DNS recursive test query failed

I was asked to look at a network for a small business.  There are 20 clients running either Win98SE or XP Pro, and two machines running Windows 2K Server.  Internet connection is through a DSL line.  The DSL line goes to Server 1 and then to a hub, which the clients and the other server are connected to.  

Server 1
NISP 2004
602LanSuite 2004 internet proxy software

NIC 1(internal network)

NIC 2 (external)
DNS: automatic

P.P.P.o.E. adapter
IP: 68.xxx.xxx.xxx
DNS: automatic from ISP

Server 2
Domain Controller
DNS, AD, DHCP server
(forwarders point to ISP DNS servers)

When testing Server 2, I can PING internal clients, but it cannot resolve external hostnames to IP address (i.e. www.google.com) using PING.  Also, the server will fail a recursive query to other DNS servers.  In addition, under the properties for the DNS server, it is unable to resolve to root hints server names to their IP address (m.root-servers.net to

I am looking for suggestions on what could be wrong.  I appreciate any help on this.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris DentPowerShell DeveloperCommented:

Do you have any forwarders configured? If the forwarders don't support Recursive Queries then external resolution will fail.

Can you also check the Root Hints tab under the properties for your DNS Server in DNS Manager and confirm that 13 addresses are listed there. This doesn't rely on Recursive Queries, but if any are missing then you should use the method in this MS Article to fix it:


For Server 1 (multi-homed server), does it have a Default Gateway set on both adapters? If so the Default Gateway on the Internal Interface should be removed.

Finally, is your server allowed outbound access through your Firewall (if you have one) on Port 53?
Latrobe33Author Commented:
Thanks for the response Chris-Dent.  
<Do you have any forwarders configured? If the forwarders don't support Recursive Queries then external resolution will fail.>
  - Yes, forwarders are configured.  I have the two DNS servers for the ISP configured.  I assume that they support recursive queries,  
    even though it has not been tested.  And ideas on how to do this?

<confirm that 13 addresses are listed there>
  - Yes, and they are current
<For Server 1 (multi-homed server), does it have a Default Gateway set on both adapters?>
  - No, both adapters are set to obtain IP and DNS addresses automatically.  Since this server acts as a proxy server, there is a
    reservation for it within the DHCP scope on Server 2

<Is your server allowed outbound access through your Firewall (if you have one) on Port 53?>
  - Yes, there is an active rule to allow connections from Server 2 on port 53

I appreciate the input C-D.  I keep thinking that this is something glaringly obvious that I keep overlooking.  I almost hope that it is.
Chris DentPowerShell DeveloperCommented:

There's a test tab which will allow you to test recursion.

Otherwise, remove the forwarders completely (which will drop back to root hints) and test name resolution.

If you're running DNS on both servers you should really let both have outbound access so they can both resolve requests.
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

Latrobe33Author Commented:
DNS is only running on Server 1; the recursive query on Server 2 fails with forwarders configured and without.
Chris DentPowerShell DeveloperCommented:

You shouldn't need recursive query support when Forwarders are not configured. Does it resolve name requests correctly with that? Or is it still timing out?
Latrobe33Author Commented:
it still times out.
Chris DentPowerShell DeveloperCommented:

Hmmm, if it's not going through at all I'd be tempted to have a second look at the Firewall...
Latrobe33Author Commented:
Even If I disable Norton I get the same response.  I have to say that solving this is for my own gratifiaction.  All computers are able to access the internet through the proxy server, and collect their email through the same program.  I just don't like it wokring the wrong way.
Chris DentPowerShell DeveloperCommented:

You could try setting server 1 in the Forwarders tab of your DNS config. That way anything unresolved (that it isn't authoritative for) will be passed onto that server.

Bit of a messy fix though.

Otherwise it has to be Server 1 blocking the traffic or not being happy with what is going through.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Latrobe33Author Commented:
I think you are right about Server 1 not liking the traffic.  All client machines have network and internet connectivity.  I will have to let this be for the time being.  Thank you for the suggections Chris-Dent.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.