When you try to query a Windows 2000 DNS server, its' DNS Event Log contains:
Event ID: 407                              Source: DNS                              Description: DNS server could not bind a datagram (UDP) socket to \[IP_address\]. The data is the error.                               Event ID: 408                              Source: DNS                              Description: DNS Server could not open socket for address \[IP_address\].                                            Verify that this is a valid IP address on this machine.                                            If it is NOT valid use the Interfaces dialog under Server Properties                                           in the DNS Manager to remove it from the list of IP interfaces.                                           Then stop and restart the DNS server. (If this was the only IP interface                                           on this machine and the DNS server may not have started as a result of this error.                                           In that case remove the DNS\Parmeters\ListenAddress value in the services section                                           of the registry and restart.) If this is a valid IP address for this machine,                                           make sure that no other application (e.g. another DNS server) is running that                                           would attempt to use the DNS port.
If you also have NAT installed on the same server that hosts the DNS server, you will get these errors.

NAT has a DNS Proxy setting that enables DHCP clients to direct DNS queries to the NAT server. The client DNS queries are then forwarded to the NAT server's configured DNS server. The DNS Proxy and the DNS Server service cannot coexist on the same host, if the host is using the same interface and IP address with the default settings.

To workaround this issue, use one of the following three methods:

1. Install NAT and DNS on different servers.

2. Use the DHCP server Service in NAT, NOT the DHCP Allocator and DNS Proxy.

3. Set the DNS Server so it doesn't listen on the IP address of the NAT private interface:

    A. In the DNS MMC snap-in, right click the DNS server and press Properties.

    B. In the Listen on section of the Interfaces tab, select the Only the following IP addresses check box.

    C. Select the IP address that you do NOT want the DNS server to listen on, and press Remove. DNS will NOT respond to queries that are directed to this removed address.

    D. Press OK and close the snap-in.