Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

A DNS Server Does Not Return More Than 16 KB of Data to the Client


View products that this article applies to.

IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 (http://support.microsoft.com/kb/256986/EN-US/ ) Description of the Microsoft Windows Registry

↑ Back to the top


Symptoms

If a Windows 2000-based or a Windows Server 2003-based Domain Name System (DNS) server is queried for any type of resource record and the answer is larger than 16 kilobytes (KB), the Windows-based DNS server does not send the complete resource record set. This problem may occur if the Windows-based DNS server hosts an "_msdcs.forrestrootname" zone with more than approximately 400 GC SRV records. The problem might also occur in other scenarios with different record types.

If the client queries a DNS server that does not host this zone, but that is configured to forward these queries to another DNS server that hosts the zone, that server sends a "SERVER FAILURE" message back to the client.

↑ Back to the top


Cause

When a client requests a resource record set that is larger than the UDP maximum message size value for DNS (currently 512 bytes), the server returns a DNS message with the Truncation bit set in the DNS message header. This instructs the client to switch to TCP for the query.

The problem occurs because the DNS server uses a fixed buffer when it returns data by using the TCP protocol. Depending on the type of resource record, the problem may occur at approximately 400 resource records. This problem was first reported in large Active Directory environments with more than 400 active global catalog servers.

↑ Back to the top


Workaround

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To work around this problem, decrease the number of records in the resource record set. Based on the example in this article, decrease the number of active global catalog servers in Active Directory. For example, use the DnsAvoidRegisterRecords registry key. Add the following registry keys on the global catalog servers that you want to unregister in DNS:
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Value: DnsAvoidRegisterRecords
Data type: REG_MULTI_SZ
Gc
GcIpAddress
GenericGc
For additional information about the registry key, click the following article number to view the article in the Microsoft Knowledge Base:
267855� Problems with Many Domain Controllers with Active Directory Integrated DNS Zones
For additional information about global catalog server placement, click the following article numbers to view the articles in the Microsoft Knowledge Base:
244368� How to Optimize Active Directory Replication in a Large Network
216899� Best Practice Methods for Windows 2000 Domain Controller Setup

↑ Back to the top


Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

↑ Back to the top


Keywords: KB812688, kbprb

↑ Back to the top

Article Info
Article ID : 812688
Revision : 8
Created on : 10/27/2006
Published on : 10/27/2006
Exists online : False
Views : 276