Using Forwarders to Manage DNS Servers

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

If you want to use forwarders to manage the Domain Name System (DNS) traffic between your network and the Internet, configure your network firewall to allow only one DNS server to communicate with the Internet. When you have configured the other DNS servers in your network to forward queries that they cannot resolve locally to that DNS server, it will act as your forwarder.

Consider the following tips for efficient forwarder configuration and use:

  • Keep forwarder configuration uncomplicated. For every DNS server that is configured with a forwarder, queries can be sent to a number of different places. Each forwarder and each conditional forwarder must be administered for the benefit of DNS client queries, and this process can be time consuming. Use forwarders strategically — where they are needed the most — for example, for resolving offsite queries or for sharing information between namespaces.

  • Avoid chaining your forwarders. If you have configured a DNS server named server1 to forward queries for wingtiptoys.corp.com to DNS server server2, do not configure server2 to forward queries for wingtiptoys.corp.com to DNS server server3. This is an inefficient resolution process, and it can result in errors if server3 is accidentally configured to forward queries for wingtiptoys.corp.com to server1.

  • Do not concentrate too great a load on forwarders. The recursive queries that forwarders send to the Internet can require a significant amount of time to answer because of the nature of the Internet. When large numbers of internal DNS servers use these forwarders for Internet queries, the server can experience a substantial concentration of network traffic. If network load is an issue, use more than one forwarder and distribute the load between them.

  • Do not create inefficient resolution by using forwarders. The DNS server attempts to forward domain names according to the order in which the domain names are configured in the DNS console. For example, a DNS server in Seattle may be incorrectly configured to forward a query to a server in London, instead of another server in Seattle, because the server in London is higher up in the forwarders list. This decreases the efficiency of name resolution on the network. Evaluate your network's forwarding configurations periodically to see if there are similar, inefficient configurations.

To complete this task, perform the following procedure: