This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 34%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
i had migrated from 2008 R2 Domain controller to 2016, all FSMO roles transferred to 2016 server. after migration existing clients machines not resolving new server DNS, it gives below error.
C:\Users\administrator.CLOUD>nslookup
DNS request timed out.
timeout was 2 seconds.
Default Server: UnKnown
Address: 192.168.201.11
new servers are able to resolve 2016 server DNS without any issue.
i did not demoted 2008 R2 domain due to DNS issue. i tried registering DNS manually but no luck
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 80%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
Hi,
it seems a network issue. check if the DNS network flow port 53 used by the client to send DNS request is opened between client and new DNS server. you can use this tools https://www.microsoft.com/en-us/download/details.aspx?id=24009
It can be also a DC problem because the DNS zone is active directory integrated so , it can be impacted if there is a replication issue.
Please don't forget to mark this reply as answer if it help you to fix your issue
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
There is a time difference between the two domain controllers, this needs to be corrected. May need to look at the domain time service configuration. Looks like there are replication problems between the two. I'd check the event logs for more details of issues. Also check that problem clients are getting the ip address of new DC listed for DNS on connection properties.
--please don't forget to Accept as answer if the reply is helpful--
@Sabir Shibley Hi,
Thank you for posting in Q&A!
Please try to point the DNS server list to each other, rather than point to itself first.
If multiple DCs are configured as DNS servers, they should be configured to use each other for resolution first and themselves second. If the DC point to itself as the primary DNS server, it might cause some unexpected AD replication issue.
For more details, please refer to:
https://www.dell.com/support/article/en-sg/sln155801/best-practices-for-dns-configuration-in-an-active-directory-domain?lang=en
Hope you have a nice day : )
Gloria
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
https://learn.microsoft.com/en-us/answers/articles/67444/email-notifications.html
Dear All,
Issue fixed as our firewall is blocking port 53, Thanks @Thameur-BOURBITA @Anonymous @Gloria Gu
Glad to hear, you're welcome.
--please don't forget to Accept as answer if the reply is helpful--
Accept as answer is not visible
