Using Query Forwarding

Applies To: Windows Server 2008

A forwarder is a Domain Name System (DNS) server on a network that you can use to forward DNS queries for external DNS names to DNS servers outside that network. You can also use conditional forwarders to forward queries according to specific domain names.

A DNS server on a network is designated as a forwarder when you configure the other DNS servers in the network to forward the queries that they cannot resolve locally to that DNS server. By using a forwarder, you can manage name resolution for names outside your network, such as names on the Internet

To use forwarders to manage the DNS traffic between your network and the Internet, configure your network's firewall to allow only a dedicated set of DNS servers to communicate with the Internet. When you configure other DNS servers in your network to forward queries that they cannot resolve locally to these designated DNS servers, they act as your forwarders. DNS servers that forward queries to the Internet should not host zones to avoid exposing your internal network namespace to external attackers.

Conditional forwarders are DNS servers that forward queries according to domain names. Rather than having a DNS server forward all queries that it cannot resolve locally to a forwarder, you can configure DNS servers to forward queries to different forwarders according to the specific domain names that are contained in the queries. Forwarding according to domain names improves conventional forwarding by adding a name-based condition to the forwarding process.

You can use conditional forwarders to improve name resolution between internal (private) DNS namespaces that are not part of the DNS namespace of the Internet. For example a company merger may result in such DNS namespaces. When you configure the DNS servers in one internal namespace to forward all queries to the authoritative DNS servers in a second internal namespace, conditional forwarders enable name resolution between the two namespaces without performing recursion on the DNS namespace of the Internet. This name resolution enhancement also helps avoid situations in which your DNS servers perform recursion to your internal root for different namespaces within your network.

To complete this task, perform the following procedures:

• Configure a DNS Server to Use Forwarders

• Assign a Conditional Forwarder for a Domain Name