DNS on Server 2008 R2 not working

2012-03-20

Question

_{Tuesday, March 20, 2012 1:32 PM}

I have a single Windows 2008 R2 server with DHCP and DNS configured (no other servers on the network). The server IP address and is 192.168.0.50. I have added my ISP's DNS server's to the "Forwarders" tab in the DNS settings. All other DNS settings are default after adding the DNS role.

If I configure the server to use 192.168.0.50 as the DNS server, I get a yellow triangle saying no internet. If I run diagnostics, I get an error that the DNS server isn't responding. The DNS services is running and I have restarted the DNS server (All tasks -> restart) without any luck.

I can ping the server IP and even RDP into the server remotely. I have tried removing and re-adding the DNS role on the server but still no luck.

I have the same issue with the client machines that get their IP addresses from the server. If I only put 192.168.0.50 into the "006 DNS Servers" option under "Scope Options" on the DHCP server, then the client machines can't see the Internet either. If I add my ISP's DNS servers to the mix, then everything works because the client machines bypass the server.

There is no other DHCP server on the network and any changes that I make to the DHCP settings are reflected correctly on the client machines, thus confirming that they are getting their settings from the server.

Please help.

Thanks

All replies (25)

_{Thursday, March 22, 2012 3:56 PM ✅Answered}

There is nothing I hate more than black magic and computers. The DNS server has suddenly started working.

How did I fix it you ask. I removed and re-installed the DNS server. However, that did not fix the problem. An hour later, I then installed the latest update - IE 9, KB976932 and KB976902. Now the DNS server works and I have made no other changes.

Lets hope it keeps on working.

Thanks again for your above and beyond level of help!!!

_{Tuesday, March 20, 2012 6:13 PM}

Hello,

let's start with an unedited ipconfig /all from the DNS server and a client with problems.

Is the server also DC or is this a workgroup environment?

Which kind of router do you use and is DHCP enabled on this one also?

Best regards

Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/

Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

_{Wednesday, March 21, 2012 12:49 AM}

Hi Meinolf

Here is the ipconfig /all from the DNS server (I have x'ed out the domain name for privacy). I have also disables IPv6 for the moment to reduce the number of variables. Enabling it also made no difference.

Windows IP Configuration

   Host Name . . . . . . . . . . . . : SERVER
   Primary Dns Suffix . . . . . . . : xxxxx.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : xxxxx.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : HP NC112i 1-port Ethernet Server Adapter
   Physical Address. . . . . . . . . : E4-11-5B-AC-26-40
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.0.50(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.50
   Primary WINS Server . . . . . . . : 192.168.0.50
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{9660FBFA-13F9-4A6E-950A-825D1CAB054A}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

The DNS server is also the DC. This is a single server deployment in a small office.

The router is a Netgear DGN2000 and DHCP is disabled. It has an ip address of 192.168.0.1

Regards

_{Wednesday, March 21, 2012 4:07 AM}

The ipconfig /all looks fine.

Any AV on the DC? If so, disable it, and see if that works.

AV software is known to block necessary traffic on a DC.

As far as IPv6, I would suggest renabling it, since it's required in Windows 2008/Vista and newer. It won't skew the results.

Ace Fekay
MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

This posting is provided AS-IS with no warranties or guarantees and confers no rights.

_{Wednesday, March 21, 2012 5:33 AM}

Thanks for your quick response. There is no AV on the machine as of yet. I have also never installed on AV on the machine so there is no chance of anything being left behind from a previous version.

Could the Windows firewall be blocking the DNS? The Firewall is on but that is just the default from the installation of the server and I have not configured it at all.

Regards

_{Wednesday, March 21, 2012 6:44 AM}

Hello.

It is easy to eliminate the firewall as a source of problems by temporarily disabling the Windows firewall, waiting about 30 seconds, running the test and then reactivating the firewall. If the test works when the firewall is disabled, then something in the firewall configuration is causing the problem. I believe this is unlikely because installing the Role also adjusts the firewall for the protocols, services and executables that the role requires to function.

Try this. From within the DNS management console, right click on the server and select properties. In the properties dialog box select the monitoring tab. Select both check boxes: one for a simple query against this DNS server and one for a recursive query to other DNS servers. Then click test now and let us know what happens.

I agree with Ace in that you should re-enable IPv6. Not a good idea to turn it off.

Have you performed any diagnostic testing using the NSLOOKUP command yet?

Let me know.

_{Wednesday, March 21, 2012 8:10 AM}

I have disabled the firewall and that made no difference - as suspected.

I went through the monitoring as suggested and "Simple Query" passed but "Recursive Query" Failed.

nslookup result

C:\Users\Administrator>nslookup
DNS request timed out.
timeout was 2 seconds.
Default Server: UnKnown
Address: ::1

>
> server 192.168.0.50
DNS request timed out.
timeout was 2 seconds.
Default Server: [192.168.0.50]
Address: 192.168.0.50

> server 8.8.8.8
DNS request timed out.
timeout was 2 seconds.
Default Server: [8.8.8.8]
Address: 8.8.8.8

Not sure what that means as I have little experience with nslookup.

Thanks for all the help so far!

_{Wednesday, March 21, 2012 8:21 AM}

Hi,

Could you run the following command on the server (or remotely if you have the RSAT tools installed locally) and post the output here:

dnscmd <serverName> /info

The firewall shouldn't effect the server itself from resolving queries, since local requests won't actually traverse it. Nevertheless, there's two quick checks you can perform to see if everything's above board:

Run this command on the server: netstat -an | findstr /i ":53[^0-9].*LIST :53[^0-9].*\:\"
You should see two lines that look like:
TCP 192.168.0.50:53 0.0.0.0:0 LISTENING
UDP 192.168.0.50:53 *:*
If you don't see these entries then it's possible you have a configuration issue with the listener.
Run the following command from a client that has the Telnet client installed:
telnet 192.168.0.50 53
If that fails to connect, then you may have a firewall issue, as Ed already said above.

Anyway, if you post the content of the dnscmd command above, that may shed some light on the issue.

Cheers,
Lain

_{Wednesday, March 21, 2012 11:04 AM}

Thanks Lain

I don't have a client machine with me at the moment so can't run the telnet. Here are the results from the other command you asked for on the server. (I added the x's for privacy reasons.)

C:\Users\Administrator>netstat -an | findstr /i ":53[^0-9].*LIST :53[^0-9].*\:\"

TCP 127.0.0.1:53 0.0.0.0:0 LISTENING

TCP 192.168.0.50:53 0.0.0.0:0 LISTENING

TCP [::1]:53 [::]:0 LISTENING

UDP 127.0.0.1:53 *:*

UDP 192.168.0.50:53 *:*

UDP [::1]:53 *:*

C:\Users\Administrator>dnscmd server /info

Query result:

Server info

server name = SERVER.xxxxxxx.local

version = 1DB00106 (6.1 build 7600)

DS container = cn=MicrosoftDNS,cn=System,DC=xxxxxxx,DC=local

forest name = xxxxxxx.local

domain name = xxxxxxx.local

builtin forest partition = ForestDnsZones.xxxxxxx.local

builtin domain partition = DomainDnsZones.xxxxxxx.local

read only DC = 0

last scavenge cycle = not since restart (0)

Configuration:

dwLogLevel = 00000000

dwDebugLevel = 00000000

dwRpcProtocol = 00000005

dwNameCheckFlag = 00000002

cAddressAnswerLimit = 0

dwRecursionRetry = 3

dwRecursionTimeout = 8

dwDsPollingInterval = 180

Configuration Flags:

fBootMethod = 3

fAdminConfigured = 1

fAllowUpdate = 1

fDsAvailable = 1

fAutoReverseZones = 1

fAutoCacheUpdate = 0

fSlave = 0

fNoRecursion = 0

fRoundRobin = 1

fStrictFileParsing = 0

fLooseWildcarding = 0

fBindSecondaries = 0

fWriteAuthorityNs = 0

fLocalNetPriority = 1

Aging Configuration:

ScavengingInterval = 0

DefaultAgingState = 0

DefaultRefreshInterval = 168

DefaultNoRefreshInterval = 168

ServerAddresses:

Ptr = 000000000047C6F0

MaxCount = 1

AddrCount = 1

Addr[0] => af=2, salen=16, [sub=0, flag=00000000] p=13568, addr=192.168.0.50

ListenAddresses:

NULL IP Array.

Forwarders:

Ptr = 0000000000487E80

MaxCount = 4

AddrCount = 4

Addr[0] => af=2, salen=16, [sub=0, flag=00000000] p=13568, addr=203.0.178.191

Addr[1] => af=2, salen=16, [sub=0, flag=00000000] p=13568, addr=203.215.29.191

Addr[2] => af=2, salen=16, [sub=0, flag=00000000] p=13568, addr=8.8.8.8

Addr[3] => af=2, salen=16, [sub=0, flag=00000000] p=13568, addr=8.8.4.4

forward timeout = 3

slave = 0

Command completed successfully.

Hope that tells you somthing usefull :-)

Regards

_{Wednesday, March 21, 2012 12:20 PM}

Thanks for posting that - and also the nslookup results prior (I had started writing my previous reply prior to that post, so I missed the update).

Well, the good news is there's nothing wrong with that configuration, and the DNS service is indeed listening on the correct interface.

Just focusing on the second step of your previous DNS test where you entered "server 192.168.0.50", that should have come back with your server name which leads me to ask if you have created a reverse lookup zone yet?

Based on your earlier ipconfig results, it would have the name of 0.168.192.in-addr.arpa. (If you're stepping through the wizard though, you'd provide the network ID in the "normal" forward-oriented order, i.e. 192.168.0 and leave the fourth octect blank)

If you find you haven't yet created it, go ahead and do so, and once you have run an "ipconfig /registerdns" from an elevated command prompt on the server. This at least will clear up that one cosmetic issue.

In terms of running a test, launch nslookup again while on the server and set the server as you did before (to 192.168.0.50 - and this time it should come back straight away with the hostname). Then on the new line, enter a web site like www.microsoft.com. and see what it comes back with. Note that I put the trailing period (or full stop) at the end of that site name deliberately.

Cheers,
Lain

_{Wednesday, March 21, 2012 2:57 PM}

You can run telnet from the machine itself, but running it from a different machine will help to see if it's blocking remote connections.

Besides Lain's suggestion to run nslookup www.microsoft.com, I was going to ask if you can simply ping the gateway, and ping 4.2.2.2. I wanted to make sure you do have outside access. I assume this machine has internet access?

If the DNS Recursive test fails, it says that it can't communicate to the outside world to run the recursion tests against the roots, or forwarders, if forwarders are configured. A block either locally or perimeter firewall, or ISP restrictions can cause this.

Is this server a virtual guest on a HyperV or VMWare host?

I see you still have IPv6 disabled. Any reason why?

You have four forwarders? Two would be more than enough. The third and fourth are superfluous due to the querying client's client side resolver service algorithm timeout - it may never get passed the second one before the client's resolver times out, where if the third or fourth forwarder were to have resolved it, the client will reject the response if it receives it after it times out. More specifics here (scroll down to that section):

The DNS Client Side Resolver algorithm. If one DC or DNS goes down, does a client logon to another DC?
DNS Forwarders Algorithm and multiple DNS addresses (if you've configured more than one forwarders)
Client side resolution process chart
http://msmvps.com/blogs/acefekay/archive/2009/11/29/dns-wins-netbios-amp-the-client-side-resolver-browser-service-disabling-netbios-direct-hosted-smb-directsmb-if-one-dc-is-down-does-a-client-logon-to-another-dc-and-dns-forwarders-algorithm.aspx

Any event log errors in any of the logs? Check all the event logs, including Windows Logs (App & System logs), and under Application and Services Logs (AD Web services, DFS Replication, Directory Services, DNS Server & File Replication Serive).

Run the following command. Let's see if EDNS0 is blocked (post the results, please):
nslookup -type=TXT rs.dns-oarc.net

Also look in the registry for these two values. What are the values?**
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters
**Value = **EDNSCacheTimeout
**Value = EnableEDNSProbes

This posting is provided AS-IS with no warranties or guarantees and confers no rights.

_{Wednesday, March 21, 2012 3:45 PM}

Hi Lain

The reverse lookup help with nslookup returning the host name immediately. However, after setting the server to 192.168.0.50 and then typing www.microsoft.com. (with trailing period), I just get DNS request timed out. To make sure I was doing the nslookup correctly, I set the server to 8.8.8.8 (google dns) and then www.microsoft.com. gave a result.

Where to from here?

Thanks again for your help. Really appreciate it

Regards.

_{Wednesday, March 21, 2012 4:18 PM}

Ace

I have re-enabled IPv6.

I can ping both the gateway and 4.2.2.2.

Neither of the registry keys you mentioned exist ???

Server is install directly on an HP ML110 G7 hardware - no "virtualisation"

Nothing in the logs.

Here is the output your requested

C:\Users\Administrator>nslookup -type=TXT rs.dns-oarc.net
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: ::1

DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out

Thanks

_{Wednesday, March 21, 2012 4:39 PM}

I just tested 203.0.178.191 and 203.215.29.191. I should have done this sooner. They do NOT work as forwarders. I'm not sure where you got them. ISP's perhaps? That's why your DNS server is failing the Recursion test in the DNS tests.

Let's do the following:

1. Exit nslookup.

2. Remove the current forwarders:
203.0.178.191
203.215.29.191
8.8.8.8
8.8.4.4

3. Then put in 4.2.2.2 and 4.2.2.3 for forwarders.

4. Restart the DNS service.

5. THen try nslookup again.

This posting is provided AS-IS with no warranties or guarantees and confers no rights.

_{Wednesday, March 21, 2012 10:49 PM}

You were one step (or six hours) ahead of me, Ace. I was just thinking about this post in the shower - don't ask why because I don't know, while getting ready for work and wondering the same thing.

Cheers,
Lain

_{Thursday, March 22, 2012 12:29 AM}

Hi Ace

Yes, I did get those DNS server addresses from the IPS. I assumed that when the DNS server put a green tick next to the IP address when adding the forwarders, that they were correct and usable.

I have done as suggested - removed all forwarders and added only 4.2.2.2 and 4.2.2.3. Restarted the server - no luck, same results.

I have an identical server deployed at another client and they use the same ISP. I have logged into that server and ran the nslookup tests.

Here are the results:

Current problem server

nslookup with 4.2.2.2, 4.2.2.3, 8.8.8.8 and 8.8.4.4 - work and resolve www.microsoft.com.

nslookup with 203.0.178.191 and 203.215.29.191 - fail

Identical 2008 R2 server also with iinet as ISP

nslookup with 4.2.2.2, 4.2.2.3, 8.8.8.8, 8.8.4.4, 203.0.178.191 and 203.215.29.191 - all work and resolve www.microsoft.com.

Regards

_{Thursday, March 22, 2012 12:53 AM}

Hi,

That's interesting, as I too can use both the 203.x.x.x addresses to successfully resolve queries. I thought they might have been private iiNet servers, so I tested from home and that checked out (as I'm with iiNet), but they also resolve from work, and we're with AMCOM and Telstra (multiple WAN links).

On the non-functioning server, can you do me a favour and use Server Manager to installed the Telnet Client (not the Telnet Server) and try the following command?

telnet 203.0.178.191 53

And also the following command:

tracert -d 203.0.178.191

You can also try it with the second ISP DNS IP, but I expect the result will be the same for both.

It's sort of sounding like perhaps you have explicit firewall ACEs controlling what can get out - though I'm having a hard time reconciling that with the fact that clients can already get out.

Cheers,
Lain

_{Thursday, March 22, 2012 3:55 AM}

You were one step (or six hours) ahead of me, Ace. I was just thinking about this post in the shower - don't ask why because I don't know, while getting ready for work and wondering the same thing.

Cheers,
Lain

Lain, at least we were on the same path, but too bad it didn't work. Hey, we hey we tried! :-)

As for those two servers, they didn't work for me, which was why I originally posted that about getting rid of them after running a d2 option.

Here are my results using 4.2.2.2 first without the d2 option, which shows 4.2.2.2 resolves www.microsoft.com, then changing it to 203.0.178.191, which doesn't even respond. I even changed it to TCP thinking to override the default UDP session, but still no good. And note if anyone asks, my firewall and AV were not running at the time of the test.

==============================
C:\nslookup
Default Server: vnsc-bak.sys.gtei.net
Address: 4.2.2.2

> www.microsoft.com
Server: vnsc-bak.sys.gtei.net
Address: 4.2.2.2

Non-authoritative answer:
Name:    lb1.www.ms.akadns.net
Address: 207.46.19.254
Aliases: www.microsoft.com
          toggle.www.ms.akadns.net
          g.www.ms.akadns.net

> server 203.0.178.191
Default Server: dns.iinet.net.au
Address: 203.0.178.191

> www.microsoft.com
Server: dns.iinet.net.au
Address: 203.0.178.191

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to dns.iinet.net.au timed-out

> **set vc ** < Changed nslookup to use only TCP instead of UDP
> www.microsoft.com
Server: dns.iinet.net.au
Address: 203.0.178.191

*** dns.iinet.net.au can't find www.microsoft.com: Unspecified error
> www.microsoft.com

==============================

And below shows using DIG with the same results.

C:\DIG>dig @203.0.178.191 www.microsoft.com

; <<>> DiG 9.8.0 <<>> @203.0.178.191 www.microsoft.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

C:\DIG>

My conclusion and professional and technical opinion is those two servers are flaky.:-) I was going to look for a nameserver test site, but after finding one that wants to charge for it, I said to myself, what for? My tests are clear they don't respond! :-)

I would actually use 4.2.2.2 and 4.2.2.3 and forget about those two. There is no specific rule that an ISP's customer must use their DNS servers for forwarders or for internal use (if not using AD), although their sales and tech departments will tell you that you must. It really doesn't mean anything.

As for 8.8.8.8 and 8.8.4.4, they are Google's. Google is known for some issues with their resolvers, that I don't want to get into publicly. If you want to control access without a proxy, you can use www.opendns.com's DNS servers as forwarders.

Server problem?

If you feel there is one specific server with the problem that you feel is with the server itself not wanting to resolve anything, and if the two servers are on the same ISP line in the same office behind the same firewall/router (which we can rule out a line or firewall/router problem), maybe a TCP stack reset may help. Either use the MrFixIt link, or follow the steps to do it manually. Personally, I like MrFixIt.

How to reset Internet Protocol (TCP/IP)
http://support.microsoft.com/kb/299357

Now if the server that is working and the one that is not working are at different offices, whether the same ISP or not, maybe it's a firewall/router problem.

This posting is provided AS-IS with no warranties or guarantees and confers no rights.

_{Thursday, March 22, 2012 12:25 PM}

Hi Lian

Both the telnet and the tracert work as expected.

I have completely disabled the windows firewall and there are no firewall rules on the router except for the RDP port 3389.

Is it possible that iinet could be blocking something that is effecting my dns server but allowing access to all the external DNS servers we have mentioned thus far? Can't see how since the nslookup can't see the server which is internal to my network.

Ace - I will try the TCP/IP reset tomorrow (can't do it now as I am remotely logged in). I will also try and replace the router, just to see if that could be the issue.

Thanks - tearing my hair our!!!

_{Thursday, March 22, 2012 1:08 PM}

I don't believe your Windows firewall has anything to do with this, to be honest. Because all of the testing is taking place on the server itself, the Windows firewall won't get in the way unless you've change the default outbound filtering from Allow (default) to Block.

I've got to admitt, I'm also running out of ideas.

As far as traces go, could I get you to run one more quick test? Could you run the following nslookup command on the server for me and post the output?

nslookup -debug www.microsoft.com. 192.168.0.50

Cheers,
Lain

_{Thursday, March 22, 2012 2:19 PM}

Hi Lain

Let me just say that I really appreciate what you have all done so far.

Here are the results of the nslookup command:

C:\Users\Administrator>nslookup -debug www.microsoft.com. 192.168.0.50

Got answer:
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags: response, auth. answer, want recursion, recursion avail.
        questions = 1, answers = 1, authority records = 0, additional = 0

    QUESTIONS:
        50.0.168.192.in-addr.arpa, type = PTR, class = IN
    ANSWERS:
    -> 50.0.168.192.in-addr.arpa
        name = server.xxxxx.local
        ttl = 1200 (20 mins)

Server: server.xxxxx.local
Address: 192.168.0.50

DNS request timed out.
timeout was 2 seconds.
timeout (2 secs)
DNS request timed out.
timeout was 2 seconds.
timeout (2 secs)
*** Request to server.xxxxx.local timed-out

_{Thursday, March 22, 2012 3:39 PM}

If you remove all forwarders and re-run that, does it work?

If you add ONLY 4.2.2.2 and re-run that, does it work?

I'm starting to think it's a router/firewall or ISP problem.
What type of line is it? Is it the same line type and firewall/router at that other location where you said you have a server that doesn't exhibit this problem?
Do you have another firewall or router to swap out?

Try this command, which I changed to use 4.2.2.2, not like I previously posted to use your DNS server:

nslookup -type=TXT rs.dns-oarc.net 4.2.2.2

This posting is provided AS-IS with no warranties or guarantees and confers no rights.

_{Thursday, March 22, 2012 4:04 PM}

Wait, you never had SP1 on this server?? I assumed you had the latest SP, updates and service pack. I guess that is something we should have all asked in the beginning and not assumed, like me!! :-)

Glad to hear it's now working!

This posting is provided AS-IS with no warranties or guarantees and confers no rights.

_{Friday, March 23, 2012 12:03 AM}

Hi Ace

Again thanks for your help.

Quick Rant:

I don't understand how the latest service pack should make any difference. The DNS server should work. There is no label on the software that states that unless the latest updates have been applied, many components may not work properly. Does that mean the DNS server will stop working mysteriously in the future but if I then install SP2 (or some other update) all will be fine?

Not very confidence instilling experience:-(

Cool forum and great people!!!

Regards

_{Friday, March 23, 2012 4:22 AM}

I understand what you're saying, and I agree on many levels DNS should just work no matter what SP level, however with anything out there, whether computers, refridgerators, mobile phones, especially cars (recalls, model year updates, safety enhancements, improvements, etc), there are always changes and updates made for various reasons. It's always prudent and actually, a best practice to keep up to date. Most of all, if not for operating system hotfixes and updates, more so for security reasons to keep up with newly discovered vulnerabilities.

Or it could just be magic. Centuries ago, what people thought was magic, is science today. Or is there a really a difference between the two? :-)

Cheers!

Ace

This posting is provided AS-IS with no warranties or guarantees and confers no rights.

Share via

DNS on Server 2008 R2 not working

Question

All replies (25)

And below shows using DIG with the same results.

C:\DIG>

Additional resources