Does Windows DNS need access to ROOT servers

I am having an issue resolving MX/DNS for a domain that we send mail to.  Our Win 2003 Servers are not able to resolve; get a timeout.  I checked the firewall and we allow DNS outbound only to OPENDNS.COM, which is configured in the Win2003 DNS Forwarders.

I do see a ton of DNS queries getting blocked by the firewall to [a-z].root-server.net addresses.  Should this be needed and allowed?  Can I stop DNS servers from querying root servers if not needed?
tcloudAsked:
Who is Participating?
 
zalazarCommented:
To only use the forwarders and prevent this from happening you can enable "Do not use recursion for this domain". By selecting the DNS server |Properties |Forwarders tab.
Enable the option "Do not use recursion for this domain".
Please see also:
https://technet.microsoft.com/en-us/library/cc773370(v=ws.10).aspx
0
 
matrix8086Commented:
You must enable all DNS querries from your mail server to any DNS server in the INternet. If you block DNS querries from your mail server, it is normal that he cannot resolve names
0
 
tcloudAuthor Commented:
Thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.