Configure a DNS server to use forwarders

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To configure a DNS server to use forwarders

  • Using the Windows interface

  • Using a command line

Using the Windows interface

  1. Open the DNS snap-in.

  2. In the console tree, click the applicable Domain Name System (DNS) server.

    Where?

    • DNS/applicable DNS server
  3. On the Action menu, click Properties.

  4. On the Forwarders tab, click Edit.

  5. Type the IP address for the fully qualified domain name (FQDN) of a forwarder, and then click OK.

Notes

  • To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.

  • To open DNS, click Start, click Control Panel, double-click Administrative Tools, and then double-click DNS.

  • By default, the DNS server will wait 5 seconds for a response from one forwarder IP address before trying another forwarder IP address. In Number of seconds before forward queries time out, you can change the number of seconds the DNS server will wait. When the server has exhausted all forwarders, it will attempt standard recursion.

  • If you want the DNS server to only use forwarders and not attempt any further recursion if the forwarders fail, select the Do not use recursion for this domain check box.

    You can disable recursion for the DNS server so that it will not perform recursion on any query. If you disable recursion on the DNS server, you will not be able to use forwarders on the same server. For more information about disabling recursion on the DNS server, see Related Links.

  • Do not enter a forwarder's IP address more than once in a DNS server's forwarders list because it is a more reliable or geographically closer server. If one of the forwarders is preferred, that forwarder should be ordered first in the series of forwarder IP addresses.

  • Problems associated with forwarders often result from inefficient configurations and overuse.

Using a command line

  1. Open Command Prompt.

  2. Type:

    dnscmdServerName**/ZoneAddZoneName/ForwarderMasterIPaddress ... [/TimeOut** Time] [/Slave]

Value Description

dnscmd

Specifies the name of the command-line tool.

ServerName

Required. Specifies the DNS host name of the DNS server. You can also type the IP address of the DNS server. To specify the DNS server on the local computer, you can also type a period (.).

/ZoneAdd

Required. Adds a zone.

ZoneName

Required. Specifies the FQDN of the zone.

/Forwarder

Required. Specifies the command to configure a forwarder. When configuring forwarders on DNS servers running on Active Directory domain controllers, you must use /DsForwarder in place of /Forwarder. /DsForwarder will replicate the forwarder setting to all DNS servers running on domain controllers in an Active Directory domain.

MasterIPaddress...

Required. Specifies a space-separated list of one or more IP addresses of the DNS servers where queries for ZoneName are forwarded. You may specify a list of space-separated IP addresses.

/TimeOut

Specifies the timeout setting. The timeout setting is the number of seconds before unsuccessful forward queries time out.

Time

Specifies the value for the /TimeOut parameter. The value is in seconds. The default timeout is 5 seconds.

/Slave

Determines whether or not the DNS server uses recursion when querying for the domain name specified by ZoneName.

Notes

  • To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.

  • To open a command prompt, click Start, point to All programs, point to Accessories, and then click Command prompt.

  • This procedure requires the Dnscmd Windows support tool. For information about installing Windows support tools, see Related Links.

  • To view the complete syntax for this command, at a command prompt, type:

    dnscmd/ZoneAdd/help

  • To view a zone added for use as only a conditional forwarder, use the following command:

    dnscmdServerName**/ZoneInfo**ZoneName

  • To reset the forwarder IP addresses for a conditional forwarder domain name, type:

    dnscmdServerName**/ZoneResetMastersZoneName [/Local**] [ServerIPs]

    The /Local parameter sets the local master list for Active Directory–integrated forwarders, and the ServerIPs parameter is the list of one or more IP addresses of master servers for the zone. Master servers may include DNS servers that host primary or secondary copies of the zone, but they should not include DNS server IP addresses in such a way that two DNS servers hosting copies of a zone use each other as master servers. Such a configuration would make the forwardering path cyclical.

  • To reset the standard, nonconditional forwarder for a DNS server, type:

    dnscmdServerName**/ResetForwarders** [IPAddress ...] [ /[No]Slave ] [/TimeOut Time]

    The parameter IPAddress is the IP address where the DNS server will forward unsolvable DNS queries. The /Slave parameter sets the DNS server as a subordinate server. The /NoSlave parameter (default setting) sets the DNS server as a nonsubordinate server, meaning that it will perform recursion. The /Timeout and Time parameters are described in the table above.

  • You cannot use a domain name in a conditional forwarder if the DNS server hosts a primary, secondary, or stub zone for that domain name. For example, if a DNS server is authoritative for the domain name example.microsoft.com (hosts the primary zone for that domain name), you cannot configure that DNS server with a conditional forwarder for example.microsoft.com.

  • Problems associated with forwarders often result from inefficient configurations and overuse.

Formatting legend

Format Meaning

Italic

Information that the user must supply

Bold

Elements that the user must type exactly as shown

Ellipsis (...)

Parameter that can be repeated several times in a command line

Between brackets ([])

Optional items

Between braces ({}); choices separated by pipe (|). Example: {even|odd}

Set of choices from which the user must choose only one

Courier font

Code or program output

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also

Concepts

How DNS query works
Using forwarders
Disable recursion on the DNS server
Install Windows Support Tools
Directing queries through forwarders