Question : DNS windows 2008 R2

Hi experts,
 I am having a strange problem in my DNS server. I migrated my windows active directory plus DNS to windows 2008 R2 server, forwarders configured pointed to ISP DNS and use root hints if no forwarders is enabled and static ip configuration set to the server, NAT is enabled (dynamic) to the IP from the firewall I tested the nat and I telnet to an external mail server using IP instead of a name to port 110 evrything is fine NAT is ok but if I am using a name instead of IP nothing work even web brawsing is not working. I am facing a big problem with resolving internet domains any local server are resolved! I did nslookup and it connected to the dns server (it self), and I put the server exsample ns1.cisco.com and
C:\Users\Administrator.domain>nslookup
Default Server:  ho-03-pdc.domain.com
Address:  172.16.0.3

> server ns1.cisco.com
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Can't find address for server ns1.cisco.com: Timed out

how to solve it no internet on the server also no internet from users side

note I put as a test in the secondary dns ISP DNS it works, but I need from the user side to use the server dns not ISP DNS.

Answer : DNS windows 2008 R2

What firewall are you using?

Could be EDNS, the expectation is that you will allow UDP packets larger than 512b through, and some firewalls do not by default.

If you want to test it on the server-side, run:

dnscmd /config /enableednsprobes 0

Otherwise you're going to have to check network access rules from your server to the outside world. It will need from any local address to any remote address on UDP and TCP port 53.

Note: TCP 53 is used when a UDP response is truncated, not the same as a UDP response being dropped.

Chris