A name resolution query fails when Windows Server 2003-based DNS servers set the AA bit for the DNS query and forward the query to conditional forwarders

Support for Windows Server 2003 ended on July 14, 2015

Microsoft ended support for Windows Server 2003 on July 14, 2015. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

This article has been archived. It is offered "as is" and will no longer be updated.
SYMPTOMS
Consider the following scenario:
  • A Windows Server 2003 DNS server is configured to use conditional forwarders.
  • A DNS client sends a name resolution query to this DNS server.
  • This query requires forwarding to conditional forwarders.
In this scenario, the name resolution fails, and the conditional forwarders return an error message that resembles the following:
Not Implemented
Notes
  • This issue does not occur if Windows Server 2003 DNS servers forward such a query to root hints.
  • This issue does not occur if you configured the default All other DNS domains option for the Forwarders setting.
CAUSE
This issue occurs because Windows Server 2003 DNS server earlier was not fully compliant with RFC 1035.

In some cases, the Windows Server 2003-based DNS server incorrectly sets the Authoritative Answer (AA) bit when it forwards the query to the conditional forwarders. Some DNS Servers check the AA bit when they receive queries. If the AA bit is set, the query is rejected. This occurs because the AA bit should be set only .in responses for which the responding server is authoritative for a particular domain.
WORKAROUND
To work around the issue, use root hints or the default All other DNS domains option instead of using the conditional forwarders.
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
MORE INFORMATION
For more information about RFC 1035, visit the following Web site: Note The AA bit is described on page 25.

When this issue occurs, a network monitor capture may resemble the following:
1              Windows Server 2003 DNS server Third-party DNS server     DNS:QueryId = 0x8022, QUERY (Standard  query), Query  for FQDN of type Host Addr on class InternetFlags:  Query, Opcode - QUERY (Standard query), AA, RD, Rcode - Success     ==> this is the query  being sent to the conditional forwarder and notice that AA bit is set.2              Third-party DNS server Windows Server 2003 DNS server     DNS:QueryId = 0x8022, QUERY (Standard  query), Response - Not Implemented ===>error returned by the third party dns server
Properties

Article ID: 957930 - Last Review: 01/15/2015 19:14:53 - Revision: 1.0

  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
  • Microsoft Windows Server 2003, Datacenter x64 Edition
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows Server 2003, Standard x64 Edition
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • kbnosurvey kbarchive kbexpertiseadvanced kbtshoot kbprb KB957930
Feedback