Configure DNS Forwarding in Windows 2003

Friday, October 28, 2011

The concept of DNS forwarding is not a new feature in Windows Server 2003, but remains as a very important one in your design. Forwarding can be used in instances where you do not want the Windows DNS server to use the root hints file for resolving host names that belong to domains that the DNS sever is not authoritative for. Rather than using the root DNS servers on the internet, you can configure your DNS server to "forward" all recursive requests to another DNS server, such as the one's provided by your Internet Service Provider. Also, if you have a branch office deployment or a hub and spoke model in regards to DNS, you can have your remote DNS servers, forward their queries to your central "hub" servers. The idea here is that forwarding requests may produce faster responses since the DNS server you may be forwarding to will have the answer "cached". Forwarding removes the requirement of having to go through the process of querying the root servers, then second level, and so on.

To configure forwarding, open the DNS console under Administrative Tools, right-click on the DNS server node, select properties to open the Properties sheet for the DNS server, and select the Forwarders tab.

DNS Forwarding

To configure forwarding, highlight the "All other DNS Domains" text located in the DNS Domains box, then click in the IP Address section under "Selected domain's forwarder IP address list" and add all of the IPs for the DNS servers you want to forward to. You should forward requests to at least two DNS Server IPs in the address list. If you only forward to one IP and that IP is not accessible, the forwarding process will fail. In addition, if a request is received by the DNS server and the DNS server is authoritative for that domain, it will not forward the request. The DNS server will respond based on the information located in the authoritative zone.

Keep in mind that this information is static and is not updated if the DNS Server's IP that you are forwarding to changes. If the name servers’ IP addresses change and you do not update this information on your DNS server, your DNS server will not be able to resolve names for other domains that it is not authoritative for. Your DNS server will NOT attempt to contact the root hint servers as a backup method.

Did you find the page informational and useful? Share it using one of your favorite social sites.

Recommended Books & Training Resources

MCITP Windows Server 2008 Enterprise Administrator: Training Kit 4-Pack: Exams 70-640 70-642 70-643 70-647 Windows Server 2008 R2 Unleashed