DNS resolution on Anyconnect - multiple different internal DNS servers

Similar Messages

• Multiple windows open in safari when click on web site.  Also can't change/edit DNS servers or any other changes in advance window of network tab

  macbook pro
  osx - mavericks
  multiple windows open in safari when click on web site.  Also can't change/edit DNS servers or any other changes in advance window of network tab.
  Basically every time i click on website other windows open and get redirected to other websites selling something (same as that mackeeper site which seems to open often)  Really ***** as in just a few minutes on the web I have many windows open and many are the same pages.  Can't make changes in the advanced tab of network as options are greyed out and the + & - symbols do nothing when clicked.  Hope there is an easy answer as surfing net is really sucking right now

  I hope to get some more info on a similar situation.
  I have a new Mac Pro, less than 2 months old. OSX 10.5 updated to 10.5.2. Quicktime updated too. When I use the Desktop and Screen Saver system pref, I can easily select and use one of the Apple supplied desktop pictures as a desktop background.
  But I wish to use a Photo from an iPhoto (iLife 08) folder / album as the desktop background. I can find all the albums, I can see all the icons for the pictures, I can select an iconed pciture and it appears in the top left of the preference pane (showing the effect of "fit to window" or "stretch to fit", etc). But all I get is a pale blue screen (which might be my default desktop colour). I don't get any of my iPhoto album pics to appear as a dektop background.
  There is one minor note on this, I don't keep the pictures in my iPhoto Library, I just reference them, and the originals are on a different internal disk.
  I've tried the suggestions above, trashing finder and desktop plists, killall Finder, etc. restart. Nothing gets it working again. It did work originally, for most of the time I've had the Mac Pro, then I changed the dektop to an Apple supplied picture of Earth.
  This affects both an Admin, and a standard user. The photos (and enclosing folders) are read / writable by the admin user, and readable by the Standard user. Both users can easily access the photos in their iPhoto. They open the original files on the second internal drive, and performing a right click - Show File shows the original file as expected. I've even emptied the iPhoto library completely and rebuilt it, just in case there was an issue here.
  Any ideas ? or anyone else seen this ? I don't really want to start reformatting disks and reinstalling the OS, but any suggestions short of this are extremely welcome.

• How do you setup a server to use multiple DNS servers that are not connect to each other?

  Is there a way to setup a server that connects to two different domains to use the proper DNS server for name resolution?
  Let say there are two DCs: serverA.subdomaina.domain.com and serverB.subdoamainb.domain.com.  The domains are independent and not connected.  Now you need a common server that is connected to both and need to resolve names from both
  domains.
  Is this possible?
  I have setup a server in a workgroup.  One NIC has the subdomaina.domain.com connection specific suffix and the other nic has the subdomainb.domain.com.  Each NIC has the DNS server listed for the domain it is connected to.
  This configuration will resolve FQDNs of one domain but not the other.  This I believe is due to the fact the server only querys one DNS server and doesn't try the other DNS server.
  Is there any way to make the server try another DNS server, if the first one doesn't have the entry?

  Hi,
  Thank you for posting in Windows Server Forum.
  Here adding to the words of “Tim”, a forwarder is a DNS server on a network used to forward DNS queries for external DNS names to DNS servers outside of that network. You can also forward queries according to specific domain names using conditional forwarders.
  A DNS server on a network is designated as a forwarder by having the other DNS servers in the network forward the queries they cannot resolve locally to that DNS server. You can refer information regarding forwarders and how to configure from beneath link.
  Understanding forwarders
  http://technet.microsoft.com/en-us/library/cc782142(v=ws.10).aspx
  Configure a DNS Server to Use Forwarders
  http://technet.microsoft.com/en-us/library/cc754941.aspx
  Hope it helps!
  Regards.

• External DNS zone on Internal DNS servers

  We currently have a 2 domain forest with DNS running on all domain controllers. All domain controllers are 2012 or 2012 R2 and our Domain and forest functional level is set at 2008 R2 due to the existence of an exchange 2003 server which wont be retired
  for several months. We have 2 DNS servers in the root domain and 4 DNS servers in the child domain. This is a centralized DNS setup. Our parent domain is DOMAIN.LOCAL and the child domain is XX.DOMAIN.LOCAL. Externally, our DNS is MYDOMAIN.com. we
  do not have a public facing DNS server and our DNS records are hosted by a 3rd party
  We want to add the MYDOMAIN.COM DNS zone internally (AD Integrated) since we have several instances where applications do not really work well with the XX.DOMAIN.LOCAL DNS. We want this zone to host several DNS records for internal resolution
  only since we do not have any public facing applications or web servers such as SharePoint etc.
  My question(s) is this?
  How is the best way to do this and how will it affect the zones we currently have in place.
  Is it as simple as creating a new forward lookup zone, adding static records?
  How do we (or do we) handle delegation?
  Any information or suggestions to get me started would be greatly appreciated.
  Russ

  Hi,
  I’m not quite understand your question, do you want to create a new primary DNS zone on your current DNS server? If so, you
  just need to create a new primary, you can create the additional primary DNS zone.
  The related KB:
  Configuring a new primary server
  http://technet.microsoft.com/en-us/library/cc776365(v=ws.10).aspx
  Hope this helps.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Update Policy for multiple networks with specific DNS servers

  I have a mid size network with 5 locations all with different IP addresses. All sites host their own DNS servers and connect directly through an ISP dedicated VLAN.
  Main Site
  10.1.1.1
  255.0.0.0
  Remote Site 1
  192.168.100.1
  255.255.255.0
  Remote Site 2
  192.168.101.1
  255.255.255.0
  Remote Site 3
  192.168.102.1
  255.255.255.0
  Remote Site 4
  192.168.103.1
  255.255.255.0
  All sites can be managed through the main site, but have their own DNS servers on location.
  My purpose is to point all computers and devices to a new DNS server from their previous static assignment. (XP and later versions)
  My question is can I use GP or DHCP* to push DNS server information to each device making them site specific without having to travel to those locations?
  Requirements:
  All devices on 10.1.1.1 will be changing from 10.1.1.2 to 10.1.1.4 (decom of old 2k3 server)
  DNS servers at each 192 location will need to point secondary server to 10.1.1.4
  Devices at main will need to use 10.1.1.4 as primary and 10.1.1.3 as secondary.
  Devices at each site will need to keep their respective DNS server.
  *If I use DHCP to change the information on a per scope level, can I use GP to force computers with locally set static assignments to update to DHCP static assignments
  Bonus: If anyone can give me an estimate on how much network traffic/bandwidth this would create that would be great because I would consider staggering the assignments as I am a 24 hour business.

  Hi,
  You may configure a Scheduled Task Item in Group Policy.
  To create a new Scheduled Task preference item, please follow the steps below,
  Open the Group Policy Management Console . Right-click the Group Policy object (GPO) that should contain the new preference item, and then click
  Edit .
  In the console tree under Computer Configuration or
  User Configuration , expand the Preferences folder, and then expand the
  Control Panel Settings folder.
  Right-click the Scheduled Tasks node, point to
  New , and select Scheduled Task .
  In the New Scheduled Task Properties dialog box, select an
  Action for Group Policy to perform. (For more information, see "Actions" in this topic.)
  On the Task tab, enter task settings for Group Policy to configure or remove. (For more information, see "Task settings" in this topic.)
  If creating, updating, or replacing a task:
  Click the Schedule tab, and configure one or more schedules for the task. (For more information, see "Schedule settings" in this topic.)
  Click the Settings tab, and enter any additional task settings for Group Policy to configure. (For more information, see "Other scheduled task settings" in this topic.)
  Click the Common tab, configure any options, and then type your comments in the
  Description box. (For more information, see
  Configure Common Options.)
  Click OK . The new preference item appears in the details pane.
  In the task, you may use netsh to set the DNS address.
  netsh interface ip set dns name="Local Area Connection" static yourdnssetting
  Here is an article about netsh command,
  http://technet.microsoft.com/en-us/library/cc738592(v=WS.10).aspx#BKMK_5
  Hope this helps.
  Steven Lee
  TechNet Community Support

• IronPort ESA best practice for DNS servers?

  Hello!
  Is there a best practice for what servers should be used for the Cisco IronPort DNS servers?
  Currently when I check our configuration, we have set it to "Use these DNS servers" and the first two are our domain controllers and last two are Google DNS.
  Is there a best practice way of doing this? I'm thinking of selecting the "Use the Internet's Root DNS Servers" option as I can't really see an advantage of using internal DC's.
  Thoughts?

  Best practice is to use Internet Root DNS Servers and define specific dns servers for any domain that you need to give different answers for. Since internal mail delivery is controlled by smtproutes using internal dns servers is normally not required.
  If you must use internal dns servers I recommend servers dedicated to your Ironports and not just using servers that handle enterprise lookups as well. Ironports can place a very high load on dns servers because every outside connection results in multiple dns lookups. (forward, reverse, sbrs)
  If you don't have enough dns horsepower you are susceptible to a DOS attack either through accident or design. If the Ironports overload your internal dns servers it can impact your entire enterprise.

• Domain Controllers that are DNS servers DNS Client settings

  [Copying verbatim from a mail by Joe ]
  So I have been pinged by a few folks recently on configuration of client DNS settings on Domain Controllers that are also functioning as DNS Servers. Lots of debate. I understand there has been long time debate within MSFT as well.
  From http://blogs.technet.com/b/askds/archive/2010/07/17/friday-mail-sack-saturday-edition.aspx there
  is the quote
  "3.When referencing a DNS server on itself, a DNS client should always use a loopback address and not a real IP address."
  From http://www.microsoft.com/en-us/download/confirmation.aspx?id=9166 (Windows
  Server 2008 R2 Core Network Guide)
  "9.        In Preferred DNS server, type the IP address of your DNS server. If you plan to use the local computer as the preferred DNS server, type the IP address of the
  local computer.
  10.       In Alternate DNS Server, type the IP address of your alternate DNS server, if any. If you plan to use the local computer as an alternate DNS server, type the IP address of
  the local computer."
  From http://technet.microsoft.com/en-us/library/dd378900(v=ws.10).aspx (DNS:
  DNS servers on <adapter name> should include their own IP addresses on their interface lists of DNS servers)
  "The inclusion of its own IP address in the list of DNS servers improves performance and increases availability of DNS servers. However, if the DNS server is also a domain controller and it points only to
  itself for name resolution, it can become an island and fail to replicate with other domain controllers. For this reason, use caution when configuring the loopback address on an adapter if the server is also a domain controller. The loopback address should
  be configured only as a secondary or tertiary DNS server on a domain controller...
  Add the loopback IP address to the list of DNS servers on all active interfaces. The loopback IP address should not be the first server in the list."
  ESPECIALLY "For this reason, use caution when configuring the loopback address on an adapter if the server is also a domain controller. The loopback address should be configured only as a secondary or tertiary
  DNS server on a domain controller." and "Add the loopback IP address to the list of DNS servers on all active interfaces. The loopback IP address should not be the first server in the list."
  Why shouldn't loopback not be first, the justification is why you shouldn't only use loopback, not why it shouldn't be first.
  From http://technet.microsoft.com/en-us/library/ff807362(v=ws.10).aspx (DNS:
  DNS servers on <adapter name> should include the loopback address, but not as the first entry)
  "If the loopback IP address is the first entry in the list of DNS servers, Active Directory might be unable to find its replication partners. 
  The inclusion of its own IP address in the list of DNS servers improves performance and increases availability of DNS servers. However, if the DNS server is also a domain controller and it points only to itself,
  or points to itself first for name resolution, this can cause a delay during startup. For this reason, use caution when configuring the loopback address on an adapter if the server is also a domain controller. The loopback address should be configured only
  as a secondary or tertiary DNS server on a domain controller."
  This also seems like justification against only using loopback versus using it first.
  Are there any actual real documented issues for using loopback first and a remote DNS server second and perhaps third? If the local DNS server service isn't working yet (or at all), I would expect the DNS Client process
  to try to connect to it, fail, and then failover to the secondary just like I would expect it to failover if the remote DNS server was secondary and it was unavailable and it failed back to the loopback. Am I making a bad assumption?
  And by documented I don't mean random responses to questions on the internet or other such items. I mean a KB article or technet article or properly researched and tested other web article from a reliable resource.
  thanks, 
  joe

  As I understand it, the scenario whereby a DC could become an 'island' if it points only to itself, or to itself first, was repaired in the Windows Server 2003 product cycle. See
  http://support.microsoft.com/kb/275278 for information about this scenario.
  However, there is still a known problem of slow boot times that can occur. See
  http://support.microsoft.com/kb/2001093 for information about this. The scenario that is discussed assumes there is a power failure and servers shut down due to overheating while on backup power. When
  multiple servers come online simultaneously after power is restored, there can be a significant delay.
  The recommended configuration is one that avoids a single point of failure, but also tries to optimize the speed of resource record registration, so that Active Directory can properly synchronize.
  -Greg

• Enterprise DNS servers are not responding when using Windows NLB with Direct Access 2012

  Hi
  We have installed Direct Access 2012 as one server installation:
  - Two network cards. First one in DMZ and second one in internal network
  - Two consecutive IP addresses configured in DMZ because of Teredo
  - PKI because of Win7 Clients IPSec
  - Our corporate network is native IPv4 so we use DNS64/NAT64 and DA-server is configured as DNS
  - DA-servers are VMWare virtual machines 
  One server installation works fine and now we want to use Windows NLB as load balancing. NLB installation goes fine too,
  but problem is DNS. If we still try to use DA-server as DNS there comes error message below
  None of the enterprise DNS servers 2002:xxxx:xxxx:3333::1 used by DirectAccess clients for name resolution are responding. This might affect DirectAccess client connectivity to corporate resources.
  When trying to configure DNS using Infrastructure access setup, DNS cannot be validated when using DA-servers DIP or cluster VIP. Only domain local DNS looks to be ok but those have no IPv6 addressess. So how DNS should be configured when using multicast
  NLB? 
  Tried to remove name suffix then adding again => Detect DNS server => DA-server IPv6 address found => validate => The specified DNS server is not responding...
  Then tried to ping detected address => General failure
  NLB clusters are configured as multicast and static ARPs are configured too. Both clusters can be connected from those subnets as they should be. 
  Any clues how to fix this?
  ~ Jukka ~

  Hi,
  Your question falls into the paid support category which requires a more in-depth level of support.  Please visit the below link to see the various
  paid support options that are available to better meet your needs.
  http://support.microsoft.com/default.aspx?id=fh;en-us;offerprophone
  Regards,
  Mike
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Why do DNS servers log in to my Router ?

  When I check the IP address of the computers logging in to my Wireless Router, I sometimes see two DNS addresses (DNS addresses from my internet Service provider) logged in. DSoes that mean that I am being hacked ? 
  Thanks for any information.

  DNS servers are more of a personal preference. ISP's will often distribute routers with thier own DNS servers. This means you go through them to find any other website/ip address. You will have no problems if you have a working internet connection (Default Gateway is important for this) and have different (but valid) DNS servers on every device. 
  People sometimes use Primary 8.8.8.8 Secondary 8.8.4.4. These belong to google so should pretty much resolve anything and can default searches to google. 
  Most routers will push out themselves as the default gateway and the dns server. For example, on a Linksys router (IP address is 192.168.1.1) the router will use 192.168.1.1 as the DNS server. This is fine, and normal. This just means it's added itself to the dns path. This means you will be able to resolve internal IPs (other devices on your own network).
  You may need to contact D-Link for further configuration on their router's DNS settings.

• DirectAccess 2012 has wrong DNS servers listed

  Hello,
  I'm setting up DirectAccess on Server 2012 and having issues with the wrong DNS servers continually added to the configuration. My setup is as follows, 2 Server 2008 R2 DCs running DNS, both have a static IPv4 and IPv6 addresses.  The DirectAccess
  server has a single NIC behind a NAT device and also has static IPv4 and IPv6 addresses.  My problem is that I keep getting a DNS: Not working properly error on the dashboard.  It says:
  Error:
  Enterprise DNS servers (fd7e:ed10:5cb6:7777::ac10:a22, fd7e:ed10:5cb6:7777::ac10:a21) used by DirectAccess clients for name resolution are not responding.  This might affect DirectAccess client connectivity to corporate resources.
  The thing is these are not nor ever have been the IP addresses of my DC/DNS servers.  I've removed them by using the configuration editor but with each restart of the server they reappear.  I examined the DirectAccess Server
  Settings GPO and they are listed in the Extra Registry Settings section buy I am unable to edit that portion.  I've read other threads on this forum that state I need to add the IPv6 address of the DA server as the DNS server but I still get DNS errors
  when I do that and after a restart the same two DNS servers show up again.
  Anyone have any ideas?  Your assistance is greatly appreciated.

  Hi,
  Thanks for you reply and sorry for relying so late.
  Did you point the DNS server address to the IP address of the internal NIC? Maybe you can refer to the similar thread below:
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/df08fa06-d3fc-4ca9-b4a2-85824a10819a/direct-access-server-dns-error?forum=winserver8setup
  Best regards,
  Susie

• Issue services with different Internal Orders within a Plant from one PO?

  Hiii... Please advice me of issuing services through one purchase order (one vendor comes and do the service to different machines of different internal orders in a plant) to different  internal orders within a plant.
  Thanks
  Manoj

  what is the problem?  you can have Multiple Line Items in a PO  (one for each internal Order).
  And within one Line item you can add multiple service lines.

• DNS forwarder with 2 real DNS servers, querying them simultaneously

  DNS forwarder with >2 real DNS servers, querying them simultaneously and ignoring "server can't find" errors
  Hi. When I connect to VPN, my normal DNS isnt queried, and DNS given by VPN answers: "server can't find"
  An extract from 'man resolv.conf'
  If there are multiple servers, the resolver library queries them in the  order  listed.
  I need another logic. All servers should be queried at the same time, and the soonest positive reply should be used.
  The algorithm  used  is to try a name server, and if the query times out, try the next, until out of name servers, then repeat trying all  the  name  servers  until  a  maximum number of etries are made.
  So, if I get "server can't find" error, the next DNS server not queried. I want the DNS forwarder to ignore such answers and wait for replies from other servers.
  What software can do this? Maybe dnsmasq? I plan to add 'nameserver 127.0.0.1' to the top of my resolv.conf and configure my scripts to add other nameservers below.

  All servers should be queried at the same time
  --all-servers
  dnsmasq: ignoring nameserver 127.0.0.1 - local interface
  good.
  How to tell dnsmasq to completely disable dhcp? List all interfaces like this?
  no-dhcp-interface=eth0
  no-dhcp-interface=tun0
  no-dhcp-interface=vboxnet0
  no-dhcp-interface=wlan0

• AD DNS servers across WAN

  Hi, I have inherited a network that looks to be running 2 separate DNS servers on each side of a WAN. Both are DCs of the same Domain.
  The issue is one side of the WAN sometimes has trouble pinging DHCP clients that are on the other side.
  Each side has its own DHCP and DNS, and it looks like neither DNS is setup as a secondary..
  My question is what is best practice in this situation? If I setup site 2 as a secondary DNS server, will it have the same issues resolving DHCP clients?
  Thanks,
  Dekkar

  If I understand well your problem, you are having troubles to ping clients on the other site. If this is the case then you can start with the following steps:
  Try to ping a client on the other site using its IP address. If it is successful while it is not the case when you ping it using its DNS name then there should be a problem with your DNS resolution. To check it, you can use
  nslookup. If the clients are not getting registered then you need to check that your DNS servers accept DNS dynamic registration and that your computers are configured to register their DNS records (If this does not help then you can try to
  temporary disable security software in use as they might blocking DNS registration too)
  If the IP ping is not successful then the problem should not be related to the DNS resolution. In this case, you need to make sure that ICMP is not blocked by a firewall (On the computer or the network level).
  tracert should help to let you know on which level the ICMP requests are getting dropped.
  This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
  Get Active Directory User Last Logon
  Create an Active Directory test domain similar to the production one
  Management of test accounts in an Active Directory production domain - Part I
  Management of test accounts in an Active Directory production domain - Part II
  Management of test accounts in an Active Directory production domain - Part III
  Reset Active Directory user password

• Script to Change DNS Servers on Remote Server

  I am new to powershell and I am trying to construct a script to change the DNS servers settings on a whole list of machines remotely. I have the list of machines that I want to change in a txt file. I have read several posts on this and tried several different
  methods but I cannot seem to get it to work. Here is my code, any help is much appreciated.
  $servers = Get-Content C:\PathToFile\computers.txt
  foreach($server in $servers)
      Write-Host "Connect to $server..."
      $nics = Get-WmiObject Win32_NetworkAdapterConfiguration -ComputerName $server -ErrorAction Inquire | Where{$_.IPEnabled -eq "TRUE"}
      $newDNS = "10.1.1.1","10.2.2.2"
      foreach($nic in $nics)
          Write-Host "`tExisting DNS Servers " $nic.DNSServerSearchOrder
          $x = $nic.SetDNSServerSearchOrder($newDNS)
          if($x.ReturnValue -eq 0)
              Write-Host "`tSuccessfully Changed DNS Servers on " $server
          else
              Write-Host "`tFailed to Change DNS Servers on " $server

  http://blogs.technet.com/b/heyscriptingguy/archive/2012/02/28/use-powershell-to-configure-static-ip-and-dns-settings.aspx
  Ed Wilsons Blog.
  $computer = Get-Content C:\PathToFile\computers.txt
  $wmi = Get-WmiObject win32_networkadapterconfiguration  -computername "$computer" -filter "ipenabled = 'true'"
  $wmi.SetDNSServerSearchOrder("10.0.0.15", "255.255.255.0")
  I dont have the feasibility to check as of now. Please test and let me know.
  Thanks
  Azam
  Mark As an Answer if it answered your question or helpful if helped.

• Testing an ISA Server Rule, the recursive query to other DNS Servers test fails

  Hello,
  I am trying to configure the following infrastructure with ISA Server 2006 and two W2003 servers (called "Server1" and "Server2") . "Server1" is a domain controller, and in
  "Server2" is the ISA Server installed, which also has
  attached two network Ethernet cards, one called "Internal Ethernet Card", and the other one called
  "External Ethernet Card".
  The infrastructure would be:  "Internal Ethernet Card"---- ISA Server ----"External Ethernet Card"---"Router"----"Internet"
  "Internal Ethernet Card" manages the internal package traffic of the infrastructure, the network segment which belongs is isolated from what we could called the Outbound traffic, which is linked to a router. "Internal Ethernet Card" it`s
  a virtual network.
  "Internal Ethernet Card" feature configuration is the following:
  - IP address: 192.168.3.3
  - Subnet Mask: 255.255.255.0
  - DHCP Enabled: No
  - DNS Server: 192.168.3.1 (Must point to the DC "Server1" which has the DNS Service installed)
  - Default Gateway:  None  (because doesnt point to outside)
  - Primary WINS Server: 192.168.3.1  
  The "External Ethernet Card" provides, the outbound connection, and this card is connected to the physical router.
  It`s feature configuration is the following:
  - IP address: 192.168.1.50
  - Subnet Mask: 255.255.255.0
  - DHCP Enabled: No
  - Default Gateway: 192.168.1.1
  - DNS Servers: 192.168.3.1 (Must point to the DC "Server1" which has the DNS Service installed)
  After configuring the network cards, I create the following rule in the ISA Server to allow the traffic towards outside from the server and the clients which have joined to the domain:
  Action: Allow.  Protocol: DNS.  From:"Server2".  To : External.  Condition: All Users
  After applying the changes to update the configuration, I enter in the Dns Server of "Server1" and in the "Monitoring" tab, I run a "recursive query to other DNS Servers" but fails.
  Only works the "simple query against this DNS Server".
  I don`t know why fails, but I`m stucked on this issue, because in the "Server1" DNS Server, in the "domain forward IP address list", I have added two DNS addresses which work OK.
  I would appreciate some help to solve this issue.
  Thanks
  Regards 

  Hello Ms. Long, 
  Yes, you are right. In the Server1 is configured the DNS server, to use forwarders whose are set in the field "Selected domain`s forwarder IP address list", two DNS address numbers obtained from "Open DNS", which work well.
  There is no DNS Server linked to the External NIC.
  The Server1 belongs to a private network configured as "VMnet3", which it is set as follows:
  IP address: 192.168.3.1
  Subnet Mask: 255.255.255.0
  Default Gateway: 192.168.3.3
  DNS Server: 192.168.3.1
  I have tried to test your suggested idea:
  > set d2
  > google.com
  Server:  srv-dcfs-01.dominio.local
  Address:  192.168.3.1
  SendRequest(), len 42
      HEADER:
          opcode = QUERY, id = 2, rcode = NOERROR
          header flags:  query, want recursion
          questions = 1,  answers = 0,  authority records = 0,  additional = 0
      QUESTIONS:
          google.com.dominio.local, type = A, class = IN
  Got answer (113 bytes):
      HEADER:
          opcode = QUERY, id = 2, rcode = NXDOMAIN
          header flags:  response, auth. answer, want recursion, recursion avail.
          questions = 1,  answers = 0,  authority records = 1,  additional = 0
      QUESTIONS:
          google.com.dominio.local, type = A, class = IN
      AUTHORITY RECORDS:
      ->  dominio.local
          type = SOA, class = IN, dlen = 46
          ttl = 3600 (1 hour)
          primary name server = srv-dcfs-01.dominio.local
          responsible mail addr = hostmaster
          serial  = 41
          refresh = 900 (15 mins)
          retry   = 600 (10 mins)
          expire  = 86400 (1 day)
          default TTL = 3600 (1 hour)
  SendRequest(), len 28
      HEADER:
          opcode = QUERY, id = 3, rcode = NOERROR
          header flags:  query, want recursion
          questions = 1,  answers = 0,  authority records = 0,  additional = 0
      QUESTIONS:
          google.com, type = A, class = IN
  DNS request timed out.
      timeout was 2 seconds.
  timeout (2 secs)
  SendRequest failed
  *** Request to srv-dcfs-01.dominio.local timed-out
  As you can see highlighted in bold, the problem remains in the "recursive query to other DNS Servers" check.
  Maybe is better to put the issue on the "Windows Server General Forum" , because the issue has not nothing in common with the ISA Server, dont you?
  Thanks
  Best regards