DNS not resolving for a particular domain on your SBS box?

Had this request from another consultant this week so thought I would pass along the issue and the KB article for anyone who may happen to stumble across this in their favorite search engine.

"I have a client running SBS 2003 and all of a sudden they can't get to the Customer Login Page of Postini. They can go anywhere else. All workstations point to the server for their DNS but if I add an ISP dns as a second they can get to the site just fine. I have rebooted the server and the other standard things to flush dns to no avail."

Sounds like EDNS to me, so in reality (to quote Les Connor), “Nothing to fix, nothing is broken ;-). “

Most likely a piece of hardware somewhere on the route doesn't support EDNS.  Basically, a device in the middle sees a packet greater than 512 bytes destined for UDP Port 53 as an attack, and truncates it. The DNS query is satisfied but not all the information is transferred.  You can solve it two ways.  One is to use a secondary DNS server for that particular domain by adding a specific referrer in your SBS DNS Server settings (in case that's not clear, not your NIC settings, but the DNS referrers is what you are adding that to) for the problem domain.  The other Microsoft documented fix is as follows:

Run the following command on the Windows 2003 server: 

dnscmd /Config /EnableEDnsProbes 0

Microsoft KB: http://support.microsoft.com/default.aspx?scid=kb;en-us;828263

Steve

Most likely a piece of hardware somewhere on the route doesn't support EDNS.  Basically, a device in the middle sees a packet greater than 512 bytes destined for UDP Port 53 as an attack, and truncates it. The DNS query is satisfied but not all the information is transferred.  You can solve it two ways.  One is to use a secondary DNS server for that particular domain by adding a specific referrer in your SBS DNS Server settings (in case that's not clear, not your NIC settings, but the DNS referrers is what you are adding that to) for the problem domain.  The other Microsoft documented fix is as follows:

Run the following command on the Windows 2003 server: 

dnscmd /Config /EnableEDnsProbes 0

Microsoft KB: http://support.microsoft.com/default.aspx?scid=kb;en-us;828263

Steve

Leave a Reply

Your email address will not be published. Required fields are marked *