Cannot resolve names in certain top level domains like

[Today’s post comes to us courtesy of Chris Puckett] 

After one day, you may find your Windows 2008 DNS Server is unable to resolve names in certain top level domains (tld’s) like, .cn, and .br when it is configured to use root hints. It may also occur with other tld’s. A network monitor trace shows the DNS Server does not send any DNS traffic out to the internet. The Windows 2008 DNS server returns SERVFAIL to the client or when using nslookup.

Workarounds include restarting DNS, clearing the DNS cache, setting maxcachettl to 2 days or greater, and using DNS Forwarders instead of root hints.

If you want to use root hints, you can set the maxcachettl registry value on the Windows 2008 DNS Server as follows:

1. Start Registry Editor (Regedit.exe).

2. Locate the following registry key:


3. On the Edit menu, click New, click DWORD (32-bit) Value , and then add the following value:

Value: MaxCacheTtl
Data Type: DWORD
Data value: 0x2A300  (172800 in decimal = 2 days)

4. Click OK .

5. Quit Registry Editor.

6. Restart the DNS server.

Data type                       Range 
REG_DWORD 0x0 | 0x1 – 0xFFFFFFFF seconds Default value:0x15180 (86,400 seconds = 1 day)

You may see this behavior in Windows 2008, SBS 2008 and EBS 2008.

UPDATE: KB Published. 

968372 Windows Server 2008 DNS Servers may fail to resolve queries for some top-level domains;EN-US;968372