Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. A Windows Server 2003-based DNS server does not forward a request to a target forwarder after you configure a conditional forwarder to resolve a DNS domain

A Windows Server 2003-based DNS server does not forward a request to a target forwarder after you configure a conditional forwarder to resolve a DNS domain

View products that this article applies to.

Symptoms

Consider the following scenario:
  • On a Windows Server 2003-based DNS server, you configure the conditional forwarder setting to resolve a DNS domain, such as partner.com.
  • The target forwarder is a third-party DNS server.
  • The network firewall rules let the DNS server connect only to the forwarder. They do not let the DNS server connect to DNS servers in its child domains or to other DNS servers in the partner.com domain.
  • The DNS server receives a name resolution request for a host name, such as "record1.child.partner.com". Then, the DNS server successfully obtains a correct response from the forwarder.
  • The DNS server receives a later name resolution query that also requires forwarding to the target forwarder, such as "record2.child.partner.com."
In this scenario, the Windows Server 2003-based DNS server connects directly to the DNS server in the child.partner.com domain instead of forwarding the request to the target forwarder. Because of the firewall rules, the name resolution request fails.

↑ Back to the top

Cause

This issue occurs because the name server (NS) records from the query response to the child.partner.com domain are cached on the Windows Server 2003-based DNS server.

Therefore, later requests to the child domain use the cached information and are sent directly to the name servers that have just been learned.

↑ Back to the top

Resolution

Windows Server 2003 Service Pack 2

To resovle this issue, apply hotfix 978413. For more information about hotfix 978413, click the following article number to view the article in the Microsoft Knowledge Base:
978413 The CPU usage for the DNS Server service reaches 100 percent after you install hotfix 953419

Windows Server 2003 Service Pack 1

A hotfix is available to resolve this issue. After you install this hotfix, Windows Server 2003 DNS servers ignore the cached NS records and directly send name resolution requests to the target forwarder.

Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft website:
http://support.microsoft.com/contactus/?ws=support
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

To apply this hotfix, the computer must be running Windows Server 2003 SP1.

Restart requirement

You have to restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace any other previously released hotfixes.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
Windows Server 2003 SP1, x86-based versions
File nameFile versionFile sizeDateTimePlatformSP requirement
6to4svc.dll5.2.3790.277199,84016-Aug-200614:01x86SP1
Afd.sys5.2.3790.3229153,08816-Oct-200814:43x86SP1
Dns.exe5.2.3790.3367450,56024-Jun-200909:35x86SP1
Dnsperf.dll5.2.3790.329511,77617-Feb-200908:04x86SP1
Dnsperf.hNot Applicable6,64226-Apr-200804:36Not ApplicableSP1
Dnsperf.iniNot Applicable11,59726-Apr-200804:36Not ApplicableSP1
Mswsock.dll5.2.3790.3161258,04820-Jun-200819:36x86SP1
Tcpip.sys5.2.3790.3161394,75220-Jun-200810:38x86SP1
Tcpip6.sys5.2.3790.3161225,98420-Jun-200810:04Not ApplicableSP1
W03a2409.dll5.2.3790.336052,73615-Jun-200915:35x86SP1
Windows Server 2003 SP1, x64-based versions
File nameFile versionFile sizeDateTimePlatformSP requirementService branch
6to4svc.dll5.2.3790.2771124,41624-Jun-200917:03x64SP1Not Applicable
Afd.sys5.2.3790.3229299,52024-Jun-200917:04x64SP1Not Applicable
Dns.exe5.2.3790.3367780,28824-Jun-200917:04x64SP1Not Applicable
Dnsperf.dll5.2.3790.329514,33624-Jun-200917:04x64SP1Not Applicable
Dnsperf.hNot Applicable6,64224-Jun-200917:04Not ApplicableSP1Not Applicable
Dnsperf.iniNot Applicable11,59724-Jun-200917:04Not ApplicableSP1Not Applicable
Mswsock.dll5.2.3790.3161491,52024-Jun-200917:04x64SP1Not Applicable
Tcpip.sys5.2.3790.3161829,95224-Jun-200917:05x64SP1Not Applicable
Tcpip6.sys5.2.3790.3161363,13624-Jun-200917:05x64SP1Not Applicable
W03a2409.dll5.2.3790.336053,24824-Jun-200917:05x64SP1Not Applicable
W6to4svc.dll5.2.3790.277199,84024-Jun-200917:05x86SP1WOW
Wdns.exe5.2.3790.3367450,56024-Jun-200917:05x86SP1WOW
Wdnsperf.dll5.2.3790.329511,77624-Jun-200917:05x86SP1WOW
Wmswsock.dll5.2.3790.3161233,47224-Jun-200917:05x86SP1WOW
Ww03a2409.dll5.2.3790.336052,73624-Jun-200917:05x86SP1WOW
Windows Server 2003 SP1, Itanium-based versions
File nameFile versionFile sizeDateTimePlatformSP requirementService branch
6to4svc.dll5.2.3790.2771362,49624-Jun-200917:03IA-64SP1Not Applicable
Afd.sys5.2.3790.3229584,19224-Jun-200917:04IA-64SP1Not Applicable
Dns.exe5.2.3790.33671,148,92824-Jun-200917:04IA-64SP1Not Applicable
Dnsperf.dll5.2.3790.329526,62424-Jun-200917:04IA-64SP1Not Applicable
Dnsperf.hNot Applicable6,64224-Jun-200917:04Not ApplicableSP1Not Applicable
Dnsperf.iniNot Applicable11,59724-Jun-200917:04Not ApplicableSP1Not Applicable
Mswsock.dll5.2.3790.3161784,89624-Jun-200917:04IA-64SP1Not Applicable
Tcpip.sys5.2.3790.31611,308,67224-Jun-200917:05IA-64SP1Not Applicable
Tcpip6.sys5.2.3790.3161737,02424-Jun-200917:05Not ApplicableSP1Not Applicable
W03a2409.dll5.2.3790.336051,71224-Jun-200917:05IA-64SP1Not Applicable
W6to4svc.dll5.2.3790.277199,84024-Jun-200917:05x86SP1WOW
Wdns.exe5.2.3790.3367450,56024-Jun-200917:05x86SP1WOW
Wdnsperf.dll5.2.3790.329511,77624-Jun-200917:05x86SP1WOW
Wmswsock.dll5.2.3790.3161233,47224-Jun-200917:05x86SP1WOW
Ww03a2409.dll5.2.3790.336052,73624-Jun-200917:05x86SP1WOW

↑ Back to the top

Workaround

To work around the issue, modify the firewall to let the Windows Server 2003-based DNS Server access all DNS servers on the remote network.

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top

More information

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates

↑ Back to the top

Keywords: kbexpertiseadvanced, kbfix, kbqfe, KB953419

↑ Back to the top

Article Info
Article ID : 953419
Revision : 7
Created on : 7/25/2011
Published on : 7/25/2011
Exists online : False
Views : 363