Microsoft DNS server recursion problems

Many of you at UNI know we’ve had a problem over the past couple of years – oh, since Windows Server 2008r2 was installed on our domain controllers seems to be the timeline.  Various webpages when loaded from a workstation using’s AD-integrated DNS resolvers will load partially or not at all, even though they are live and can be resolved against UNI’s Unix DNS recursers ( and

Well, well – after finally getting three URLs that fail every time (previous examples of,, would fail, but once the AD DNS server’s cache was flushed they would work again for days or months) I opened a Microsoft service call for $259 and found the magic hotfix that the Googles and the Bing failed to find.

DNS Server service does not use root hints to resolve external names in Windows Server 2008 R2

This fixed our problem (when a foreign DNS responds with NS and Glue records to the same name) – BUT what really chafes me (or in Peter Griffin’s words “Grinds my gears”) is that this hotfix was released a year ago and is still a request-only hotfix that hasn’t been tested and released as a AU patch.  Come on!  This cannot be that rare: a Windows AD server providing DNS recursion to AD clients via root hints (rather than DNS forwarding to another DNS server – which has its own set of problems).

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply