Article ID: 957930 - View products that this article applies to.
This article has been archived. It is offered "as is" and will no longer be updated.
Consider the following scenario:
This issue occurs because Windows Server 2003 DNS server earlier was not fully compliant with RFC 1035.
In some cases, the Windows Server 2003-based DNS server incorrectly sets the Authoritative Answer (AA) bit when it forwards the query to the conditional forwarders. Some DNS Servers check the AA bit when they receive queries. If the AA bit is set, the query is rejected. This occurs because the AA bit should be set only .in responses for which the responding server is authoritative for a particular domain.
To work around the issue, use root hints or the default All other DNS domains option instead of using the conditional forwarders.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
For more information about RFC 1035, visit the following Web site:
http://www.ietf.org/rfc/rfc1035.txtNote The AA bit is described on page 25.
When this issue occurs, a network monitor capture may resemble the following:
1 Windows Server 2003 DNS server Third-party DNS server DNS:QueryId = 0x8022, QUERY (Standard query), Query for FQDN of type Host Addr on class Internet Flags: Query, Opcode - QUERY (Standard query), AA, RD, Rcode - Success ==> this is the query being sent to the conditional forwarder and notice that AA bit is set. 2 Third-party DNS server Windows Server 2003 DNS server DNS:QueryId = 0x8022, QUERY (Standard query), Response - Not Implemented ===>error returned by the third party dns server
Article ID: 957930 - Last Review: January 15, 2015 - Revision: 1.0