Configure a DNS Server to Use Forwarders
Applies To: Windows Server 2008
A forwarder is a Domain Name System (DNS) server on a network that is used to forward DNS queries for external DNS names to DNS servers outside that network. You can also configure your server to forward queries according to specific domain names using conditional forwarders.
A DNS server on a network is designated as a forwarder when the other DNS servers in the network are configured to forward the queries that they cannot resolve locally to that DNS server. By using a forwarder, you can manage name resolution for names outside your network, such as names on the Internet, which can improve the efficiency of name resolution for the computers in your network. For more information about forwarders and conditional forwarders, see Understanding Forwarders.
Membership in the Administrators group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).
Configuring a DNS server to use forwarders
Using the Windows interface
Using a command line
To configure a DNS server to use forwarders using the Windows interface
Open DNS Manager.
In the console tree, click the applicable DNS server.
Where?
- DNS/Applicable DNS server
On the Action menu, click Properties.
On the Forwarders tab, click Edit.
Type the IP address or fully qualified domain name (FQDN) of a forwarder, and then click OK.
Additional considerations
To open DNS Manager, click Start, point to Administrative Tools, and then click DNS.
To create a new domain name, click New, and then, under DNS domain, type the domain name.
When you specify a conditional forwarder, select a DNS domain name before you enter an IP address.
By default, the DNS server waits five seconds for a response from one forwarder IP address before it tries another forwarder IP address. In Number of seconds before forward queries time out, you can change the number of seconds that the DNS server waits. When the server has exhausted all forwarders, it attempts standard recursion.
If you want the DNS server to only use forwarders and not attempt any further recursion if the forwarders fail, select the Do not use recursion for this domain check box.
You can disable recursion for the DNS server so that it will not perform recursion on any query. If you disable recursion on the DNS server, you will not be able to use forwarders on the same server.
Do not enter a forwarder's IP address more than once in a DNS server's forwarders list because it is a more reliable or geographically closer server. If you prefer one of the forwarders, put that forwarder first in the series of forwarder IP addresses.
You cannot use a domain name in a conditional forwarder if the DNS server hosts a primary zone, secondary zone, or stub zone for that domain name. For example, if a DNS server is authoritative for the domain name corp.contoso.com (that is, it hosts the primary zone for that domain name), you cannot configure that DNS server with a conditional forwarder for corp.contoso.com.
You can prevent common problems that are associated with forwarders by configuring your DNS servers to avoid overusing your forwarders.
To configure a DNS server to use forwarders using a command line
Open a command prompt.
Type the following command, and then press ENTER:
dnscmd <ServerName> /ResetForwarders <MasterIPaddress ...> [/TimeOut <Time>] [/Slave]
Parameter | Description |
---|---|
dnscmd |
Specifies the name of the command-line tool for managing DNS servers. |
<ServerName> |
Required. Specifies the DNS host name of the DNS server. You can also type the IP address of the DNS server. To specify the DNS server on the local computer, you can also type a period (.). |
/ResetForwarders |
Required. Configures a forwarder. |
<MasterIPaddress...> |
Required. Specifies a space-separated list of one or more IP addresses of the DNS servers where queries are forwarded. You may specify a list of space-separated IP addresses. |
/TimeOut |
Specifies the timeout setting. The timeout setting is the number of seconds before unsuccessful forward queries time out. |
<Time> |
Specifies the value for the /TimeOut parameter. The value is in seconds. The default timeout is five seconds. |
/Slave |
Determines whether or not the DNS server uses recursion when it queries for the domain name that is specified by ZoneName. |
To view the complete syntax for this command, at a command prompt, type the following command, and then press ENTER:
dnscmd /ResetForwarders /help
Additional considerations
To open an elevated Command Prompt window, click Start, point to All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
To set the conditional forwarder for a zone, use the following command:
dnscmd <ServerName> /ZoneAdd <ZoneName> /Forwarder <MasterIPaddress ...> [/TimeOut <Time>] [/Slave]
The /ZoneAdd command adds the zone specified by the ZoneName parameter. The parameter IPAddress is the IP address where the DNS server will forward unsolvable DNS queries. The /Slave parameter sets the DNS server as a subordinate server. The /NoSlave parameter (default setting) sets the DNS server as a nonsubordinate server, which means that it will perform recursion. The /Timeout and Time parameters are described in the previous table.
To view a zone that is added only as a conditional forwarder, use the following command:
dnscmd <ServerName> /ZoneInfo <ZoneName>
To reset the forwarder IP addresses for a conditional forwarder domain name, use the following command:
dnscmd <ServerName> /ZoneResetMasters <ZoneName> [/Local] [<ServerIPs>]
The /Local parameter sets the local master list for Active Directory–integrated forwarders. The ServerIPs parameter is the list of one or more IP addresses of master servers for the zone. Master servers may include DNS servers that host primary or secondary copies of the zone, but they should not include DNS server IP addresses in such a way that two DNS servers that host copies of a zone use each other as master servers. Such a configuration makes the forwarding path cyclical.
You cannot use a domain name in a conditional forwarder if the DNS server hosts a primary zone, secondary zone, or stub zone for that domain name. For example, if a DNS server is authoritative for the domain name corp.contoso.com (that is, it hosts the primary zone for that domain name), you cannot configure that DNS server with a conditional forwarder for corp.contoso.com.
You can prevent common problems that are associated with forwarders by configuring your DNS servers to avoid overusing your forwarders.