Skip to main content

Resolve-DNSName Usage in Powershell

Resolve-DNSName Usage in Powershell

Resolve-DNSName is a new entry in Windows 8 and Server 2012 to replace our old friend Nslookup. Nslookup is still a great tool to query the DNS servers, but it has its limitations. For example, it is not easy to use inside the scripts. While these days, automation is very important part of every tool. Powershell introduces Resolve-DNSName that gives much more flexibility and options while querying the DNS Servers.

How Name Resolution Works:

The DNS resolution works in the following order:

  1. Hosts file is checked for any entry
  2. Local cached is checked for any cached records
  3. DNS Server is queried for name resolution

First it checks the hosts file for an entry for the queried domain, then it checks for the local cache, if the domain already queried or not and finally it quires the DNS Server, that is responsible for that domain.

Resolve-DNSName (Query As You Want):

Resolve-DNSName gives us the flexibility to query any of these options, that is not available in NSLookup. A normal Resolve-DNSName query looks like this:

For this example i have made an entry in the hosts file for with the IP


After adding the hosts file entry, now as soon i am querying the domain from my PC, it is returning the local IP.

Resolve-DNSName hosts

Here comes the fun part. We can mention to skip the hosts file by using “NoHostsFile” option to skip the hosts file check and move to the 2nd option. We can also mention“CacheOnly” to use cache or “DNSOnly” to directly query the DNS and skip Hosts and Cache.

Resolve-DNSName No Hosts

After using the NoHostsFile, it skips the host file and gets the actual IPs instead of the fake entry that i made in the hosts file.


Resolve-DNSName Record Types:

As a Systems Admin, i often require to get different types of DNS records, especially MX information for the domains. Now i can do that in Powershell using Type parameter in Resolve-DNSName command as follows:

Resolve-DNSName MX Record

Here i used the Resolve-DNSName command to fetch the MX record for my domain,

To list the DNS Servers that hold the record of any domain, we can use the “NS” (Short for Name Server). The output looks like this:

Resolve-DNSName Type NS

When we have multiple DNS Servers having record for any domain, we can query any specific DNS also for the record by specifying the Server. Here, i used Server IP from my previous output.

Resolve-DNSName Type NS Server

Similarly, we can query any type of records using Reolve-DNSName.

 Save Reults:

Finally, we can use the flexibility of Powershell to pipe the output to the Export-CSV and save the it in CSV format.

Resolve-DNSName Export


You can use “Get-Help Resolve-DNSName” to get detailed help for this command in Powershell or visit Technet documentation to learn more about it.


The target principal name is incorrect

Solution: The Target Principal Name is Incorrect

The Target Principal Name is Incorrect


Recently, a customer was facing an issue with a domain controller.  It was giving “The Target Principal Name is Incorrect” error while trying to replicate with other domain controllers.

While running the command “repadmin /showrep DomainController”, it was giving the following result.

The target principal name is incorrect


This is how i was able to solve the problem:

On the DC that has the issue, go to the Services, and Stop the “Kerberos Key Distribution Center” service and make the startup type to Disabled.

Kerberos Key Distribution Center Service

Once it is Stopped and Disabled, Restart the “Active Directory Domain Services”.

Active Directory Domain Services

After the “Active Directory Domain Services” service has restarted, wait for the replication to happen or try to manually replicate. Hopefully, it will sync successfully. After that you can make the startup type for  “Kerberos Key Distribution Center” to start automatically and start the service.

If this does not solve your problem, try the following on the Domain Controller that has the problem:

  • Make the startup type “Kerberos Key Distribution Center” Service to disabled
  • Restart the Domain Controller
  • Try the replication
  • Once replication is complete, make the startup type of “Kerberos Key Distribution Center” Service to Automatic


DNS Error

Solution: A delegation for this DNS server cannot be created

A delegation for this DNS server cannot be created

A delegation for this DNS server cannot be created, this error is displayed when you are installing new domain controller in Server 2008, 2008 R2, 2012 2012 R2 and 2016. The complete error looks like this:

A delegation for this DNS server cannot be created because the authoritative parent zone cannot be found or it does not run Windows DNS server. If you are integrating with an existing DNS infrastructure, you should manually create a delegation to this DNS server in the parent zone to ensure reliable name resolution from outside the domain “mydomain.local”. Otherwise, no action is required.

A delegation for this DNS server cannot be created


Nothing to worry about, in most cases it can be ignored. It is just a notification telling you that this new domain cannot be resolved on the Internet. In most, cases we are installing domain in a company private network. So it does not need the Internet resolution, Unless we are setting up a Public DNS.

So just click OK and continue the “Active Directory Domain Services Configuration Wizard” installation process.