nslookup is failing from AD integrated DNS domain

Posted on 2013-10-23
Last Modified: 2013-11-11
Hi all. I have 8 DCs across 2 sites all configured as DNS servers in an Integrated Domain. We use a conditional forwarder to an external IP address to domain name resolution.

I have a task to change the conditional forwarders IP address. When I run nslookup NewIpAddress from 1 sever i get a positive result detailing the domain name. On all other 7 servers i get a error saying dns request timed out. So, i am being told to go ahead and make the change regardless because the DNS chap is saying that hosts can still be resolved via clients even when nslookup fails.  This doesn't sound right to me, can anyone verify please?
Question by:Jason Thomas
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3

Author Comment

by:Jason Thomas
ID: 39593711
Hi, I have also set the nslookup retry to 5 and the timeout to 20 seconds but still get DNS timeout error. Any DNS experts about?
LVL 24

Expert Comment

ID: 39594800
First ensure correct dns setting on DC and client as this.Also check the host file of DC for any invalid entry.

Best practices for DNS client settings on DC and domain members.

If issue with NSLOOKUP only then it seems that your firewall does not support EDNS0 traffic, please try to disable this feature.To disable it, you can run this command: dnscmd /config /EnableEDNSProbes 0
EDNS0 (Extension mechanisms for DNS)
DNS Forwarders Problems in Windows 2008 R2 DNS Services

Author Comment

by:Jason Thomas
ID: 39598730
Hello and thanks for responding.
Yep, DNS setup is good.

I know it isn't firewall related as 1 of 8 of the DNS servers go through the same firewall and if one works...

There was no connectivity issues at all, what we found out this problem happens because of the Extension Mechanisms for DNS (EDNS0) functionality that is supported in Windows Server 2008 R2 DNS and is enabled by default.
To disable it, you can run this command: dnscmd /config /EnableEDNSProbes 0

Question. What exactly is it i would be disabling? And as we have 2003 R2 does this apply to me?

Many thanks.
Comparison of Amazon Drive, Google Drive, OneDrive

What is Best for Backup: Amazon Drive, Google Drive or MS OneDrive? In this free whitepaper we look at their performance, pricing, and platform availability to help you decide which cloud drive is right for your situation. Download and read the results of our testing for free!

LVL 24

Expert Comment

ID: 39598770

Author Comment

by:Jason Thomas
ID: 39598799
Ok thanks but what is it i am actually doing by running the EDNSProbe 0 command please?
LVL 24

Accepted Solution

Sandeshdubey earned 500 total points
ID: 39598847
Server 2003's DNS server has a new capability, it can handle UDP packets greater than 512 bytes. Unfortunately some firewalls cannot pass these packets so it is desirable to have the DNS server fall back to TCP in this case as it used to do in previous versions of NT DNS.

To turn off the EDNS-0 feature run this from a command prompt:
dnscmd /Config /EnableEDnsProbes 0

You can also configure the same by registry:

Ace has good writeup on this:EDNS0 (Extension mechanisms for DNS)

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
Last week, our Skyport webinar on “How to secure your Active Directory” ( provided 218 attendees with a step-by-step guide for…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question