The act of DNS forwarding refers to the relaying of a DNS request from one server to another one when the first DNS server is unable to process the request. This is especially useful in resolving internet names to their associated IP addresses. By using a DNS forwarder, your internal DNS server passes off the act of locating an external resource (i.e. a public web site, public ftp site, public e-mail server) to a public DNS server, thereby reducing its processing load and network bandwidth. The use of forwarding is also helpful for protecting internal DNS servers from access by unauthorized internet users. It works in the following manner:
- Step 1. A client issues a request for a fully qualified domain name (FQDN) on a zone for which its preferred DNS server is not authoritative (for example, an internet domain such as www.google.com).
- Step 2. The local DNS server receives this request but has zone information only for the internal local domain and checks its list of forwarders.
- Step 3. Finding the IP address of an external DNS server (such as one hosted by the company’s ISP), it forwards the request to the external server (forwarder).
- Step 4. The forwarder attempts to resolve the required FQDN. Should it not be able to resolve this FQDN, it forwards the request to another forwarder.
- Step 5. When the forwarder is able to resolve the FQDN, it returns the result to the internal DNS server by way of any intermediate forwarders, which then returns the result to the requesting client.
The forwarders tab in DNS Manager is the place where you would type in the DNS server addresses provided to you by your ISP so that you would have a reference point to at least 2 Public DNS Servers to use to resolve Internet Domain Names. Remember DNS is key to letting you use user friendly names for internet services (i.e. microsoft.com, google.com, etc). Without forwarders to your ISP’s DNS server, access to external resources would rely on the DNS root servers listed on the Root Hints tab being up to date and valid.
Note: Membership in the Administrators group, or equivalent, is required to configure DNS.
Whenever a DNS server is unable to resolve a name directly from its own database or with the aid of a forwarder, it sends the query to a server that is authoritative for the DNS root zone. The server must have the names and addresses of these root servers stored in its database to perform such a query. These names and addresses are known as “Root Hints”, and they are stored in the cache.dns file, which is found at \%systemroot\%system32dns. This is a text file that contains NS and A records for every available root server. When you first install DNS on a server connected to the internet, it should download the latest set of root hints automatically. You can verify that this has occurred by checking the Root Hints tab of the server’s properties dialog box. You should see a series of FQDNs with their corresponding IP addresses.
Conditional forwarding is where a specific DNS Server is entered against an IP address as the point to send DNS queries to for that particular domain name. In other words, the local DNS server will forward all the queries that it receives for names ending with that specific domain name to the conditional forwarder specified.
Once you have configured your DNS server, you can test your settings by going to the “Monitoring” tab. Here you can choose to run a query against your new DNS server, or recursive queries to other DNS servers.
This article is a part of 70-410 Installing and Configuring Windows Server 2012 Prep course, more articles in this course are :
70-410 Installing and Configuring Windows Server 2012 Prep course includes following practice tests: