Conditional Forwarding in Windows Server 2003 (304491)
The information in this article applies to:
- Microsoft Windows Server 2003, Standard Edition
- Microsoft Windows Server 2003, Enterprise Edition
- Microsoft Windows Small Business Server 2003, Premium Edition
- Microsoft Windows Small Business Server 2003, Standard Edition
This article was previously published under Q304491 SUMMARY This article describes the Conditional Forwarding feature
that is included in Windows Server 2003. A Windows Server 2003-based DNS server
can use conditional forwarding to forward queries to other DNS servers based on
the DNS domain names that are in the queries. For example, with conditional
forwarding, a Windows Server 2003-based DNS server could be configured to
forward all of the queries it receives for names that end with
sales.microsoft.com to a specific DNS server's IP address, or to the IP
addresses of multiple DNS servers. Only Windows Server 2003-based servers can
be configured to do this forwarding, but the servers that are running DNS and
that receive these forwarded queries can be running any version of DNS.
MORE INFORMATIONIntranet Name Resolution In addition to the benefits of forwarders, conditional forwarding
allows for more specific name resolution for off-site and internal domains.
Conditional forwarding can benefit internal name resolution by configuring DNS
servers with specific forwarders for internal domain names. For example, all
name servers in the microsoft.com domain could be configured to forward queries
for names that end with marketing.microsoft.com to the authoritative server for
marketing.microsoft.com, and this removes the step of querying the internal
root servers of microsoft.com, if available, or removes the step of configuring
DNS servers in the microsoft.com zone with secondary zones for
marketing.microsoft.com. Internet Name Resolution DNS servers can use forwarding as a means of resolving queries
between the domain names of companies that share information. For example, two
companies, Company1 and Company2, allow clients of Company1 to resolve the
names of the DNS clients of Company2. The administrators from Company2 inform
the administrators of Company1 about the set of DNS servers in the Company2
network where Company1 DNS servers can send queries for the domain
company2.com. The DNS servers within the Company1 network are configured to
forward all queries for names that ending with company2.com to the designated
DNS servers in the Company2 company. Consequently, the DNS servers in the
Company1 network do not need to query their internal root servers, or the
Internet root servers, to resolve queries for names that end with company2.com.
Using Conditional Forwarders Rather than having a DNS server forward all queries it cannot
resolve to forwarders, the DNS server can forward queries for different domain
names to different DNS servers according to the specific domain names that are
contained in the queries. Forwarding according to these domain-name conditions
improves conventional forwarding by adding a second condition to the forwarding
process. A conditional forwarder setting consists of a domain name
and the IP address of one or more DNS servers. To configure a DNS server for
conditional forwarding, a list of domain names is set up on the Windows Server
2003-based DNS server along with the DNS server IP address. When a DNS client
or server performs a query operation against a Windows Server 2003-based DNS
server that is configured for forwarding, the DNS server looks to see if the
query can be resolved by using its own zone data or the zone data that is
stored in its cache, and then, if the DNS server is configured to forward for
the domain name that is designated in the query (a match), the query is
forwarded to the IP address of a DNS Server that is associated with the domain
name. If the DNS server has no domain name listed for the name that is
designated in the query, it attempts to resolve the query by using standard
recursion. Forwarding Sequence A DNS server that is configured for forwarding uses forwarders
after it has determined that it cannot resolve a query by using its
authoritative data (primary or secondary zone data) or cached data. If the
server cannot resolve a query by using forwarders, it may attempt
recursion. The order of the IP addresses determines the sequence in
which the IP addresses are used. After the DNS server forwards the query to the
forwarder with the first IP address that is associated with the domain name, it
waits a short period for an answer from that forwarder (according to the DNS
server's time out setting) before it resumes the forwarding operation with the
next IP address that is associated with the domain name. It continues this
process until it receives an affirmative answer from a forwarder.
Unlike conventional resolution, where a roundtrip time (RTT) is associated with
each server, the IP addresses in the forwarders list are not ordered according
to roundtrip time and must be reordered manually to change preference. Notes- Authoritative DNS servers cannot forward queries for the
domain names for which they are authoritative. For example, the authoritative
DNS server for the zone research.microsoft.com cannot forward queries according
to the research.microsoft.com domain name. If the DNS server were allowed to do
this, it would nullify the server's ability to respond to queries for the
research.microsoft.com domain name. The DNS server that is authoritative for
research.microsoft.com can forward queries for DNS names that end with
uk.research.microsoft.com, if uk.research.microsoft.com is delegated to another
DNS server.
- When a Windows Server 2003-based DNS server that is
configured to use conditional forwarding receives a query for a domain name, it
compares that domain name with its list of domain name conditions and uses the
longest domain name condition that corresponds to the domain name in the query.
For example, a DNS server is configured to forward queries to the 10.10.10.1 IP
address when the domain name in the query is microsoft.com, and to forward
queries to the 10.10.10.100 IP address when the domain name in the query is
sales.microsoft.com. When the DNS server receives a query for
uk.sales.microsoft.com, it compares that domain name with both microsoft.com
and example.microsoft.com. Both microsoft.com and sales.microsoft.com are
contained in the query, but sales.microsoft.com is longer and the query is
forwarded to the 10.10.10.100 IP address, which is associated with
sales.microsoft.com.
- You can disable recursion for the DNS server so that it
does not use recursion on any query. If you disable recursion on the DNS
server, you cannot use forwarders on the same server.
For more information about conditional forwarding in DNS, refer
to DNS Manager snap-in Help.
| Modification Type: | Major | Last Reviewed: | 12/3/2003 |
|---|
| Keywords: | kbinfo kbnetwork KB304491 |
|---|
|