Forwarder is use for a Domain Name System server on a network forwards DNS queries for external DNS names to DNS servers outside that network. Besides, conditional forwarders can be use to forward queries according to specific domain names.
The DNS servers in the network configured to forward the queries that they cannot resolve locally to that DNS server but a forwarder which is only DNS server that designated to forward the queries for external DNS names. By using a forwarder, name resolution management is allowed for names outside the network, and improves the efficiency of name resolution for the computers in the network.
Diagram above illustrates how external name queries are directed with forwarders. When you designate a DNS server as a forwarder, you make that forwarder responsible for handling external traffic, which limits DNS server exposure to the Internet. In a small amount of time, a forwarder resolves a large number of external DNS queries using cached data that built up by it. This decreases the Internet traffic over the network and the response time for DNS clients.
Behaves of a DNS server that is configured to use a forwarder is different compared to the DNS server that is configured to not use forwarder. The different behaves as follows:
When the DNS server receives a query, it attempts to resolve this query by using the zones that it hosts and by using its cache.
If the query cannot be resolved using local data, the DNS server that is designated as a forwarder can use forward the query
Root hints can be use to resolve the query when a forwarder is not available.
Conditional forwarders are using to forward queries according to domain names by DNS server. A DNS servers can be configure to forward queries to different forwarders according to the specific domain names that are contained in the queries is better than having a DNS server forward all queries it cannot resolve locally to a forwarder. It improves conventional forwarding by adding a name-based condition to the forwarding process.
The conditional forwarder setting consists of the domain names which have specified DNS server IP addresses. When a DNS server performs a query operation, the DNS server will then checks whether the query can be resolved with its own zone or cached data. If the DNS server is configured to forward for the domain name that is designated in the query, the query is forwarded to the specified IP address of a forwarder.
The diagram shows the illustration for each of the queries for the domain names is forwarded to a specified DNS server that is associated with the domain name.
The conditional forwarders can be use to improve name resolution between internal DNS namespaces that are not part of the DNS namespace of the Internet. When you configure the DNS servers in one internal namespace to forward all queries to the authoritative DNS servers in a second internal namespace, conditional forwarders enable name resolution between the two namespaces without performing recursion on the DNS namespace of the Internet. This performance enhances name resolution which also avoids DNS servers performing recursion to your internal root for different namespaces within the network.
Conditional forwarder domain name length
When a DNS server configured with a conditional forwarder receives a query for a domain name, it will compare that domain name with its list of domain name conditions and use the longest domain name condition that corresponds to the domain name in the query.
The diagram shows that the DNS server performs the conditional forwarding logic to determine how a query for a domain name will be forwarded. The DNS server receives a query for networks.example.microsoft.com. Firstly, it compares that domain name with both microsoft.com and example.microsoft.com. Then DNS server determines that example.microsoft.com is the domain name that more closely matches the domain name query. After that, DNS server forwards the query to the DNS server with the IP address 172.31.255.255, which is associated with example.microsoft.com.
For using the forwarders to manage Domain Name System (DNS) traffic, firstly, the network firewall should set to allow only one DNS server to communicate with the Internet. A forwarder is just the DNS server configured to resolve locally when the other DNS servers in the network forward the queries.
The sequence that a DNS server forwards the queries is determine by the order of the IP addresses that are listed as forwarders. After the DNS server forwards the query to the forwarder with the first IP address, it waits a short period of time for an answer from that forwarder (according to the DNS server’s forwarding time-out setting) before resuming the forwarding operation with the next IP address. It continues this process until it receives an affirmative answer from a forwarder.
The diagram is the illustration of DNS servers with the first and second forwarder IP addresses do not respond to the DNS server. The DNS server with the third forwarder IP address responds, and the query is forwarded to that DNS server. The IP addresses in the forwarders list are not ordered according to roundtrip time. So that, it should be reorder the IP addresses manually to change the preference.
Configure a DNS Server to Use Forwarders
There are two ways of configuring a DNS server to use forwarders, which are windows interface and a command line.
The steps to configure a DNS server to use forwarders using the Windows interface:
Open DNS Manager by click Start, point to Administrative Tools, and then click DNS.
To create a new domain name, click New, and then, under DNS domain, type the domain name.
When you specify a conditional forwarder, select a DNS domain name before you enter an IP address.
In the console tree, click the applicable DNS server, DNS/Applicable DNS server
Then, on the Action menu, click Properties.
On the Forwarders tab, click Edit.
Type the IP address or fully qualified domain name (FQDN) of a forwarder, and then click OK.
By default, the DNS server waits five seconds for a response from one forwarder IP address before it tries another forwarder IP address. In Number of seconds before forward queries time out, you can change the number of seconds that the DNS server waits. When the server has exhausted all forwarders, it attempts standard recursion.
If you want the DNS server to only use forwarders and not attempt any further recursion if the forwarders fail, select the Do not use recursion for this domain check box.
You can disable recursion for the DNS server so that it will not perform recursion on any query. If you disable recursion on the DNS server, you will not be able to use forwarders on the same server.
Do not enter a forwarder’s IP address more than once in a DNS server’s forwarders list because it is a more reliable or geographically closer server. If you prefer one of the forwarders, put that forwarder first in the series of forwarder IP addresses.
You cannot use a domain name in a conditional forwarder if the DNS server hosts a primary zone, secondary zone, or stub zone for that domain name. For example, if a DNS server is authoritative for the domain name corp.contoso.com (that is, it hosts the primary zone for that domain name), you cannot configure that DNS server with a conditional forwarder for corp.contoso.com.
You can prevent common problems that are associated with forwarders by configuring your DNS servers to avoid overusing your forwarders.
To configure a DNS server to use forwarders using a command line
Open a command prompt.
Type the following command, and then press ENTER:
dnscmd <ServerName> / ResetForwarders <MasterIPaddress …> [/TimeOut <Time>] [/Slave]
To view the complete syntax for this command, at a command prompt, type the following command, and then press ENTER:
dnscmd / ResetForwarders/help
The table describes the explanation of the parameters:
Specifies the name of the command-line tool for managing DNS servers.
Required. Specifies the DNS host name of the DNS server. You can also type the IP address of the DNS server. To specify the DNS server on the local computer, you can also type a period (.).
Required. Configures a forwarder.
Required. Specifies a space-separated list of one or more IP addresses of the DNS servers where queries are forwarded. You may specify a list of space-separated IP addresses.
Specifies the timeout setting. The timeout setting is the number of seconds before unsuccessful forward queries time out.
Specifies the value for the /TimeOut parameter. The value is in seconds. The default timeout is five seconds.
Determines whether or not the DNS server uses recursion when it queries for the domain name that is specified by ZoneName.
Updating Root Hints
You can use root hints to prepare servers that are authoritative for nonroot zones so that they can discover authoritative servers that manage domains at a higher level or in other subtrees of the DNS domain namespace. These root hints are essential for servers that are authoritative at lower levels of the namespace when locating and finding other servers under these conditions.
For example, suppose that a DNS server (Server A) has a zone called sub.corp.contoso.com. In the process of answering a query for a higher-level domain, such as the corp.contoso.com domain, Server A needs some assistance to locate an authoritative server (such as Server B) for this domain.
For Server A to find Server B-or any other servers that are authoritative for the contoso.com domain, Server A must be able to query the root servers for the DNS namespace. The root servers can then refer Server A to the authoritative servers for the com domain. The servers for the com domain can, in turn, offer referral to Server B or other servers that are authoritative for the contoso.com domain. The root hints that Server A uses must have helpful hints to the root servers for this process to locate Server B (or another authoritative server) as intended.
To configure and use root hints correctly, first answer the following questions about your DNS server:
Are you using DNS on the Internet or on a private network?
Is the DNS server used as a root server?
By default, the DNS Server service implements root hints by using a file, Cache.dns that is stored in the % systemroot% System32Dns folder on the server computer. This file normally contains the name server (NS) and hosts (A) resource records for the Internet root servers. If, however, you are using the DNS Server service on a private network, you can edit or replace this file with similar records that point to your own internal root DNS servers.
Root hints are also treated differently when a DNS server is configured to be used by other DNS servers in an internal namespace as a forwarder for any DNS queries of names that are managed externally (on the Internet, for example). Even though the DNS server that is used as a forwarder can be located internally on the same network as servers that are using it as a forwarder, it needs hints for the Internet root servers to work properly and resolve external names.
If a DNS server is configured to access other DNS servers, such as through a list of DNS servers that is configured in its client TCP/IP properties for an installed network connection, the DNS Server service is capable of gathering its own root hints during new server configuration. You can use the Configure a DNS Server Wizard to accomplish this.
Use Aging and Scavenging
Aging and scavenging is the process by which resource records are given a time stamp when they are created and then removed when their age exceeds a specified limit. This process is especially useful for preventing the accumulation of invalid records when resource records are automatically created, as with dynamic update.
Cite This Work
To export a reference to this article please select a referencing style below: