Windows Server 2008 and Windows Server 2008 R2 DNS Servers may fail to resolve queries for some top-level domains
SYMPTOM:
When name resolution is provided by root hints, Windows Server 2008 DNS and Windows Server 2008 R2 DNS Servers may fail to resolve queries for names in certain top-level domains. When this happens, the problem will continue until the DNS Server cache is cleared or the DNS Server service is restarted. The problem can be seen with domains like .co.uk, .cn, and .br, but is not limited to these domains.
When the problem is happening, an nslookup command issued for an affected name will return the error "server failed". A network trace will show that the DNS server does not send any traffic for such a request to the Internet. No events related to a problem are reported in the DNS Event Log.
This problem does not happen if DNS Server is configured to use forwarders for Internet name resolution instead of root hints.
RESOLTION:
To resolve the issue and continue using root hints, change the MaxCacheTTL registry value to 2 days or greater.
1. Start Registry Editor (regedit.exe).
2. Locate the following registry key:
3. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters
4. On the Edit menu, click New, click DWORD (32-bit) Value, and then add the following value:
Value: MaxCacheTTL
Data Type: DWORD
Data value: 0x2A300 (172800 seconds in decimal, or 2 days)
5. Click OK.
6. Quit Registry Editor.
7. Restart the DNS Server service.
------
