DNS Error 7600 in Windows Server 2008R2

It is very common to have the Error 7600 (Warning) in DNS Server installed on Windows Server 2008R2 in environment where is also present the Microsoft Tread Management Gateway. If you look for this error on internet, in most cases, is classified as “Nothing serious, leave it”, but I don’t like this solution.
Additional research showed me, that the cause of this error are two records from TMG: WPAD and ISATAP, which are blocked with the new function of DNS (DNS Block feature), introduced in the version Server 2008. If this is true, the correction it is very simple
:

  • First you must check if the block feature is really enabled. You can do this from command prompt (don’t forget to run as administrator!) with the simple command dnscmd /info /enableglobalqueryblocklist. If the result is 1,the feature is active.
  • Then you can check which addresses are blocked with the command dnscmd /info /globalqueryblocklist. I’m sure, that you will find wpad and isatap on list.
  • Now you have two options to solve the issue. First one is to disable the feature with executing dnscmd /config /enableglobalqueryblocklist 0. The second one is to clear all names from blocking list with the command dnscmd /config /globalqueryblocklist. Later you can add some names with the command dnscmd /config /globalqueryblocklist name1 name2 name3. You must specify all blocked names together. The old list will be replaced every time you will execute that command.

And don’t forget to control all DNS servers!.