A DNS server publishing rule stops working for a DNS server that is published by using Forefront TMG 2010

When a Domain Name System (DNS) server is published by using a server publishing rule in Microsoft Forefront Threat Management Gateway (TMG) 2010, the publishing rule does not work correctly. Therefore, the incoming User Datagram Protocol (UDP) DNS traffic is not forwarded to the published server. This problem occurs randomly.

This issue occurs because a WSAENETRESET error occurs when a recv operation is completed on the publishing socket that faces the Internet. Additionally, Forefront TMG 2010 does not create another recv operation to compensate for the completed operation that contains this error. Therefore, the data pump stops. 

Notes

• WSAENETRESET indicates when the Time to Live (TTL) value is exceeded for a UDP socket.
• Under UDP standards, any finished operation that encounters an error does not stop the data pump if the error is not caused by closing the socket.

Update information

To resolve this issue, install the software update that is described in the following Microsoft Knowledge Base (KB) article:

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base: For more information about the recv function, visit the following Microsoft webpage:
For more information about the kernel-mode data pump, click the following download link to view a Microsoft document: