by Thomas Forsmark Sørensen
13. October 2010 11:13
I have seen problems resolving some DNS names at several of our customers after upgrading their DNS servers to Windows Server 2008 R2.
It happens to be a known problem with the "Extension Mechanisms for DNS (EDNS0)" functionality of DNS in Windows Server 2008 R2 and some firewalls.
ENDS0 permits the use of larger User Datagram Protocol (UDP) packet sizes. However, some firewall programs may not permit UDP packets that are larger than 512 bytes. As a result, these DNS packets may be blocked by the firewall.
The resolution to the problem is to run the following command on every Windows Server 2008 R2 DNS server.
dnscmd /config /enableednsprobes 0
Further information can be found in this KB article: http://support.microsoft.com/kb/832223