Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. How to turn off the DNS client screening feature on a Windows Server 2003-based computer

How to turn off the DNS client screening feature on a Windows Server 2003-based computer

View products that this article applies to.

Introduction

The Domain Name System (DNS) client screening feature lets Microsoft Windows Server 2003-based computers determine whether a DNS server is reachable from the configured interface. However, this feature mayalso prevent access to a DNS server that is otherwise available.

This article describes how to turn off the DNS client screening feature.

↑ Back to the top

More information

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

To turn off the DNS client screening feature, you must first create the ScreenUnreachableServers registry entry. To do this, follow these steps:
  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters
  3. On the Edit menu, point to New, and then click DWORD Value.
  4. Type ScreenUnreachableServers, and then press ENTER.
  5. On the Edit menu, click Modify.
  6. Type 0 in the Value data box, and then click OK.
  7. Exit Registry Editor.

    Note You must stop and then start the DNS Client service for the registry change to take effect.
In some configurations, the DNS client screening feature may prevent access to a DNS server that is otherwise available. Typically, this occurs on a server that has more than one network adapter interface. The operating system determines whether a DNS server is reachable, together with the DNS client screening feature.

It is by design that the DNS Client service does not access the DNS servers that appear to be unreachable from the interface on which they are configured. The DNS servers are marked unreachable for the server even though they may be available to the other network adapter on the same server.

When you disable the ScreenUnreachableServers registry entry, you also disable the operating system feature that removes unreachable DNS servers from their caches. This may cause delays in name resolution. Therefore, we do not recommend that you disable the ScreenUnreachableServers registry entry unless the following conditions are true:
  • This problem affects the server.
  • There are no alternatives. For example, you cannot change the IP address of the DNS server.
A multi-network adapter Windows Server 2003-based server cannot use the second network adapter DNS server setting when the following conditions are true:
  • The server is configured to have different DNS server settings for each network adapter.
  • The IP address of the second network adapter can be accessed by using the subnet of the first network adapter.

↑ Back to the top

Keywords: KB914217, kbhowto

↑ Back to the top

Article Info
Article ID : 914217
Revision : 3
Created on : 10/30/2006
Published on : 10/30/2006
Exists online : False
Views : 166