I have two AD/DNS servers, and on the secondary I can't seem to lookup the external site www.iis.se (or any other hostname that their name servers control).
The central firewall at this office allows any any outbound, TCP and UDP.
The DNS server has no local firewall nor antivirus.
My windows client, located in the same subnet as the DNS server can do the lookup by asking the nameservers that are in control of www.iis.se.
dig NS iis.se
shows
iis.se. 2517 IN NS ns2.nic.se. iis.se. 2517 IN NS ns.nic.se. iis.se. 2517 IN NS ns3.nic.se.
On AD/DNS server:
C:\Users\Administrator>nslookup www.iis.se 212.247.7.228 Server: UnKnown Address: 212.247.7.228 Name: www.iis.se Addresses: 2a00:801:f0:80::80 212.247.7.221 C:\Users\Administrator>nslookup www.iis.se 194.17.45.54 Server: UnKnown Address: 194.17.45.54 Name: www.iis.se Addresses: 2a00:801:f0:80::80 212.247.7.221 C:\Users\Administrator>nslookup www.iis.se 212.247.3.83 Server: UnKnown Address: 212.247.3.83 Name: www.iis.se Addresses: 2a00:801:f0:80::80 212.247.7.221
And still:
C:\Users\administrator>nslookup www.iis.se Server: UnKnown Address: 127.0.0.1 DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. *** Request to UnKnown timed-out
Edit 3
C:\Users\Administrator>ipconfig /all Windows IP Configuration DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 10.180.3.15(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 10.180.3.254 DNS Servers . . . . . . . . . . . : 10.180.3.15 10.10.10.19 C:\Users\Administrator>nslookup www.test.se Server: UnKnown Address: 10.180.3.15 Non-authoritative answer: Name: www.test.se Address: 216.8.179.24 C:\Users\Administrator>nslookup www.iis.se 127.0.0.1 Server: localhost Address: 127.0.0.1 DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. *** Request to localhost timed-out C:\Users\Administrator>nslookup www.iis.se 10.180.3.15 Server: UnKnown Address: 10.180.3.15 DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. *** Request to UnKnown timed-out C:\Users\Administrator>nslookup www.iis.se 10.10.10.19 Server: ds-1.company.com Address: 10.10.10.19 Non-authoritative answer: Name: www.iis.se Addresses: 2a00:801:f0:80::80 212.247.7.221
Best Answer
It all looks perfrectly normal to me. The name servers for iis.se are ns.nic.se, ns2.nic.se, and ns3.nic.se.
You get the Server Unknown message because you don't have a PTR zone set up on your DNS servers for your subnet (which isn't required). When you run nslookup from the DNS server the DNS client on the server (which is what nslookup uses, as the DNS server is also a DNS client and operates as any other DNS client does) first performs a PTR lookup to find the name of the server configured in the DNS settings of the TCP\IP protocol bound to the NIC. Not finding a PTR record, nslookup responds with Server Unknown. This is perfectly normal and acceptable.
Next you issue the query for www.iis.se and get a response from one of the name servers at iis.se from both the IPv6 and IPv4 addresses of that name server, that it can't find a record for www.iis.se. This is a perfectly normal response if no record for www exists.
You do that two more times against two different name servers and get the same response, which again is perfectly normal where no record for www.iis.se can be found.
You do that a third time on a server that has 127.0.0.1 configured as it's DNS server in the TCP\IP protocol settings of the NIC and get a request timed out, which tells me that the DNS client is pointing to 127.0.0.1 for DNS but that the DNS server (if you're running this particular nslookup from the DNS server) isn't listening on 127.0.0.1 so the query times out.
Try running nslookup against each of the name servers for the iis.se domain and query each one for www and see what they answer.