Long story short I have two DNS servers running on a Windows 2003 and a Windows 2008 R2 respectively. Internet is accessed through a Gamer Lounge D-Link DGL-4300 Gigabit wireless router. (just thought I’d mention that in three years of usage this router was a reliable workhorse)
My 2003 DNS was configured to forward requests to the DGL-4300.
When the 2008 DNS was brought up I configured it to forward requests to the 2003 DNS (maybe a bad choice but please don’t judge me).
Now, due to some maintenance I had to keep the 2003 machine down for a while so the 2003 DNS was temporarily out of the picture.
In this situation trying to access www.tigerdirect.ca, nothing came up. Of course my client machine was asking the 2008 DNS to resolve a fqdn. The 2008 DNS didn’t know how to do it and asked one of its configured forwarders. The only one was the 2003 DNS which sadly was dead. Not surprisingly the request was failing.
So, to make it work, I configured the 2008 DNS to forward requests directly to the DGL-4300 and expected that all will be over soon. Silly me. I’m trying the Internet and again nothing. I tried a few more tests which honestly I cannot remember but lo and behold it lead me to decide it’s time to “Packetize” the whole thing. I couldn’t find a Packetizer for 64 bit so I came to know Wireshark which is a nice piece of software (nevertheless I miss some of Packetizer’s features).
One thing that I noticed in the capture was a bad checksum for the IP packet encapsulating the DNS request from the 2008 DNS to the router. Ok then, I pulled up the hardware configuration for the network adapter (serviced by the 2008 DNS) and disabled the RX/TX IP Checksum Offload.
I again took a capture and this time no more IP checksum errors but the DNS issue was still on. I have to mention that this capture was taken on the client and basically each DNS request was completely ignored as there were no answers from the 2008 DNS back to my client (Vista machine 64). So the 2008 DNS was incapable of resolving the name and it was just sitting quiet. Time to move on and sniff on the machine where the 2008 DNS server itself resides.
Here I could see this:
109 1.676005 192.168.1.1 192.168.1.89 DNS Standard query response, Format error
a simple search on the Internet lead me to the following article:
Windows Server 2008 R2 DNS DNS error 5504 on some queries (EDNS0 problem?) which in turn sent me to:
DNS query responses do not travel through a firewall in Windows Server 2003 support KB on Microsoft’s website.
In conclusion, it appears that a 2008 DNS server by default behaves a little bit differently than a 2003 DNS server and couldn’t properly cooperate with the DNS server running on the router.
Executing this simple command on the 2008 machine and restarting the DNS server solved my problem:
dnscmd /config /enableednsprobes 0