I have sinlgle windows server 2008 DC running DNS and every now and then it will resolve any .biz domains. I have no issues with .com or other domains, just .biz. I have run nslookup from outside my firewall and I am getting the correct .biz ip address, and firewall is not block any specific address or anything that should affect the dns service. Any ideas on what to try? All my workstations are windows 7 clients.

Could be an EDNS0 issue with your firewall (unable to pass UDP packets > 512 bytes). The quickest way to check this is to configure your DNS server to forward to your ISP or another open DNS server on the internet. If the problem is resolved, then you can spend time to figure out how to either upgrade the firmware on your FW or plan to upgrade. If setting up your DNS server as a forwarder is not an option, EDNS0 can be disabled (not recommended) on the DNS server until you resolve the issue. Windows Server 2008 R2 DNS Issues (EDNS0) http://www.anitkb.com/2010/03/windows-server-2008-r2-dns-issues-edns0.htmlVisit: anITKB.com, an IT Knowledge Base.

The problem is only with .biz domains. All others are cacheing correctly. If the firewall was having issues with pass DNS packets why would it only affect .biz domain? I will see if the DNS forwarding works.

We are having a similar issue with the .biz zone and caching. Seems to having something to do when the ttl for the A records for the .biz name servers expire we are no longer able to resolve .biz names. Our DNS server returns a serverfail reply. If I then delete the gtld.biz sub zone (this is where the .biz nameserver A records live) out of the cache it starts working again. It seems to me that when the .biz nameserver A records expire (the .biz nameserver records are still there, just not the corresponding A records) DNS Server fails to fall back to the root servers to resolve the .biz nameservers again. This is a 2008 DNS server, not 2008 R2. We have seen EDNS firewall issue with 2008 R2 servers but it tends to affect lot more than just the .biz zone. Thanks, Rob

I have seen the same thing that when I delete the gtld.biz sub zone, it starts working. I am not sure what else to try to permanently fix it.

Has anyone found a permanent fix for this issue. We are also having the same issue.

We have the same issue on our 2008 R2 SBS!

Same issue here. Can't seem to find a fix. This is not an EDNS issue, as resolution still fails even with EDNS disabled. Restarting DNS server works for a little while. The only long term workaround is to use DNS forwarders, which I hate to do because DNS servers come and go. This only seems to be an issue with Windows 2008. Windows 2008 R2 and Windows 2003 seem to work just fine.

I'm having the same issue on Windows 2008 server queuries work for a while then I get the "Server failed' error but only on .biz domains,

Hi All, I have been having the same difficulty with .biz domains not resolving since moving to Windows 2008 R2 DNS resolvers. Our DNS resolver is Windows 2008 R2 with SP1. I disabled EDNS because it DOES cause numerous domains to not resolve correctly [Actually the issue being that servers that don't understand eDNS queries are by RFC allowed to respond with a failure message, but the MS DNS server does not retry without the eDNS extension, it takes it as a hard failure.] Even with EDNS queries disabled I found the .biz domains would intermittantly stop resolving [All other domains resolve just fine so this issue is limited to .biz domains] To confirm that edns was disabled I ran: dnscmd /ExportSettings This creates a DnsSettings.txt file in the C:\Windows\System32\DNS directory. Viewing the DnsSettings file showed TWO interesting entries: EnableEDnsProbes=DWORD:0 GlobalNamesEnableEDnsProbes=DWORD:1 So the command "dnscmd /config /EnableEDnsProbes 0" successfully disabled the EDns probes for normal domains, but wait, what is that "GlobalNamesEnableEDnsProbes" setting that is in the DnsSettings.txt export file??? A-ha you might say, searching the internet for this did not pull up much information unfortunately except for this quote from a MS DNS design guide: "GlobalNamesEnableEDnsProbes": A Boolean indicating if the DNS server will attempt to use EDNS for queries used to locate a remote Global Names Zone. Well, it looks like MS DNS servers [2008+] will still use eDNS probes when querying for top level domains, even if you disable eDNS probes using /EnableEDnsProbes 0 So the next step was to "truely" disable eDNS probes - To do that add the following to your DNS servers registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DNS\Parameters EnableEDnsProbes:DWORD:0 GlobalNamesEnableEDnsProbes:DWORD:0 Then RESTART the DNS service "DNS Server" service. Running the "dnscmd /ExportSettings" command again SHOULD indicate that both have now been disabled! OK, so I don't know if this is the problem for sure, it hasn't been long enough since I made this change, but it looks good, and it makes sense. It would appear that some/one of the global .biz root name servers does not support eDNS queries [that's a guess], and since MS does not gracefully handle the failure and resend the query without the eDNS extension [as the RFC says it SHOULD] things go wrong for us when resolving .biz domains. If I discover this NOT to be the issue, I will post back. But this gives others something to try meantime also.