Error in adding in DNS Forwarders tab

DNS ForwarderExisting DNS Root HintsHi,

  I heard good thing about using in DNS server. Please see the article:
 So I wanted to use it in SBS2011 DNS manager, but I run into an error when I plug it in.
 In the past, I have not entered any DNS here in Forwarders tab so that it uses root hints.
 Has anyone using in forwarder tab in SBS2011?
 Do you know why it is not accepting this IP address?
 Should I add in the Root Hints tab and move it to the top of the list?

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

its not working at my server as well

I am unable to telnet it on tcp 53 neither he is able to resolve any public records

Until you are able to telnet it on 53, not of use, what is happening at your end is expected

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sgleeAuthor Commented:
I see. I tried to telnet into, ... they all respond.
But did not respond.

Thanks for the information.
nociSoftware EngineerCommented:
DNS is not normaly meant to run on TCP (telnet is TCP)  that is used only for exceptional large transfers..., like zone transfers between master & slave. So you need to query using UDP...
Two tools for this: nslookup (although that also tends to look in the hosts file).
and dig (domain internet groper) is only talks with DNS servers.
On normal operating DNS servers TELNET SHOULD FAIL (except between Masters & Slaves).... (within AD it can be different IDK).

so the right question is does asnwer queries...
first what does traceroute show...:   (ie. is there a possible path to does answer ping requests.

so the next should work:
dig @

Open in new window

or this

Open in new window

Webinar: Cyber Crime Becomes Big Business

The rising threat of malware-as-a-service is not one to be overlooked. Malware-as-a-service is growing and easily purchased from a full-service cyber-criminal store in a “Virus Depot” fashion. Join us in our upcoming webinar as we discuss how to best defend against these attacks!

sgleeAuthor Commented:

 So what are you saying? Why DNS manager generated an error when I entered
nociSoftware EngineerCommented:
I do get answers:
$ ping
PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=59 time=7.10 ms
64 bytes from icmp_seq=2 ttl=59 time=8.22 ms
--- ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 7.101/7.662/8.224/0.568 ms
$ nslookup
> lserver
Default server:

Non-authoritative answer:
Address: 2a00:1450:400e:80a::200e
$ dig  dig @

; <<>> DiG 9.11.2-P1 <<>> @
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39378
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 1536
;                    IN      A

;; ANSWER SECTION:             162     IN      A

;; Query time: 8 msec
;; WHEN: do apr 12 21:27:29 CEST 2018
;; MSG SIZE  rcvd: 55

Open in new window

sgleeAuthor Commented:
I do get replies too.
Pinging with 32 bytes of data:
Reply from bytes=32 time=1ms TTL=255
Reply from bytes=32 time=2ms TTL=255
Reply from bytes=32 time=2ms TTL=255
Reply from bytes=32 time=2ms TTL=255

But why doesn't DNS manager find it?
nociSoftware EngineerCommented:
can you do a dig or nslookup?.... that are DNS query & check tools they do legitimate DNS queries and present the answers.
Dig is best for this.  And traceroute does it show where it goes you will need need
traceroute  -I

Open in new window

 on linux systems,  and

Open in new window

on windows. has been used on some sites like well nobody in the world uses it and i need a dummy so lets pick one... 1.. 1.1.1....
1 ms. is ULTRA short..., like you are sitting IN the DNS server.... for fast network links times should be in 10's of ms.
it is possible that is responsive from specific locations and not all locations like google dns

I already tried with nslookup (not just telnet) and it all queries timed out after setting up default name server as

Having said that, if this server is not working for OP region, he can't use that

successful ping is not measure of dns is working
nociSoftware EngineerCommented:
I am  4 hops away from nearest instance.. ping time is 6-8 ms on a  link is 100Mbps and it is about 30-50 Km from where i am.
so 1ms implies a much faster link than that or less hops.
On a localhost it would be <0.1 ms though.  or 1 hop on 2Gbps = <0.5 ms.  (<20m).

Some additional info
ping 100Km, ADSL link 6 hops = ~10ms.

Then there is the TTL... here 255...  TTL start from 255 (Some systems) or 128 (others) or 64 (mostly)
every router subtracts one .... so 255 means NEXT hop is endpoint
ping can tell how the packets traveled...
Windows:  ping -r 9
Linux: ping -R
(Not all system may honour this)...

I still think this is a pseudo interface on the Internet gateways or router used as default gateway.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.