Malwarebytes Endpoint Protection version 3.4.5.xxxx blocks DNS communications on an Active Directory server where a DNS server is present. Symptoms include the inability to resolve any hostnames to IPs. Disabling Web Protection is insufficient to resolve the problem as the driver MWAC.SYS remains loaded.
A workaround is to add a secondary DNS Address for the server's own IP address using its loopback address 127.0.0.1. This workaround bypasses the problem. It is consistent with Microsoft's recommendation:
Add the loopback IP address to the list of DNS servers on all active interfaces. The loopback IP address should not be the first server in the list.