By default name servers resolve the queries using their own zone file. Or use root hints in case of internet. DNS conditional forwarder is way to direct DNS server to use another DNS for name resolution for a specific domain.

By default whenever a DNS receives a request, server use its internal database called zone file to resolve the request. If it can not find anything, it will go to the public DNS servers through root hints to find appropriate DNS for name resolution.

However there is another way. If you have applied DNS conditional forwarding, instead of going towards public DNS servers it will forward the request to another known DNS and get it resolved from there. Also it will keep the response in its cache to use for future purpose. For example a DNS server having zone yourdomain.com can not resolve your partner domain partnerdomain.com. If you have applied forwarding in your DNS for partnerdomain.com and pointed such queries to partner DNS server. Your clients can resolve partnerdomain.com related through your DNS server and not needed to go to partner DNS server directly.

How to Apply Conditional Forwarding in DNS

1. Open DNS Console.

2. Right click the conditional forwarders and select New conditional forwarder.

3. Provide the domain name for which you want to apply forwarding. Add the IP address of DNS. Select time out means number of seconds before forward queries time out (5 sec by default). After validation is ok and you see a green tick.

4. Click OK. Conditional forwarding is ready.

Use and Advantages Of Conditional Forwarding In DNS

1. Internal and Partner Name Resolution: If you have internal, partner or local domains that you want to resolve quickly, you can use DNS forwarder.
2. Less Internet Bandwidth: Typically DNS forwarders are used on local networks, partner network, VPN, extranet etc. As a result internet less queries are sent outside. It saves internet bandwidth. Also your DNS will maintain local cache and future queries will be resolved locally. It will further optimize you internet traffic.
3. Better Security: Since internet is mostly not involved here and private network are used, this will be more secure.
4. Quick Response and Better User Experience: Since local DNS cache is locally maintained, the response will be quicker. This will improve the performance significantly for frequently access websites.
5. Safe Browsing: It is possible that you can use DNS forwarding to block some websites and specific domain too. (However there are better alternates available in the market to control internet access)
6. Private Name Resolution: In some cases DNS servers are needed to be kept private. You may not want to put it on internet but still want to resolved the queries for your corporate users. DNS forwarding helps in implementing such scenarios.

Apply windows DNS conditional Forwarders Using PowerShell

1. PowerShell to apply forwarding to a single DNS server.
   • Add-DnsServerConditionalForwarderZone -name partnerdomain.com 192.168.0.5
2. PowerShell to apply forwarding to a multiple DNS server.
   • Add-DnsServerConditionalForwarderZone -name partnerdomain.com 192.168.0.5,192.168.0.6

Troubleshooting DNS Forwarding

• DNS record are missing: The administrator need to create the DNS record in case DNS record does not exist.
• Port blocked: It is often observed configuration is correct but the port 53 is blocked either on network or operating system firewall.
• Aging and scavenging: Scavenging is common cause of DNS issue. If you have misconfigured DNS aging or scavenging. No refresh and refresh intervals are too low, it may result into name resolution issues.
• DNS Firewall & Security: Some DNS firewalls and security tools restrict the traffic. You may need to check in your network if such security is implemented and act accordingly.
• DNS Misconfigurations: You maybe be pointing to the wrong DNS server. In such case you need to rectify TCP/IP settings.

Conditional Forwarding in Active Directory Environment

DNS forwarder is frequently used in active directory environments to resolve interdomain, inter-forest, partner and third party name resolution. In complex environments having multiple forests or domain, DNS forwarding helps in quick easy and reliable name resolution without relying on public networks.

You need to have a very good understanding of DNS server to get understand completely about forwarding. The article is written by using Microsoft Windows DNS Server 2019 standard operating system. For other windows servers operating systems process remains same.

Frequently Asked Questions (FAQ)