Some DNS Queries Are Unsuccessful Using a Windows Server 2008 R2 DNS Server

We were having some weird DNS issues recently with our DNS servers at work. We recently upgrade one of our internal domain controllers with Active Directory-integrated DNS services to Windows Server 2008 R2. After the upgrade we found that DNS queries for some hosts did not resolve while others worked just fine. Another domain controller running non-R2 Windows Server 2008 would resolve the queries just fine.

One of our network engineers stumbled across a Microsoft KB article describing our exact problem:


http://support.microsoft.com/kb/832223

The long and the short of it is Windows Server 2008 R2 DNS servers can use EDNS0 queries which will increase the size of the DNS UDP packet. Many firewalls will block UDP packets larger than 512 bytes. By disabling EDNS probes on the DNS server the packet size is lowered and thereby will almost always be smaller than 512 bytes which will get you passed most firewalls.

To disable EDNS probes on Windows Server 2008 R2 DNS servers, just open a command prompt and issue the following command:


dnscmd /config /enableednsprobes 0

NOTE: there are supposed to be 2 'e's in that command enableednsprobes

Now you can stop pulling out your hair when only some of your DNS queries fail.

Enjoy,
Flux.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.