The Official SBS Blog : Cannot resolve names in certain top level domains like

DNS Service seems to hang in SBS2008:

When you set up SBS 2008 one of the defaults it takes is root hints, but as you can see by some of those threads, in some DNS locales, DNS via root hints on Win2k8 is not a robust as it should/could be.  So besides those suggested settings, some have recommended going back to forwarders.  Now the idea here is not just any ol’ forwarders but consider “cleaner” ones.  If you have a client that is looking for a bit of management of their sites …. or … in my case I also put my Dad behind this, as a dns fowarder will not only work for residential folks like my Dad but also server networks as well.  Some have said that some of their sites and urls don’t work behind  I’d recommend you test first.

But the process is relatively straightforward…

Click on Start, Administrative Tools, DNS, click on the UAC prompt (and if you aren’t clicking on it, it’s because you’ve made it to silently elevate and not shut off completely right?)

Now right mouse click on the name of the server, and click on the forwarders tab.  Click on edit and enter in the following values:

The process looks like this in SBS 2008:

Click on edit


In that area click and enter in the OpenDNS values

After each entry hit enter for the values to “resolve”

Huh, interesting, one isn’t resolving today….

When you are done, click OK.  The Server now is connecting via forwarders.

You aren’t done yet.  Now set up an account on and add your IP address (it’s best if it’s a static IP) to your settings area.  Click on Networks and add the static IP of the network.  Then click on Settings and choose those areas you want to block.  When you have a dyanamic IP you may need to install software to hook the dynamic IP to the OpenDNS network.  From this setting screen if I hear of a bad url or network that I want to proactively block, I just enter it into the “Always block” settings.

Some of you may do similar to this with your managed firewalls and control access from that.

But bottom line if you want to flip your server to DNS forwarders, that’s how you do that (you just substitute the IP addresses of your ISP if that’s what you prefer), if you want to forward to opendns, that’s the exact info how to do it.


10 Responses to How to flip your SBS 2008 to forwarders

  1. indy says:

    Using forwarders will increase dns resolution time, and incurs a longer latency penalty on noncached lookups versus no forwarders at all. Since in most cases your clients are looking to your in-house DNS server, and it is unlikely to be down while other services are up, this adds a delay for net resolution for every first noncached query that doesn’t need to be there.

  2. bradley says:

    Not using forwarders in a Win2k8 and you run the risk of DNS resolution problems. That DNS issue is not SBS 2008 unique.

    In my tests it added no latency. Your mileage may vary.

  3. Rich Lusk says:


    Do you recommend setting up OpenDNS on the SBS box instead of the router?

    Thank you for info. Good stuff!

  4. Joe Raby says:

    I have a thing against giving out website usage information to a company that sells it to advertisers under the guise of a “free service”.

    I have another thing against a company that hijacks invalid DNS resolves and doesn’t give me the choice in search engines to which they are forwarded, due to security issues with search engine companies not filtering sponsored search results (like my ISP tried to do once with Yahoo, but has since backed down – they even went so far as to hijack Address Bar searches by looking for specific URL parameters).

  5. bradley says:

    I recommend it on the box.

  6. Speaking about search engine issues.... says:

    I was at a clients place earlier today and they had a user that had Google set up as their default search engine.

    He’s a safety instructor for the business and he was doing a bit of research online. So he proceeded to type in “workplace deaths june 2009” into Google, and clicked on the 3rd search result that came up. Not one of the sponsored searches, but one of the standard search results. It led to a page on – a freehost similar to Geocities or Angelfire (remember them?).

    Anyway, it resulted in a page that forwarded twice to another page that looked like XP’s Windows Explorer and said the PC was infected, yada yada, with a dialog box that said “Click OK to install Personal Antivirus…”. You know where this is leading….

    So they called me over before he clicked on anything, and I killed the process for IE before it had a chance to install.

    So now he uses Bing and all of the search results on the first 5 pages for the exact same terms are safe.

  7. indy says:

    There we have it, SBS has DNS issues (No Standard version of Windows has ever had issues keeping forwarders blank.

    In my tests, putting in a forwarder to OpenDNS or even your own ISP increases DNS resolution time. Susan, do a test with noncached addresses.

    OpenDNS also takes a variable amount of time on false hit to pull up that search page. I do not recommend it for business use. I do recommend it for home or very small business use.

    And: we have confirmation that Bing is safe! There’s no chance that Bing will give you a bad site on search!

    Perhaps it was the user’s choice of browser that is the issue?

  8. bradley says:

    I have. OpenDNS is faster for me.

    The issue is with Win2k8, the base OS and right now it’s fixed with a registry fix.

    See the KBs.

  9. @indy says:

    “OpenDNS also takes a variable amount of time on false hit to pull up that search page. I do not recommend it for business use. I do recommend it for home or very small business use.”

    It’s a page redirection to Yahoo. Yahoo wouldn’t have half of the market share they do now if it weren’t for OpenDNS. If OpenDNS were to drop Yahoo, they’d just be done.

    “And: we have confirmation that Bing is safe! There’s no chance that Bing will give you a bad site on search!”

    Safer than Google anyway. Just look at Google’s data retention policies for proof. Then look at the sites that they advertise. Stark contrast.

    “Perhaps it was the user’s choice of browser that is the issue?”

    Nope. It was IE7 in both cases – same computer. It wasn’t like it was the users fault either. In fact, I ran some tests on several other domain lookup sites and most of them already block the domain due to security reasons (they host malware!). Google didn’t. That’s Google’s fault.

  10. Thomas says:

    One doesn’t resolved because you typed the wrong IP 😉 instead of