Cannot resolve names in certain top level domains like

[Today's post comes to us courtesy of Chris Puckett] 

After one day, you may find your Windows 2008 DNS Server is unable to resolve names in certain top level domains (tld’s) like, .cn, and .br when it is configured to use root hints. It may also occur with other tld’s. A network monitor trace shows the DNS Server does not send any DNS traffic out to the internet. The Windows 2008 DNS server returns SERVFAIL to the client or when using nslookup.

Workarounds include restarting DNS, clearing the DNS cache, setting maxcachettl to 2 days or greater, and using DNS Forwarders instead of root hints.

If you want to use root hints, you can set the maxcachettl registry value on the Windows 2008 DNS Server as follows:

1. Start Registry Editor (Regedit.exe).

2. Locate the following registry key:


3. On the Edit menu, click New, click DWORD (32-bit) Value , and then add the following value:

Value: MaxCacheTtl
Data Type: DWORD
Data value: 0x2A300  (172800 in decimal = 2 days)

4. Click OK .

5. Quit Registry Editor.

6. Restart the DNS server.

Data type                       Range 
REG_DWORD 0x0 | 0x1 - 0xFFFFFFFF seconds Default value:0x15180 (86,400 seconds = 1 day)

You may see this behavior in Windows 2008, SBS 2008 and EBS 2008.

Comments (3)

  1. Anonymous says:

    We’ve got a few customers at work, including ourselves, who use Windows Server 2008. But only one was experiencing this problem. A "good" (i.e. quick) workaround was simply clearing the DNS cache. However, it was obviously not a decent solution.After

  2. Waggers says:

    Just tried this on my SBS 2008 box.  Although it solved the problem with the .uk domain names, I found that the registry entry stopped me from creating new distribution groups in SBS 2008.

    I have no idea why (this is all way above my head!) but once I removed the regisrty entry the Distribution Group Wizard then started working again as expected.

Skip to main content