A DNS Server Does Not Return More Than 16 KB of Data to the Client (812688)


The information in this article applies to:

  • Microsoft Windows Server 2003, Standard Edition
  • Microsoft Windows 2000 Server
IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry

SYMPTOMS

If a Windows 2000-based or a Windows Server 2003-based Domain Name System (DNS) server is queried for any type of resource record and the answer is larger than 16 kilobytes (KB), the Windows-based DNS server does not send the complete resource record set. This problem may occur if the Windows-based DNS server hosts an "_msdcs.forrestrootname" zone with more than approximately 400 GC SRV records. The problem might also occur in other scenarios with different record types.

If the client queries a DNS server that does not host this zone, but that is configured to forward these queries to another DNS server that hosts the zone, that server sends a "SERVER FAILURE" message back to the client.

CAUSE

When a client requests a resource record set that is larger than the UDP maximum message size value for DNS (currently 512 bytes), the server returns a DNS message with the Truncation bit set in the DNS message header. This instructs the client to switch to TCP for the query.

The problem occurs because the DNS server uses a fixed buffer when it returns data by using the TCP protocol. Depending on the type of resource record, the problem may occur at approximately 400 resource records. This problem was first reported in large Active Directory environments with more than 400 active global catalog servers.

WORKAROUND

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To work around this problem, decrease the number of records in the resource record set. Based on the example in this article, decrease the number of active global catalog servers in Active Directory. For example, use the DnsAvoidRegisterRecords registry key. Add the following registry keys on the global catalog servers that you want to unregister in DNS:

Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Value: DnsAvoidRegisterRecords
Data type: REG_MULTI_SZ
Gc
GcIpAddress
GenericGc

For additional information about the registry key, click the following article number to view the article in the Microsoft Knowledge Base:

267855 Problems with Many Domain Controllers with Active Directory Integrated DNS Zones

For additional information about global catalog server placement, click the following article numbers to view the articles in the Microsoft Knowledge Base:

244368 How to Optimize Active Directory Replication in a Large Network

216899 Best Practice Methods for Windows 2000 Domain Controller Setup

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
Modification Type:MinorLast Reviewed:11/8/2004
Keywords:kbprb KB812688 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.