Windows Server 2008 DNS - randomly failing to resolve a non-authoritative domain name

Posted on 2011-10-13
Last Modified: 2012-05-12
I'm encountering an odd problem and hoping for some direction in troubleshooting.

We have 4 name servers on two different networks (lets say, ns1/ns2 on one network, and ns1/ns2 on a different network.)

These name servers are Active Directory servers, and other than one DNS zone in the DNS, the servers act as a caching-only DNS server.

They can all resolve non-authoritative domains just fine (from within our network of course, external lookups are not permitted)

The issue is that we have a reoccurring problem with one specific .org domain name seems to be a problem.

The last time it occurred, it was only one of our 4 name servers that would fail with the following error:

example: (using a fake domain here)

*** UnKnown can't find Server failed

We couldn't find any cause for this, so we restarted the DNS service on that particular name server and then it started to work.  The other 3 name servers were providing a result for this query.

Today, the issue has come up again, and this time it's 3 out of 4 name servers that now cannot resolve this domain.

The one does work properly gives us a result of (example):

Non-authoritative answer:
Address:  123.456.789.123

I've scanned through the error logs on the primary DNS server but not finding anything to explain this.  However the DNS events in the log are mostly just other types of informational logs.  There are no warnings/errors/critical alerts at all.

As restarting the DNS service worked last time to resolve the issue, it doesn't seem that it is a configuration problem, otherwise it should't work at all.  The other odd issue is that this time 3 of our 4 name servers are failing to provide results for (only) this domain.  Any other non-authoritative domain I query on produces results.

Could it be some issue at the authoritative DNS servers? I did run the domain through DNS Stuff and the report showed no issues with its name servers, other than "NS agreement on SOA Serial #", but there were no other errors.

Any guidance in tracking this down would be appreciated.

Thank you

(Edit -  just a quick update - I cleared the cache just now on one of the name servers that couldn't resolve this domain, and that resolved the issue.  But why is this occurring / what can we do to prevent this from reoccurring? )
Question by:serveradm
    LVL 15

    Accepted Solution


    Author Comment

    Thanks,  haven't tested the solution yet but just an update, the debugging led me to some log entries that contained:

    [8281 DR SERVFAIL] A

    and further research led me to this Microsoft KB article:;EN-US;968372

    This KB perfectly describes the problem we've been having so we're likely going to implement the registry change outlined there.
    LVL 15

    Expert Comment

    by:It breaks therefore I am
    So based on that you could create a conditional forwarder as a workaround for this one domain that forwards the query to your ISP rather than using root hints.

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    Join & Write a Comment

    Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
    If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now