Not resolving with root servers

[[JT]]

Hi,

i've setuped a Win2K DNS server for the local subnet (private IP's) at work
with a Forward and Reverse zone working correctly. My problem is when it
comes to resolving internet IP's and hosts. Whenever i enable the isp's dns
server as forwarder in the Forwarders-tab, then the clients can resolve
"outside" hosts. If i use no forwarder but leave the server resolve only
based on root hints file, then notheing works for "outside" hosts or ip's.
In the logfile i keep getting the error: " 8281 DR SERVFAIL ".
Is it possible to resolve external hosts only using the root-hints file, or
do i need to have a forwarder configured?

Regards
JT

 

[Rick Kingslan [MS MVP]]

Life will be much easier to just configure the forwarder. That's the way
that DNS is designed to work. ;-)

 

[Jonathan de Boyne Pollard]

JT> Is it possible to resolve external hosts only using the
JT> root-hints file [...] ?

Yes. That is, after all, how the servers that you were
forwarding queries to were doing it.

Check that you have appropriate IP connectivity to the rest of
Internet's content DNS servers - that the hole in your firewall
is the correct shape, that you are not exceeding the IP hop count
when trying to reach the "." content DNS servers, that DNS/UDP
and DNS/TCP traffic between you and the rest of Internet is not
being blocked or intercepted by your ISP, and so forth.

<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-shaped-firewall-holes.html>

 

[Jonathan de Boyne Pollard]

RK> Life will be much easier to just configure the forwarder.
RK> That's the way that DNS is designed to work. ;-)

No, it is not. The Domain Name System requires _someone_ to perform the task
of query resolution. That may be onesself, or it may be someone else (such as
an ISP) that one pays to perform this service for one, but the DNS was not
designed to work with everyone forwarding queries to other people.