Some DNS name queries are unsuccessful after you deploy a Windows-based DNS server
After you deploy a Windows-based DNS server, DNS queries to some domains may not be resolved successfully.
This issue occurs because of the Extension Mechanisms for DNS (EDNS0) functionality that is supported in Windows Server DNS.
EDNS0 allows larger User Datagram Protocol (UDP) packet sizes. However, some firewall programs may not allow UDP packets that are larger than 512 bytes. Therefore, these DNS packets may be blocked by the firewall.
To resolve this issue, update the firewall program to recognize and allow UDP packets that are larger than 512 bytes. For more information about how to do this, contact the manufacturer of your firewall program.
For information about your hardware manufacturer, go the following Microsoft website:
To work around this issue, turn off the EDNS0 feature on Windows-based DNS servers. To do this, take the following action:
- At a command prompt, type the following command, and then press Enter: dnscmd /config /enableednsprobes 0Note Type a 0 (zero) and not the letter "O" after "enableednsprobes" in this command.
The following information appears:
Registry property enableednsprobes successfully reset.Command completed successfully.
Some firewalls contain features to check certain parameters of the DNS packet. These firewall features may make sure that the DNS response is smaller than 512 bytes. If you capture the network traffic for an unsuccessful DNS lookup, you may notice that DNS requests EDNS0. Frames that resemble the following do not receive a reply:
In this scenario, the firewall may drop all EDNS0-extended UDP frames.
Additional records <Root>: type OPT, class unknown Name: <Root> Type: EDNS0 option UDP payload size: 1280
Article ID: 832223 - Last Review: 11/20/2013 18:27:00 - Revision: 8.0
Windows Server 2012 Standard, Windows Server 2012 Essentials, Windows Server 2008 R2 Datacenter, Windows Server 2008 R2 Datacenter without Hyper-V, Windows Server 2008 R2 Enterprise, Windows Server 2008 R2 Enterprise without Hyper-V, Windows Server 2008 R2 Foundation, Windows Server 2008 R2 Standard, Windows Server 2008 R2 Standard without Hyper-V, Microsoft Windows Server 2003, Datacenter Edition (32-bit x86), Microsoft Windows Server 2003, Enterprise Edition (32-bit x86), Microsoft Windows Server 2003, Standard Edition (32-bit x86)
- kbprb KB832223