If you've ever stood up a Windows 2008 R2 server or Windows SBS 2011 server, you've likely encountered issues with DNS resolutions. In the past it's always been common practice to tell the server "don't use root hints" and then throw in some resolvers, such as the ISP's DNS server, Open DNS, Google's DNS, or Level 3's DNS. Well - I finally found the solution. 2 of them in fact.
A lot of DNS problems with Win2k8R2 have 2 main issues.
1) First the root hints: Microsoft even acknowledges there's a problem. And here's the hotfix: http://support.microsoft.com/kb/2616776
2) Second an resolution time out: You may or may not see from the client side that it seems slow for DNS resolution -OR- if you do something like nslookup, it times out, and then gets a non-authoritative reply. If you're seeing timeout problems, there's a fix for that too. "dnscmd /config /EnableEDNSProbes 0" This will turn off EDNS0 functionality, which has known to cause problems with firewalls and such because it uses and oversized UDP packet to gain information.
