Some queries, such as queries for A records, work as expected. Queries for MX records may fail. Domains with this issue include AOL.com, Qwest.net, and EarthLink.net.
The sender of an e-mail may receive a Non Delivery Reciept (NDR) with the error message that is similar to the following:
With Extension Mechanisms for DNS (EDNS0) as defined in RFC 2671, "Extension Mechanisms for DNS (EDNS0)," DNS requestors can advertise UDP packet size and transfer packets larger than 512 bytes. By default, some firewalls have security features turned on that block UDP packets that are larger than 512 bytes. As a result, DNS queries may fail.
This problem also may occur on some Cisco PIX Firewall models with software that is earlier than PIX Firewall version 6.3(2). The Cisco PIX Firewall drops DNS packets that are sent to User Datagram Protocol (UDP) port 53 that are larger than the configured maximum length. By default, the maximum length for UDP packets is 512 bytes.
Method 1Contact the firewall vendor to determine how to permit UDP packets that are larger than 512 bytes through the firewall.
For update instruction and for information about how to resolve this problem, visit the following Cisco Systems Web site:
For information about your hardware manufacturer, visit the following Web site:
Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
Method 2Turn off EDNS0 functionality on the Windows Server 2003 server. To do so, at the command prompt, type:
- Install the Dnscmd.exe program from the Windows Server 2003 Support Tools. To install the Windows Support Tools, right-click Suptools.msi in the Support\Tools folder on the Windows Server 2003 CD-ROM, and then click Install. Follow the steps in the Windows Support Tools Setup Wizard to complete the installation of the Windows Support Tools.
- At a command prompt, type dnscmd /config /enableednsprobes 0 , and then press ENTER.
Article ID: 828263 - Last Review: Mar 9, 2010 - Revision: 1