DNS server chain breakdown

Posted on 2011-05-05
Last Modified: 2012-05-11
Hi, I'd like to connect with someone who understands DNS better than I do!

I'm administering a SBS 2011 server. It has some websites on it, and it serves a small domain. SBS controls a wireless router, and I have made some DNS entries so that I can browse locally hosted sites. Currently everything is working fine, except for a little DNS problem. I can browse intranet and internet sites fine, but when I try to get to one particular site, it can't display the page. The page is for the ISP in this case, so it is wrecking a user's access to their webmail.

So this is odd, no? General internet browsing is ok, but not for the main page of the Internet Service Provider. In this case the ISP is

Once I tried to reset the modem and router, by power cycle, and this restored access to - but recently I reset it and it still can't access that site. I'm thinking that something I've done has altered DNS lookup such that it can't find

It would be great if I could work with an expert to learn about DNS in this applied way: using tests to see that DNS queries are being properly answered. I'd like to review the sequence of DNS servers, that are used to get to a page.

About a decade ago, I learned to use tracert, so here's my initial info:

tracert to locally hosted site: shows one hop to local NIC's ip address.
tracert to replies "unable to resolve target system name
tracert to first resolves to a specific IP address, and then returns a series of hops, starting with the domain router, then the ISP default gateway, then a series of 5 ip addresses, and then it goes to Request timed out.

I see a similar sequence with other well known sites which I can also browse to.

So, anyone willing to work with me in a trouble shooting format, to learn the cause of the failure to resolve the address for

Question by:JeReLo
    LVL 4

    Accepted Solution

    This is likely a EDNS or DNSSEC issue.
    First try this commend on the DNS server to disable EDNS. DNSSEC requires EDNS so by turning off EDNS, it effectively turns off DNSSEC.
    dnscmd server /Config /EnableEDnsProbes 0

    EDNS is a mechanism that allows UDP packets over 512 Bytes for DNS responses, some firewalls block UDP packets that exceed 512 Bytes.

    Author Comment

    Your knowledge was very helpful in this case. I am now able to browse the site. Thanks.

    It's a matter of interest however, that the 512 byte limit is within the firewall. By running this command, I have made DNS work within that limit, and "no longer advertise ednso capabilities" according to microsoft.

    So, would the other option be possible or preferable? I mean, could one configure the firewall to accomodate the extended dns capabilities? In this case the firewall is windows firewall.

    Are there any impacts of loosing extended dns capabilities, as was done in that command?

    Author Closing Comment

    More context for the change was requested. No engagement after 3 days, so closed question.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Suggested Solutions

    This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
    Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now