Windows Server 2016 No Internet Access after AD, DNS and DHCP setup

Copper Contributor

I have a Windows Server 2016 on which is setup as a Domain Controller. I have AD, DNS and DHCP setup on the same server. The DNS server address is localhost and DNS forward has been setup for the default gateway server locally.


I cannot get internet access on my server using localhost as mt DNS address. But if I use default gateway as DNS server internet access works so I know there is something wrong in my DNS server setup and forwarding.


Please help?

14 Replies

I'd check that the DC and problem clients all have the static address of domain controller listed for DNS and no others such as router or public DNS. Also check all members have the router address listed for default gateway.

Internet queries are resolved by default using the 13 default root hint servers in a top-level down fashion. If you wanted to add your ISP's or google DNS then you can do so on forwarder's tab.








Hi Dave,


I have provided Static IP for DNS server address with the Domain Controller IP adress and theDC has localhost ip iei as its DNS server. My DNS server forwarding is referring to my router IP i.e. local DNS gateway.


When I try to add a new computer it gives the following error:

The error was: "No records found for given DNS query."
(error code 0x0000251D DNS_INFO_NO_RECORDS)

The query was for the SRV record for _ldap._tcp.dc._msdcs.<my domain>


So my basic problem is I cannot get my DNS server to work correctly hence no internet access and cannot add computers to domain. 


Are there any particular steps?

Please run;

Dcdiag /v /c /d /e /s:DCName >c:\dcdiag.log

(please replace DCName with your domain controller's netbios name)

also run;

ipconfig /all > C:\dc1.txt

ipconfig /all > C:\client.txt

then put files up on OneDrive and share a link.



The private addresses cannot be used by anyone here so blanking them just removes useful info for trouble shooting. The DC and problem clients are missing (assumption?) the static address of domain controller listed for DNS.

If you cannot post the logs then I'd start a support case here.




Hi Dave,

I have just removed the host name and domain controller name.
Eq. HostName: SERVER1
Domain Name:
Domain Name Part 1: test
Domain Name Part 2: server

"The DC and problem clients are missing (assumption?) the static address of domain controller listed for DNS."
No they are not missing the static ip address of the server.

In the DCDiag file there is are multiple errors regarding no response from DNS server. Is there anything helpful in that?

In the DCDiag file there is are multiple errors regarding no response from DNS server. Is there anything helpful in that?

If you can put up the unedited files yes there would be. There's no risk in posting the private (non routable) addresses. Need to have the whole picture.



On the DC please add server's own address ( to connection properties DNS. Client file appears identical to that of DC (should have been run on problem client?). I'd suspect a circular reference but can't tell without seeing the problem client ipconfig /all DHCP result. I'd remove the router as forwarder and if necessary use ISP's public DNS or use google DNS (, Similar below;





Hi Dave,

I can provide you the client DCDiag but my main issue is DNS server setup for Windows Server 2016. Are there any particular steps to troubleshoot or fix this or reinstall DNS server with step wise checks?

Did you fix the issues I suggested? If so put up a new set files and I'll have a look.




Yes i did make those changes and still no luck. I will upload the files and send the link.

Sounds good. Please also include the ipconfig /all from a DHCP assigned domain member.




@Dave Patrick 

I am guessing this is an old Blog: 

there are several questions to be asked: are you running VM on Hyper-V what are your Hyper-v switch settings ? are you on the same subnet as your Edge router ? also check your DNS settings ? Subnet mask. is DHCP enabled ? there are bunch of things that could block your internet connectivity. here what I would do either configure a proxy on an authorized server not client, enable DNSSEC and Flooding guard on your AD Server, import the proxy settings from IE using NETSH.

so if your AD Server does not have a global DNS zone it will not handle any Internet requests including your own AD server requests. once you add a global zone to the AD Server itself it will expose your server to the global network.