Re: SBS Unable to resolve domain but Bind can?

Hi Kevin,

The SBS server has a public IP and it is not behind or running any firewall.
I tried your suggestions but I still have the same problem.



"Kevin D. Goodknecht Sr. [MVP]" wrote:

Read inline please.

In news:FA2679C9-8124-4846-A877-D15B966B9C32@xxxxxxxxxxxxx,
Andrew <Andrew@xxxxxxxxxxxxxxxxxxxxxxxxx> typed:
I have a SBS 2003 Server with the DNS server set to use root hints
and no forwarders. The SBS server is unable to resolve some domains
but if I install bind (on the same network and the rest) it can
resolve those domains?

I have tried adjusting a few settings like round robin, recursion and
the odd regedit, but no luck.

Is there any tool that will help diagnose why this is happening?

Using bind or forwarders is out of the question as I would like to
understand why this problem is happening rather than using a work
around.

Just guessing, there is a good chance that you are behind a firewall that is
blocking EDNS (UDP Packets over 512 bytes), while newer BIND servers support
EDNS, it is disabled by default.

Configure your firewall to pass UDP packets up to 1500 bytes (Internet MTU),
(the maximum is 65535 bytes) to the Win2k3 server, or disable EDNS. EDNS
increases efficiency by allowing DNS to resolve larger DNS responses without
using TCP. Large DNS responses are answers that have several CNAME or MX
records in them, these responses exceed 512 bytes and will not fit in a
single UDP packet without EDNS, in this case DNS has to retry the query
using TCP, which is a lot slower to set up.

828263 - DNS query responses do not travel through a firewall in Windows
Server 2003:
http://support.microsoft.com/default.aspx?scid=kb;en-us;828263&sd=RMVP

You can also install the Support tools with dnscmd.exe and run this from a
command prompt.

dnscmd /config /enableednsprobes 0

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps

===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================



.

Relevant Pages

  • Re: SonicWall and SBS2003
    ... > I have the Secondary on the Firewall the External DNS ... > (This way in case the SBS Server goes down for an extended time, ... > This is another reason why I like the Firewall to Issue IPs ... >>> I haven't set up a Vonage, So I don't know what Ports they use also ...
    (microsoft.public.windows.server.sbs)
  • Re: SonicWall and SBS2003
    ... I have the Secondary on the Firewall the External DNS ... (This way in case the SBS Server goes down for an extended time, ... This is another reason why I like the Firewall to Issue IPs ... >> I haven't set up a Vonage, So I don't know what Ports they use also ...
    (microsoft.public.windows.server.sbs)
  • Re: Setting DNS address for mobile computers
    ... Tell the Firewall that it's Primary DNS is the SBS Server. ... http://companyweb/ - Internal Company Website ...
    (microsoft.public.windows.server.sbs)
  • Re: Windows 2003 external nslookup times out, internal works
    ... My firewall does not log responses to DNS (or any other ... ports), only the initial requests. ...
    (microsoft.public.windows.server.dns)
  • Re: Second Domain Controller
    ... I doubt it is more than a 'simple NAT router', maybe some _basic_ firewall ... 48 Port Managed Switch ... The SBS server is the gateway and dhcp server. ... Server 2000 machine since it is a second DC and dns. ...
    (microsoft.public.windows.server.sbs)