DNS forwarder list is being replaced occasionally RRS feed

  • Question

  • Hi I am running Windows Server 2012 R2 Standard. I have an occasional issue where the DNS forwarder list seems to become replaced with addresses which I do not recognize.

    The only DNS forwarder which I want to be in the list is our router's IP

    I have checked the Microsoft-Windows-DNS-Server/Audit logs and I see this event:
    The forwarder list on scope . has been reset to,,

    To my knowledge no one was logged on or using the server when this change occurred. Is there any way to further investigate this? Note the issue has happened twice over the last 2 months.


    Thursday, November 9, 2017 9:34 PM

All replies

  • do you have any other DNS server in your network? Also, is your DNS server placed on internet or connected directly to ISP? in that case it is possible that it is picking up forwarder from ISP.
    Thursday, November 9, 2017 9:51 PM
  • Hi, the server and router are the only DNS servers on the network. The router gets its DNS from our ISP

    Thursday, November 9, 2017 11:32 PM
  • are you able to resolve names with those forwarder IPs? looks like it is picking up router
    Friday, November 10, 2017 12:49 AM
  • Hi we are not able to resolve internet IPs when the forwarder list changes, that is why it causes an issue
    Friday, November 10, 2017 1:37 PM
  • Hi,
    Based on the complexity and the specific situation, we need do more researches. If we have any updates or any thoughts about this issue, we will keep you posted as soon as possible. Your kind understanding is appreciated. If you have further information during this period, you could post it on the forum, which help us understand and analyze this issue comprehensively.
    Sorry for the inconvenience and thank you for your understanding and patience.

    Best Regards,

    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact

    Tuesday, November 14, 2017 7:08 AM
  • I expirienced the same today on a Windows 2016 Server, acting as DC and Exchangeserver.

    Did you found the issue? The machine is exposed to the web via 443 (owa), virtualized and should get its dns forwarder from the firewall (fortigate). worked for like 1 year and then changed the forwarders to the three ips mentioned above.


    Wednesday, March 6, 2019 6:09 PM
  • I haven't encountered the issue since I last posted about this. If it is any use we did reboot the server and there have since been Windows updates installed
    Wednesday, March 6, 2019 11:06 PM