first, the justification is why you shouldn't only use loopback, not why it shouldn't be first.
  From http://technet.microsoft.com/en-us/library/ff807362(v=ws.10).aspx (DNS:
  DNS servers on <adapter name> should include the loopback address, but not as the first entry)
  "If the loopback IP address is the first entry in the list of DNS servers, Active Directory might be unable to find its replication partners. 
  The inclusion of its own IP address in the list of DNS servers improves performance and increases availability of DNS servers. However, if the DNS server is also a domain controller and it points only to itself,
  or points to itself first for name resolution, this can cause a delay during startup. For this reason, use caution when configuring the loopback address on an adapter if the server is also a domain controller. The loopback address should be configured only
  as a secondary or tertiary DNS server on a domain controller."
  This also seems like justification against only using loopback versus using it first.
  Are there any actual real documented issues for using loopback first and a remote DNS server second and perhaps third? If the local DNS server service isn't working yet (or at all), I would expect the DNS Client process
  to try to connect to it, fail, and then failover to the secondary just like I would expect it to failover if the remote DNS server was secondary and it was unavailable and it failed back to the loopback. Am I making a bad assumption?
  And by documented I don't mean random responses to questions on the internet or other such items. I mean a KB article or technet article or properly researched and tested other web article from a reliable resource.
  thanks, 
  joe

  As I understand it, the scenario whereby a DC could become an 'island' if it points only to itself, or to itself first, was repaired in the Windows Server 2003 product cycle. See
  http://support.microsoft.com/kb/275278 for information about this scenario.
  However, there is still a known problem of slow boot times that can occur. See
  http://support.microsoft.com/kb/2001093 for information about this. The scenario that is discussed assumes there is a power failure and servers shut down due to overheating while on backup power. When
  multiple servers come online simultaneously after power is restored, there can be a significant delay.
  The recommended configuration is one that avoids a single point of failure, but also tries to optimize the speed of resource record registration, so that Active Directory can properly synchronize.
  -Greg

• Best practices for 2 x DNS servers with 2 x sites

  I am curious if someone can help me with best practices for my DNS servers.  Let me give my network layout first.
  I have 1 site with 2 x Windows 2012 Servers (1 GUI - 10.0.0.7, the other CORE - 10.0.0.8) the 2nd site connected via VPN has 2 x Windows 2012R2 Servers (1 GUI - 10.2.0.7, the other CORE - 10.2.0.8)  All 4 servers are promoted to DC's and have DNS services
  running.
  Here goes my questions:
  Site #1
  DC-01 - NIC IP address for DNS server #1 set to 10.0.0.8, DNS server #2 set to 127.0.0.1 (should I add my 2nd sites DNS servers under Advanced as well? 10.2.0.7 & 10.2.0.8)
  DC-02 - NIC IP address for DNS server #1 set to 10.0.0.7, DNS server #2 set to 127.0.0.1 (should I add my 2nd sites DNS servers under Advanced as well? 10.2.0.7 & 10.2.0.8)
  Site #2
  DC-01 - NIC IP address for DNS server #1 set to 10.2.0.8, DNS server #2 set to 127.0.0.1 (should I add my 2nd sites DNS servers under Advanced as well? 10.0.0.7 & 10.0.0.8)
  DC-02 - NIC IP address for DNS server #1 set to 10.2.0.7, DNS server #2 set to 127.0.0.1 (should I add my 2nd sites DNS servers under Advanced as well? 10.0.0.7 & 10.0.0.8)
  Under the DNS management > Forward Lookup Zones > _msdcs.mydomain.local
  > properties > Name Servers should I have all of my other DNS servers, or should I have my WAN DNS servers? In a single server scenario I always put my WAN DNS server but a bit unsure in this scenario. 
  Under the DNS management > Forward Lookup Zones > _msdcs.mydomain.local > properties > General > Type should all servers be set to
  Active Directory - Integrated > Primary Zone? Should any of these be set to
  Secondary Zone?
  Under the DNS management > Forward Lookup Zones > _msdcs.mydomain.local > properties > Zone Transfers should I allow zone transfers?
  Would the following questions be identical to the Forward Lookup Zone mydomain.local as well?

  I am curious if someone can help me with best practices for my DNS servers.  Let me give my network layout first.
  I have 1 site with 2 x Windows 2012 Servers (1 GUI - 10.0.0.7, the other CORE - 10.0.0.8) the 2nd site connected via VPN has 2 x Windows 2012R2 Servers (1 GUI - 10.2.0.7, the other CORE - 10.2.0.8)  All 4 servers are promoted to DC's and have DNS services
  running.
  Here goes my questions:
  Site #1
  DC-01 - NIC IP address for DNS server #1 set to 10.0.0.8, DNS server #2 set to 127.0.0.1 (should I add my 2nd sites DNS servers under Advanced as well? 10.2.0.7 & 10.2.0.8)
  DC-02 - NIC IP address for DNS server #1 set to 10.0.0.7, DNS server #2 set to 127.0.0.1 (should I add my 2nd sites DNS servers under Advanced as well? 10.2.0.7 & 10.2.0.8)
  Site #2
  DC-01 - NIC IP address for DNS server #1 set to 10.2.0.8, DNS server #2 set to 127.0.0.1 (should I add my 2nd sites DNS servers under Advanced as well? 10.0.0.7 & 10.0.0.8)
  DC-02 - NIC IP address for DNS server #1 set to 10.2.0.7, DNS server #2 set to 127.0.0.1 (should I add my 2nd sites DNS servers under Advanced as well? 10.0.0.7 & 10.0.0.8)
  Under the DNS management > Forward Lookup Zones > _msdcs.mydomain.local
  > properties > Name Servers should I have all of my other DNS servers, or should I have my WAN DNS servers? In a single server scenario I always put my WAN DNS server but a bit unsure in this scenario. 
  Under the DNS management > Forward Lookup Zones > _msdcs.mydomain.local > properties > General > Type should all servers be set to
  Active Directory - Integrated > Primary Zone? Should any of these be set to
  Secondary Zone?
  Under the DNS management > Forward Lookup Zones > _msdcs.mydomain.local > properties > Zone Transfers should I allow zone transfers?
  Would the following questions be identical to the Forward Lookup Zone mydomain.local as well?
  Site1
  DC1: Primary 10.0.0.7. Secondary 10.0.0.8. Tertiary 127.0.0.1
  DC2: Primary 10.0.0.8.  Secondary 10.0.0.7. Tertiary 127.0.0.1
  Site2
  DC1: Primary 10.2.0.7.  Secondary 10.2.0.8. Tertiary 127.0.0.1
  DC2: Primary 10.2.0.8.  Secondary 10.2.0.7. Tertiary 127.0.0.1
  The DC's should automatically register in msdcs.  Do not register external DNS servers in msdcs or it will lead to issues. Yes, I recommend all zones to be set to AD-integrated. No need to allow zone transfers as AD replication will take care
  of this for you.  Same for mydomain.local.
  Hope this helps.