So I have a project that requires a whitelist dns server so i can control what resolves and what doesn't. The config is like this. The DNS server is only listening on the ipv4 ip, under forwarders i have put a single ip address to 192.168.168.168 that of course isn't real. I unchecked 'Use root hints if no forwarders are available', and i even deleted all the root hints.. From there i have just made conditional forwarders for the domains i want to resolve and pointed them to google's dns server 8.8.8.8.
This worked great, to where i even had a conditional forwarder for microsoft.com so windows update would work, and it did. Then i realized i installed a verision of Server 2008 i didn't have a license for so i upgraded it to server 2008 Ent as i have a key for that.
This is where my problems began. The conditional forwarders where never able to resolve a FQDN but when attemping to validate it always said ok. After the upgrade, all the forwarders now say the following under validation, 'the server with this ip address is not authoritative for the required zone'. Which is fine i guess but before the upgrade they said ok.
So thinking it had to do with the upgrade, i blew away the install and started from scratch. This has not fixed my problem.
So to combat the issue i looked up each domains nameserver ip and plugged that in for the appropiate domain. This has got me almost back to good, except for one thing. On my client boxes windows update doesn't work, nor does the domain microsoft.com. When i ping it, it resolves an ip but when i navigate to it via IE, nothing happens, it acts like it can't find it. The other domains (ie. osha.gov) work fine. I need windows update to work and i can't figure out why it doesn't.
Test for yourself, here is the ip address of my DNS server 74.94.217.140. I would really appreciate any help anyone could give, and if you need more info, just ask.