Windows Server 2003 DNS Forwarding Issues

Ahhh, small successes are always very cool, in my home I run Windows Server 2003 (don't we allJ) with Active Directory and have my DNS server set to do IP address resolution forwarding to my ISPs DNS Servers, it also caches resolved IP addresses etc. Well when I set it up and started to use it I was surprised that I couldn't resolve the address for large sites, namely google, microsoft, bbc etc, hmmm, I thought a tad unlikely all those systems were down.

So as a untidy hack I created a DHCP scope with DNS references to both my local server and the DNS servers from my ISP. Well this weekend I found the reason for Server 2003 not resolving addresses for major websites.

It's something called "Extension Mechanisms for DNS (EDNS0) as defined in RFC 2671" it's on by default for Server 2003 and is an optimisation technique but requires your router to support UDP packets that are larger than 512 bytes and my Linksys WRT54G doesn't appear to do this.

Note, is is also an issue with Windows Small Business Server 2003, see https://msmvps.com/bradley/archive/2004/01/14/1707.aspx for more discussion on the topic.

Anyway the solution to the problem can be found at

• https://support.microsoft.com/default.aspx?scid=kb;en-us;828263
• https://www.jsiinc.com/SUBN/tip6900/rh6967.htm

cut and pasted from jciinc

RFC 2671 allows UDP packets greater than 512 bytes. If you firewall cannot pass these packets, Windows Server 2003 DNS does NOT fall back to TCP/IP, as was the case in previous versions of Windows NT-based operating systems.

To disable the EDNS-0 feature, eliminating the UPD packets > 512 bytes:

1. Install the Windows Server 2003 Support Tools from the CD-ROM.

2. Open a CMD prompt.

3. Type dnscmd /Config /EnableEDnsProbes 0 and press Enter.

Ahhh, life is goodJ