Microsoft KB Archive/914217

= How to turn off the DNS client screening feature on a Windows Server 2003-based computer =

Article ID: 914217

Article Last Modified on 10/30/2006

-

APPLIES TO


 * Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Web Edition

-





Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry



INTRODUCTION
The Domain Name System (DNS) client screening feature lets Microsoft Windows Server 2003-based computers determine whether a DNS server is reachable from the configured interface. However, this feature mayalso prevent access to a DNS server that is otherwise available.

This article describes how to turn off the DNS client screening feature.



MORE INFORMATION
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

To turn off the DNS client screening feature, you must first create the ScreenUnreachableServers registry entry. To do this, follow these steps:  Click Start, click Run, type regedit, and then click OK. Locate and then click the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters

 On the Edit menu, point to New, and then click DWORD Value. Type ScreenUnreachableServers, and then press ENTER. On the Edit menu, click Modify. Type 0 in the Value data box, and then click OK.</li> Exit Registry Editor.

Note You must stop and then start the DNS Client service for the registry change to take effect.</li></ol>

In some configurations, the DNS client screening feature may prevent access to a DNS server that is otherwise available. Typically, this occurs on a server that has more than one network adapter interface. The operating system determines whether a DNS server is reachable, together with the DNS client screening feature.

It is by design that the DNS Client service does not access the DNS servers that appear to be unreachable from the interface on which they are configured. The DNS servers are marked unreachable for the server even though they may be available to the other network adapter on the same server.

When you disable the ScreenUnreachableServers registry entry, you also disable the operating system feature that removes unreachable DNS servers from their caches. This may cause delays in name resolution. Therefore, we do not recommend that you disable the ScreenUnreachableServers registry entry unless the following conditions are true:
 * This problem affects the server.
 * There are no alternatives. For example, you cannot change the IP address of the DNS server.

A multi-network adapter Windows Server 2003-based server cannot use the second network adapter DNS server setting when the following conditions are true:
 * The server is configured to have different DNS server settings for each network adapter.
 * The IP address of the second network adapter can be accessed by using the subnet of the first network adapter.

Keywords: kbhowto KB914217

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.