Configure forwarders for a DNS server

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

If you use this procedure to configure a conditional forwarder, note that you cannot use a domain name in a conditional forwarder if the DNS server hosts a primary zone, secondary zone, or stub zone for that domain name. For example, if a DNS server is authoritative for the domain name wingtiptoys.corp.com (that is, it hosts the primary zone for that domain name), you cannot configure that DNS server with a conditional forwarder for wingtiptoys.corp.com.

You can perform this procedure by using the DNS snap-in or by using the Dnscmd command-line tool.

Administrative credentials

To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using the Run as command to perform this procedure.

Configuring forwarders for a DNS server

  • Using the Windows interface

  • Using the command line

To configure forwarders for a DNS server using the Windows graphical user interface

  1. Open the DNS snap-in.

  2. In the console tree, click the applicable DNS server.

  3. On the Action menu, click Properties.

  4. On the Forwarders tab, under DNS domain, click a domain name.

    Note

    To create a new domain name, click New, and then, under DNS domain, type the domain name.

  5. Under Selected domain's forwarder IP address list, type the Internet Protocol (IP) address of a forwarder, and then click Add.

    Note

    When you specify a conditional forwarder, select a DNS domain name before you enter an IP address.

  6. By default, the DNS server waits five seconds for a response from one forwarder IP address before trying another forwarder IP address. In Number of seconds before forward queries time out, you can change the number of seconds that the DNS server waits. If the overall recursion timeout (by default, 15 seconds) is exceeded before all forwarders are exhausted, the DNS server fails the query. If the overall recursion timeout has not been exceeded and the server exhausts all forwarders, it attempts standard recursion.

  7. If you want the DNS server to only use forwarders and not attempt any further recursion if the forwarders fail, select the Do not use recursion for this domain check box.

    Note

    You can disable recursion for the DNS server so that it does not perform recursion on any query. If you disable recursion on the DNS server, you will not be able to use forwarders on the same server.

Note

To open the DNS snap-in, click Start, point to Administrative Tools, and then click DNS.

To configure forwarders for a DNS server using the command line

  • At a command prompt, type the following command, and then press ENTER:

    dnscmd ServerName /ZoneAdd ZoneName /Forwarder MasterIPaddress [/TimeOut Time][/Slave]

    Value Description

    ServerName

    Specifies the DNS host name of the DNS server. You can also type the IP address of the DNS server. To specify the DNS server on the local computer, you can also type a period (.).

    ZoneName

    Specifies the fully qualified domain name (FQDN) of the zone.

    MasterIPaddress

    Specifies a space-separated list of one or more IP addresses of the DNS servers where queries for ZoneName are forwarded. You can specify a list of space-separated IP addresses.

    Time

    Specifies the value for the /TimeOut parameter. The value is in seconds. The default timeout is five seconds.