An unknown error occurred while validating the server dns
In the meantime, I'm using Open DNS & some Time Warner DNS snagged from another local Time Warner client because all the other DNS servers I could find on the worthless Time Warner business-class "support" website fail, too. I would have suggested to try 188.8.131.52, but it didn't occur to me it would be an external DNS issue.
As a test, unplug the 2003 server, then change the 2008 server's IP to the one the 2003 server is using, then test it. (of course do this after hours, especially if the 2003 server is a prod server).
Even so, I added a rule to explicitly allow TCP/UDP port 53 from this server.
I disabled Windows Server 2008 firewall to eliminate it from the picture, even though it has multiple built-in rules on all profiles to explicitly allow port 53 and even allow all traffic from DNS Service. When I first open nslookup, it doesn't find this DNS server it's running on and I have manually set the server.
Yes, recursion is enabled (or rather not disabled on Advanced tab).
I have the same forwarders and root hints as my working 2003 DC and I can telnet to the forwarders' port 53 from the 2008 DC. Odd thing is, when adding the forwarders, their FQDN resolved, but the Validated column said "An unknown error occurred while validating the server." Can't find anything about this message online and can't find any event, log entry, or other explanation of what this error is. ;) Seems obvious problem is recursion/forwarding, but I can't figure out how to diagnose the problem since recursion is already enabled. I see you tested with telnet, but that only indicates if TCP is responding. Keep in mind, by default, DNS on Windows 2003 and newer, uses EDNS0, which uses UDP to query (if the response packet is under 1280 bytes, not like the old 500 bytes using non-EDNS0). On Some Other Outside it doesn't work, try: nslookup set vc (and retry the queries) Also try nslookup diagnostic mode: nslookup set d2 and post your results, please -- Ace This posting is provided "AS-IS" with no warranties or guarantees and confers no rights. :) Already used nslookup d2 to test & failed (hadn't tried set vc, but that failed, too).