We are troubleshooting a DNS related issue and it is specific to a internet domain (electionsmunicipales.gouv.qc.ca). I run NSLOOKUP electionsmunicipales.gouv.qc.ca and it returned DNS request timed out error. But it was able to resolve it if I set default server to google DNS server(8.8.4.4) .  I found our DNS server cached a list of NS records (name servers )for this domain.  Then I picked up one of the name server in list (ns-1640.awsdns-13.co.uk)  run NSLOOKUP D2 against electionsmunicipales.gouv.qc.ca  and it returned following results (truncated answer,connect failed: Result too large ,SendRequest failed).  Can anyone tell what the results means and how to fix it or further troubleshooting?

Thanks in advance !

Default Server:  ns-1640.awsdns-13.co.uk
Address:  205.251.198.104

> electionsmunicipales.gouv.qc.ca
Server:  ns-1640.awsdns-13.co.uk
Address:  205.251.198.104

------------
SendRequest(), len 65
    HEADER:
        opcode = QUERY, id = 35, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        electionsmunicipales.gouv.qc.ca.xxx.com, type = A, class = IN

------------
------------
Got answer (65 bytes):
    HEADER:
        opcode = QUERY, id = 35, rcode = REFUSED
        header flags:  response, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        electionsmunicipales.gouv.qc.ca.XXX.com, type = A, class = IN

------------
------------
SendRequest(), len 65
    HEADER:
        opcode = QUERY, id = 36, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        electionsmunicipales.gouv.qc.ca.XXX.com, type = AAAA, class = IN

------------
------------
Got answer (65 bytes):
    HEADER:
        opcode = QUERY, id = 36, rcode = REFUSED
        header flags:  response, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        electionsmunicipales.gouv.qc.ca.XXX.com, type = AAAA, class = IN

------------
------------
SendRequest(), len 49
    HEADER:
        opcode = QUERY, id = 37, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        electionsmunicipales.gouv.qc.ca, type = A, class = IN

------------
truncated answer
connect failed: Result too large
SendRequest failed
------------
SendRequest(), len 49
    HEADER:
        opcode = QUERY, id = 38, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        electionsmunicipales.gouv.qc.ca, type = AAAA, class = IN

------------
------------
Got answer (136 bytes):
    HEADER:
        opcode = QUERY, id = 38, rcode = NOERROR
        header flags:  response, auth. answer, want recursion
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        electionsmunicipales.gouv.qc.ca, type = AAAA, class = IN
    AUTHORITY RECORDS:
    ->  electionsmunicipales.gouv.qc.ca
        type = SOA, class = IN, dlen = 75
        ttl = 900 (15 mins)
        primary name server = ns-1640.awsdns-13.co.uk
        responsible mail addr = awsdns-hostmaster.amazon.com
        serial  = 1
        refresh = 7200 (2 hours)
        retry   = 900 (15 mins)
        expire  = 1209600 (14 days)
        default TTL = 86400 (1 day)

------------
*** ns-1640.awsdns-13.co.uk can't find electionsmunicipales.gouv.qc.ca: Unspecified error
>

Hi,

If only recursive query fails, the reason might be Recursion Query has been disabled.

Disable Recursion on the DNS Server

http://technet.microsoft.com/en-us/library/cc771738.aspx

Also, a similar thread discussed here:

DNS Client stops working

http://social.technet.microsoft.com/Forums/en-US/c7320226-0098-4826-a3ba-647eb75ca8a4/dns-client-stops-working

We didn't disable recursion on the DNS server. It fails when only queries certain domains. We actually fixed the issue by enabling EDNS probe on our DCs by running command "dnscmd /config /enableednsprobes 1".  But according to most discussion on the web, it is recommended to turn EDNS feature off Windows DNS server since the name servers on internet are not ready for EDNS yet (http://weblogs.asp.net/owscott/archive/2009/09/15/windows-server-2008-r2-dns-issues.aspx).  Now my concern is that if it cause other issues when we enabled EDNS ?

Thanks for replying.

Hi,

A known issue is some firewalls have security features turned on that block UDP packets that are larger than 512 bytes. As a result DNS query may fail.

DNS query responses do not travel through a firewall in Windows Server 2003

http://support.microsoft.com/kb/828263

HI Guys

Am facing issue with DNS servers External domain lookup.

The DNS external lookup is working fine but intermittently both DNS servers are stop resolving the external DNS lookup after restart of the AD servers its working fine again

Please suggest me with solution

AD and DNS enabled on the same server both server (RDC and ADC )are in same IP segment, RDC running in Win2k12 and ADC in 2k8

Forwarders and  root hints configuration enabled on both servers