Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
The DNS server is configured to forward to a non-recursive DNS server at <ip address>. DNS servers in forwarders list MUST be configured to process recursive queries. Either
1) fix the forwarder (<ip address>) to allow recursion - connect to it with DNS Manager - bring up server properties - open "Advanced" tab - uncheck "Disable Recursion" - click OK OR
2) remove this forwarder from this servers forwarders list - DNS Manager - bring up server properties - open "Forwarders" tab - remove (<ip address>) from list of forwarders - click OK
|English: Request a translation of the event description in plain English.|
|Concepts to understand:|
What is the role of a DNS server?
From a newsgroup post: "I have seen this when the forwarder box is unavailable. If youíre "real" forwarder is unavailable, I have seen Win2k forward to servers in the root hints group - these are deliberately configured to "Do not use recursion", so millions of users donít overload them. To solve this configure another "real" forwarder in the forwarder tab. This way, there has to be a very bad failure outside within your ISP's infrastructure for this to recur (this is good practice anyway)".
See ME838969 for a hotfix applicable to Microsoft Windows 2000.
From a newsgroup post posting: "You have two options:
1. Use different DNS servers as Forwarders (better of the two options)
2. Use the "Do not use recursion" checkbox on the tab where the Forwarders are defined. (does not gain you all that much over using root hints)
A DNS server can be configured to accept only iterative queries, and so reject recursive ones, and that is the configuration of your Forwarders. If the DNS resolution appears to work despite this error, It is likely that because your DNS server performs the queries from the root servers on down (which is done iteratively) after receiving the rejection from its Forwarders."
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated