Configure a DNS Server to Use Forwarders
Applies To: Windows Server 2008
A forwarder is a Domain Name System (DNS) server on a network that you use to forward DNS queries for external DNS names to DNS servers outside that network.
A DNS server on a network is designated as a forwarder when the other DNS servers in the network are configured to forward the queries that they cannot resolve locally to that DNS server. By using a forwarder, you can manage name resolution for names outside your network, such as names on the Internet.
Note
When you use the Active Directory Domain Services Installation Wizard to install the DNS Server role as part of creating an Active Directory Domain Services domain controller, the wizard adds to the list of forwarders the DNS servers that the server was previously configured to use at its DNS servers.
You can also configure your server to forward queries according to specific domain names using conditional forwarders. For more information about configuring a server to use a conditional forwarder, see Assign a Conditional Forwarder for a Domain Name.
You can use this procedure to designate a forwarder for a DNS server using either the DNS Manager snap-in or the dnscmd command-line tool.
Membership in Administrators, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).
Configuring a DNS server to use forwarders
Using the Windows interface
Using a command line
To configure a DNS server to use forwarders using the Windows interface
Open DNS Manager. To open DNS Manager, click Start, point to Administrative Tools, and then click DNS.
In the console tree, click the applicable DNS server. Expand DNS, and then click Applicable DNS server
On the Action menu, click Properties.
On the Forwarders tab, click Edit.
Type the IP address or fully qualified domain name (FQDN) of a forwarder, and then click OK.
Additional considerations
You can use the Up and Down buttons to change the order in which forwarders are queried.
By default, the DNS server waits three seconds for a response from one forwarder IP address before it tries another forwarder IP address. In Number of seconds before forward queries time out, you can change the number of seconds that the DNS server waits. If the overall recursion timeout (by default, 8 seconds) is exceeded before all forwarders are exhausted, the DNS server fails the query. If the overall recursion timeout has not been exceeded and the server exhausts all forwarders, it attempts standard recursion.
You can disable recursion for the DNS server so that it will not perform recursion on any query. If you disable recursion on the DNS server, you will not be able to use forwarders on the same server.
Do not enter a forwarder's IP address more than once in a DNS server's forwarders list because it is a more reliable or geographically closer server. If you prefer one of the forwarders, put that forwarder first in the series of forwarder IP addresses.
Avoid using a primary server as a forwarder, especially if the forwarder is to be used to resolve external (Internet) queries. A primary server should be highly available and not be given the extra work of acting as a forwarder. Also, servers that host zones should not be allowed to communicate directly with the Internet to avoid exposing your internal namespace to external attackers.
To configure a DNS server to use forwarders using a command line
Open a command prompt. To open an elevated Command Prompt window, click Start, point to All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
At the command prompt, type the following command, and then press ENTER:
dnscmd <ServerName> /ResetForwarders <MasterIPaddress ...> [/TimeOut <Time>] [/Slave]
Parameter | Description |
---|---|
dnscmd |
The command-line tool for managing DNS servers. |
<ServerName> |
Required. Specifies the DNS host name of the DNS server. You can also type the IP address of the DNS server. To specify the DNS server on the local computer, you can also type a period (.). |
/ResetForwarders |
Required. Configures a forwarder. |
<MasterIPaddress...> |
Required. Specifies a space-separated list of one or more IP addresses of the DNS servers where queries are forwarded. You may specify a list of space-separated IP addresses. |
/TimeOut |
Specifies the timeout setting. The timeout setting is the number of seconds before unsuccessful forward queries time out. |
<Time> |
Specifies the value for the /TimeOut parameter. The value is in seconds. The default timeout is three seconds. |
/Slave |
Determines whether or not the DNS server uses recursion when it queries for the domain name that is specified by ZoneName. |
To view the complete syntax for this command, at a command prompt, type the following command, and then press ENTER:
dnscmd /ResetForwarders /help