Using Forwarding

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

If a DNS server does not have the data to resolve a query in its cache or in its zone data, it forwards the query to another DNS server, known as a forwarder. Forwarders are ordinary DNS servers and require no special configuration; a DNS server is called a forwarder because it is the recipient of a query forwarded by another DNS server.

Use forwarding for off-site or Internet traffic. For example, a branch office DNS server can forward all off-site traffic to a forwarder at the company headquarters, and an internal DNS server can forward all Internet traffic to a forwarder on the external network. To ensure fault tolerance, forward queries to more than one forwarder.

Forwarders can increase network security by minimizing the list of DNS servers that communicate across a firewall.

You can use conditional forwarding to more precisely control the name resolution process. Conditional forwarding enables you to designate specific forwarders for specific DNS names. You can use conditional forwarding to resolve the following:

• Queries for names in off-site internal domains

• Queries for names in other namespaces

Using Conditional Forwarding to Query for Names in Off-Site Internal Domains

In Windows Server 2003 DNS, non-root servers resolve names for which they are not authoritative, do not have a delegation, and do not have in their cache by doing one of the following:

• Querying a root server.

• Forwarding queries to a forwarder.

Both of these methods generate additional network traffic. For example, a non-root server in Site A is configured to forward queries to a forwarder in Site B, and it must resolve a name in a zone hosted by a server in Site C. Because the non-root server can forward queries only to Site B, it cannot directly query the server in Site C. Instead, it forwards the query to the forwarder in Site B, and the forwarder queries the server in Site C.

When you use conditional forwarding, you can configure your DNS servers to forward queries to different servers based on the domain name specified in the query. This eliminates steps in the forwarding chain and reduces network traffic. When conditional forwarding is applied, the server in Site A can forward queries to forwarders in Site B or Site C, as appropriate.

For example, the computers in the Seville site need to query computers in the Hong Kong site. Both sites use a common DNS root server, DNS3.corp.fabrikam.com, located in Seville.

Before the Contoso Corporation upgraded to Windows Server 2003, the server in Seville forwarded all queries that it could not resolve to its parent server, DNS1.corp.contoso.com, in Seattle. When the server in Seville queried for names in the Hong Kong site, the server in Seville first forwarded those queries to Seattle.

After upgrading to Windows Server 2003, administrators configured the DNS server in Seville to forward queries destined for the Hong Kong site directly to a server in that site, instead of first detouring to Seattle, as shown in Figure 3.7.

Figure 3.7   Conditional Forwarding to an Off-Site Server

Administrators configured DNS3.corp.fabrikam.com to forward any queries for corp.treyresearch.com to DNS5.corp.treyresearch.com or DNS6.corp.treyresearch.com. DNS3.corp.fabrikam.com forwards all other queries to DNS1.corp.contoso.com or DNS2.corp.contoso.com.

For more information about conditional forwarding in Windows Server 2003 DNS, see the Networking Collection of the Windows Server 2003 Technical Reference (or see the Networking Collection on the Web at https://www.microsoft.com/reskit).

Using Conditional Forwarding to Query for Names in Other Namespaces

If your internal network does not have a private root and your users need access to other namespaces, such as a network belonging to a partner company, use conditional forwarding to enable servers to query for names in other namespaces. Conditional forwarding in Windows Server 2003 DNS eliminates the need for secondary zones by configuring DNS servers to forward queries to different servers based on the domain name.

For example, the Contoso Corporation includes two namespaces: Contoso and Trey Research. Computers in each division need access to the other namespace. In addition, computers in both divisions need access to computers in the Supplier private namespace.

Before upgrading to Windows Server 2003, the Trey Research division created secondary zones to ensure that computers in both the Contoso and Trey Research namespace can resolve names in the Contoso, Trey Research, and Supplier namespaces. After upgrading to Windows Server 2003, the Trey Research division deleted its secondary zones and configured conditional forwarding instead.