I am having an issue resolving MX/DNS for a domain that we send mail to. Our Win 2003 Servers are not able to resolve; get a timeout. I checked the firewall and we allow DNS outbound only to OPENDNS.COM, which is configured in the Win2003 DNS Forwarders.
I do see a ton of DNS queries getting blocked by the firewall to [a-z].root-server.net addresses. Should this be needed and allowed? Can I stop DNS servers from querying root servers if not needed?