If your Windows NT or Windows 2000 DNS server resolves client queries for internet hosts, some domain names may not resolve.

A partial list of affected domain names includes:

        www.apple.com                                      www.caldera.com                                      www.efax.com                                      www.intel.com                                      www.fda.gov
The problem will arise when your DNS server is inside a firewall, it queries an authoritative name server that is outside, and receives a reply with a different source IP address than expected.

If the outside server has a load balancing feature, this can occur.

Your options are:

Set the Forwarders option on the inside server to an outside server, which causes a recursive query. This causes the reply to have the expected source IP address.

Set the firewall to allow all inbound port 53 traffic that is destined to your inside server.