TECHTARGET: Windows in the Enterprise: Best of MyITForum July 08, 2004 ___________________________________ ISSUE SPONSORED BY:
- Altiris ::::::::::::::::::::::::: SPONSOR ::::::::::::::::::::::::::::::::: Altiris Altiris - Cut Packaging Time by 50% with Wise Package Studio Application deployment is one of the most significant challenges IT professionals face. To ensure successful deployment, smart organizations use Wise Package Studio. With Wise Package Studio, you can reduce packaging time by 50%, reduce Windows Installer migration time by 60%, and achieve return on your Wise Package Studio investment in as little as one month. Read the white paper to learn more. http://ttarget.adbureau.net/adclick/CID=00005d6d0000000000000000/acc_random=91478732/site=searchtechtarget/area=em.42/aamsz=1x1/position=1/keyword=C486419 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: FEATURED ARTICLE: --------------------------------------------------------------------- Windows Server 2003: The EDNS0 enigma by Marcus Oh, Contributor myITforum.com During a migration to Windows Server 2003, we upgraded our root domain name server (DNS). Although everything appeared fine, we started receiving complaints about getting to certain sites. Areas of Yahoo, such as mail.yahoo.com and finance.yahoo.com, seemed to be the biggest issue. At first, it looked like Yahoo was unresponsive to queries. However, we found host records to other sites were resolving properly, but their MX records were not. This meant that e-mail was not routing! As a means of troubleshooting, we double-checked all our DNS configurations. Everything looked fine. As a second step, we gathered network traces to find out what was going on. The traces showed packets leaving the root DNS server, destined for Yahoo, but showed no replies returning. The problem here is that Windows 2003 enables Extension Mechanisms for DNS (EDNS0 as defined in RFC 2671), a standard introduced in 1999, by default. EDNSO allows requestors to advertise their EDNS0 capabilities, hence receiving UDP packets larger than 512 bytes. While this in itself is not problematic, some firewalls do not allow UDP packets larger than 512 bytes. This explains why the network traces showed nothing returning! Our DNS servers were sending out packets advertising themselves as capable of EDNS0, and our firewalls were dropping the responses. Turning off EDNS0 support allowed all queries to work as expected. If you're experiencing the same issue or planning an upgrade of your own, this command will disable this enabled-by-default feature: dnscmd ServerName /Config /EnableEDnsProbes 0 Sources and other information: * Learn about the Request for Comment on EDNS0 http://www.ietf.org/rfc/rfc2671.txt?number=2671 * Read Microsoft's article on how to turn off EDNS0 http://support.microsoft.com/default.aspx?scid=kb;en-us;828263 ERROR: BAD LINK DATA [] * Find out about the EDNS0 process http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_DNS_imp_EDNSsupport.asp Comments, suggestions and corrections are welcome at: [EMAIL PROTECTED] ABOUT THE AUTHOR: Marcus Oh works for Cox Communications, Inc. in Alpharetta, GA., deploying MOM for 250+ servers, rolling out SMS 2003 and Windows 2003, and supporting the company's directory services infrastructure. ************************************************************* This article first appeared in myITforum, the premier online destination for IT professionals responsible for managing their corporations' Microsoft Windows systems. The centerpiece of myITforum.com is a collection of member forums where IT professionals actively exchange technical tips, share their expertise, and download utilities that help them better manage their Windows environments, specifically Microsoft Systems Management Server (SMS). It is part of the TechTarget network of Web sites. To register for the site and sign up for the myITforum daily newsletter, click here. http://myitforum.techtarget.com/registration/form.asp?track=NL-36&ad=486419&user=0 ------------------------------------------------------------------ MORE INFO: Getting to Know MOM: Rules Available to the DNS Management Pack http://myitforum.techtarget.com/articles/2/view.asp?track=NL-36&ad=486419&id=601 DNS for Active Directory - A 10-Minute Primer http://myitforum.techtarget.com/articles/16/view.asp?track=NL-36&ad=486419&id=3907 DNS Aging/Scavenging Simplified http://myitforum.techtarget.com/articles/16/view.asp?track=NL-36&ad=486419&id=6287 Windows 2000 DNS Client service http://myitforum.techtarget.com/articles/15/view.asp?track=NL-36&ad=486419&id=1786 .................................................................... CONTACT US: Sales For sales inquiries, please contact us at: mailto:[EMAIL PROTECTED] Editorial For feedback about any of our articles or to send us your article ideas, please contact us at: mailto:[EMAIL PROTECTED] :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ABOUT THIS E-NEWSLETTER This e-newsletter is published by TechTarget, the most targeted IT media and events company. TechTarget offers magazines, Web sites, e-newsletters, Webcasts and conferences for enterprise IT professionals. Copyright 2004 TechTarget. All rights reserved. _____________________________________________________________________ To unsubscribe from "Windows in the Enterprise: Best of MyITForum": Go to unsubscribe: http://SearchTechTarget.com/u?cid=486419&lid=430805&track=NL-36 Please note, unsubscribe requests may take up to 24 hours to process; you may receive additional mailings during that time. A confirmation e-mail will be sent when your request has been successfully processed. Contact us: TechTarget Member Services 117 Kendrick Street, Suite 800 Needham, MA 02494
