After you deploy a Windows Server 2003 or Windows Server 2008 R2-based DNS server, DNS queries to some domains may not be resolved successfully
This issue occurs because of the Extension Mechanisms for DNS (EDNS0) functionality that is supported in Windows Server 2003 DNS.
EDNS0 permits the use of larger User Datagram Protocol (UDP) packet sizes. However, some firewall programs may not permit UDP packets that are larger than 512 bytes. As a result, these DNS packets may be blocked by the firewall.
To work around this issue, turn off the EDNS0 feature on Windows Server 2003 and Windows Serve 2008 R2 DNS Servers. To do this, follow these steps
For Windows Server 2008 R2
- DNSCMD is installed by default on Windows Server 2008 R2 DNS Servers. At a command prompt, type the following command, and then press ENTER:
dnscmd /config /enableednsprobes 0
Note Type a 0 (zero) and not the letter “O” after “enableednsprobes” in this command.