How To Properly Setup DNS Forwarders On Windows Server

domain-name-system internal-dns windows-server-2008-r2 domain-controller forwarding

You shouldn't have a reason to forward to other AD servers, as DNS should be replicating between them already.

The only reason I can think of for this would be if you wanted only one DNS server to be the one querying the internet for non-authoritative FQDNs.

Usually the forwarders (used to resolve non-authoritative lookups) are set to external DNS servers like your ISP's or a common public resolver like 8.8.8.8 or just use Root Hint servers.

Conditional forwarding is different though...


Not knowing how your environment is set up and what your goals are I'll risk suggesting that you shouldn't have your DC/DNS servers using any other DC/DNS servers as forwarders.

The only scenario where I've seen internal DNS servers using other internal DNS servers as forwarders is when the security policy restricts outbound DNS traffic to a few secured DNS servers. All other DNS servers forward non-authoritative queries to these secured DNS servers. I'm making an assumption that this is not the case in your scenario.

If that's true then remove the DC's from the forwarders tab and use the root hints or add forwarders to external DNS servers (8.8.8.8, etc.) for non-authoritative queries.

Related

How can I check if certificates generated with openssl are vulnerable to heartbleed
How to parse audit.log using logstash
Setting up IPv6 on Apache2
rsync taking 100% of CPU and hours to complete
Fastest way to scan all hosts that are online
How to find all hostnames (even laptops that aren't currently on the network) on a network?
RAID 10 - many slow disks vs fewer fast disks
Intel Xeon processors: Difference between 2S/4S and S2S/S4S scalability
How to set an IP address in server_name directive, not a domain name?
Deploying to multiple accounts with Terraform?
How to resize main filesystem
No space left on device - Fedora 23 [closed]