How to turn off the DNS client screening feature on a Windows Server 2003-based computer (914217)


The information in this article applies to:

  • Microsoft Windows Server 2003, Datacenter Edition
  • Microsoft Windows Server 2003, Enterprise Edition
  • Microsoft Windows Server 2003, Standard Edition
  • Microsoft Windows Server 2003, Web Edition
Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry

INTRODUCTION

The Domain Name System (DNS) client screening feature lets Microsoft Windows Server 2003-based computers determine whether a DNS server is reachable from the configured interface. However, this feature mayalso prevent access to a DNS server that is otherwise available.

This article describes how to turn off the DNS client screening feature.

MORE INFORMATION

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

To turn off the DNS client screening feature, you must first create the ScreenUnreachableServers registry entry. To do this, follow these steps:
  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then click the following registry subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters

  3. On the Edit menu, point to New, and then click DWORD Value.
  4. Type ScreenUnreachableServers, and then press ENTER.
  5. On the Edit menu, click Modify.
  6. Type 0 in the Value data box, and then click OK.
  7. Exit Registry Editor.

    Note You must stop and then start the DNS Client service for the registry change to take effect.
In some configurations, the DNS client screening feature may prevent access to a DNS server that is otherwise available. Typically, this occurs on a server that has more than one network adapter interface. The operating system determines whether a DNS server is reachable, together with the DNS client screening feature.

It is by design that the DNS Client service does not access the DNS servers that appear to be unreachable from the interface on which they are configured. The DNS servers are marked unreachable for the server even though they may be available to the other network adapter on the same server.

When you disable the ScreenUnreachableServers registry entry, you also disable the operating system feature that removes unreachable DNS servers from their caches. This may cause delays in name resolution. Therefore, we do not recommend that you disable the ScreenUnreachableServers registry entry unless the following conditions are true:
  • This problem affects the server.
  • There are no alternatives. For example, you cannot change the IP address of the DNS server.
A multi-network adapter Windows Server 2003-based server cannot use the second network adapter DNS server setting when the following conditions are true:
  • The server is configured to have different DNS server settings for each network adapter.
  • The IP address of the second network adapter can be accessed by using the subnet of the first network adapter.
Modification Type:MajorLast Reviewed:4/3/2006
Keywords:kbhowto KB914217 kbAudEndUser kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.