The official blog for Windows Server Essentials and Small Business Server support and product group communications.
[Today's post comes to us courtesy of Chris Puckett]
After one day, you may find your Windows 2008 DNS Server is unable to resolve names in certain top level domains (tld’s) like .co.uk, .cn, and .br when it is configured to use root hints. It may also occur with other tld’s. A network monitor trace shows the DNS Server does not send any DNS traffic out to the internet. The Windows 2008 DNS server returns SERVFAIL to the client or when using nslookup.
Workarounds include restarting DNS, clearing the DNS cache, setting maxcachettl to 2 days or greater, and using DNS Forwarders instead of root hints.
If you want to use root hints, you can set the maxcachettl registry value on the Windows 2008 DNS Server as follows:
1. Start Registry Editor (Regedit.exe).
2. Locate the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters
3. On the Edit menu, click New, click DWORD (32-bit) Value , and then add the following value:
Value: MaxCacheTtl Data Type: DWORD Data value: 0x2A300 (172800 in decimal = 2 days)
4. Click OK .
5. Quit Registry Editor.
6. Restart the DNS server.
Data type Range REG_DWORD 0x0 | 0x1 - 0xFFFFFFFF seconds Default value:0x15180 (86,400 seconds = 1 day)
You may see this behavior in Windows 2008, SBS 2008 and EBS 2008.
UPDATE: KB Published.
968372 Windows Server 2008 DNS Servers may fail to resolve queries for some top-level domainshttp://support.microsoft.com/default.aspx?scid=kb;EN-US;968372
Are you able to give the circumstances when this happens, I work for a TLD and am also a Windows Admin (we've had tickets from customers on this) so would really like to re-create it in my lab.
Thanks
Brett
Hurrah! I was beginning to think it was just me! I've seen this behaviour since day 1 testing server 2008 all the way through to our now live client's production enviroments. We alwas use root hints where possible as we find may provider's own DNS servers to be unreliable.
Thank you for this great post - at least I know what to do about it - but do you know what's the cause and long term resolution?
Lee
Ok... but WHY would I want to make this registry change on my server? What's the root cause of the problem? Why would I want to set MaxCacheTtl to 2 days instead of 1 day or 10 days?
PingBack from http://www.ditii.com/2009/01/30/windows-server-2008-cannot-resolve-names-in-certain-tlds/
Cause: When the DNS server saves the NS records to the cache, the TTL for the A (Glue) record gets changed to be 1 day. The TTL for the NS Record stays at 2 days. When the A records expire, the DNS server starts returning a "Server Failure" response to the client that issues the dns query.
Data value: 0x2A300 (172800 in decimal = 2 days)
0x2A300 resolves to 68330240 decimal
2A300 resolves to 172800 decimal
Or it does in my regedt32 anyway.
But thanks for the fix, this DNS bug has really been annoying me.
That's odd. In calculator, 172800 decimal translates to 2A300 in hex and 68330240 decimal translates to 412A300 in hex.