Malwarebytes Endpoint Protection version 3.4.5.xxxx blocks DNS communications on an Active Directory server where a DNS server is present. Symptoms include the inability to resolve any hostnames to IPs.
Disabling Web Protection is insufficient to resolve the problem as the driver MWAC.SYS remains loaded.
A workaround is to change the Preferred DNS Address from the server's own IP address, to its loopback address 127.0.0.1, which achieves the same outcome and bypasses the problem. This workaround is consistent with Microsoft's recommendation to,
Configure the Preferred DNS server in TCP/IP properties on each Domain Controller to use itself as Primary DNS Server.