How can I verify Windows DNS forwarders are working?

I thought I knew how to do this, but I guess not.

Even the d2 debugging in nslookup doesn't show the actual forwarder being queried.

So...let's say I set up DNS forwarders in a Windows DNS server and then query using nslookup (or something else?) that server for an external FQDN like "www.purpleflowers.com".

Can I actually see where the Windows DNS server is querying its forwarder, which forwarder it ended up using, and the response from that forwarder?

Solution 1:

Can I actually see where the Windows DNS server is querying its forwarder, which forwarder it ended up using, and the response from that forwarder?

I am not aware of any logs that would give you that detail. But you could always start a packet capture filtering for DNS traffic. You should see the requests come in from your clients, and requests going out to your configured forwarders for requests that couldn't be answered from the cache.

Solution 2:

DNS packages doesn't contain information about its source and destination they are doing automatically using the DNS query cascade.

What you can do to know if it's working the forwarders or not is to set up a client with the Windows Server DNS IP as only DNS.

Make sure to clean up the cache by executing (ipconfig /flushdns) on client.

Then try without any forwarder configured it, you should have issues to hit external sites. (remember that there's cache information involved in client and in server too that needs to be cleaned up).

Then try using one forwarder like 8.8.8.8 and you should be able to reach the sites, but the specific ip of what DNS server is being queried you won't be able to get that information since in the networking level there's no such information.

Here's an interesting question related to what you want: https://www.experts-exchange.com/questions/24079211/How-can-I-trace-the-DNS-forwarder-query-from-my-Server.html