🟑 Medium   ⏱ 5–30 min  Last verified: 29 May 2026
Affected versions: Windows Server 2022

πŸ“– ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution – Primary Fix
  7. Solution – Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

Clients can resolve local zones but fail for internet names, breaking browsing, package downloads, and external API calls.

Environment & Reproduction

Seen after policy hardening or accidental DNS setting changes.

Get-DnsServerRecursion
Resolve-DnsName github.com
Resolve-DnsName internal.corp.local

Root Cause Analysis

Recursion settings may be disabled globally, restricted by policy, or blocked by forwarder/root hint misconfiguration.

Quick Triage

Confirm recursion state and fallback resolvers.

Get-DnsServerRecursion
Get-DnsServerForwarder
Get-DnsServerRootHint

Step-by-Step Diagnosis

Validate recursion policy, root hints, and outbound DNS reachability.

Get-DnsServerQueryResolutionPolicy
Test-NetConnection 8.8.8.8 -Port 53
Resolve-DnsName bing.com -Server 127.0.0.1

Solution – Primary Fix

Re-enable recursion and validate forwarders.

Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.

Set-DnsServerRecursion -Enable $true
Add-DnsServerForwarder -IPAddress 1.1.1.1,8.8.8.8 -PassThru
Restart-Service DNS

Solution – Alternative Approaches

Use root hints only or dedicated resolver tiers when forwarders are unavailable.

Remove-DnsServerForwarder -IPAddress 1.1.1.1,8.8.8.8 -Force
Set-DnsServerRecursion -Enable $true
Restart-Service DNS

Verification & Acceptance Criteria

External and internal resolution both succeed with normal latency.

Resolve-DnsName microsoft.com
Resolve-DnsName corp.local
Get-DnsServerRecursion

Rollback Plan

Restore prior recursion and forwarder configuration if policy requires strict resolver isolation.

Set-DnsServerRecursion -Enable $false
Restart-Service DNS

Prevention & Hardening

Track DNS policy drift and audit recursion settings after change windows.

Get-DnsServerRecursion | Export-Clixml recursion-state.xml
Get-DnsServerForwarder | Export-Clixml forwarders.xml
Illustrative mockup for windows-server-2022 β€” terminal_or_powershell
Diagnostics commands in PowerShell β€” Illustrative mockup β€” Progressive Robot
Illustrative mockup for windows-server-2022 β€” event_or_log_viewer
Event log verification for Windows Server 2022 β€” Illustrative mockup β€” Progressive Robot

Often appears with firewall egress blocks on UDP/TCP 53 and stale forwarder endpoints.

Related tutorial: View the step-by-step tutorial for Windows Server 2022.

View all Windows Server 2022 tutorials on the Tutorials Hub β†’

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

Microsoft Learn: DNS recursion controls, forwarders, and query resolution policy.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today β€” we respond within one business day.