none
conditional forwarder not working RRS feed

  • Question

  • we have a conditional forwarder to a company we aquired, which does not appear to be working - how can I troubleshoot why that is?

    Our DNS servers are configured to use forwarders to a clod provider instead of root hints. In addition to that we have conditioinal forwarders for "domain.ro" pointing to the DNS servers internally for that zone. It looks like that requests are being sent to the main DNS forwarders and the conditional forwarding rule being ignored - any idea why that is?

    Thursday, July 4, 2019 1:49 PM

Answers

  • The DNS Server will query the DNS forwarder on behalf of the client.  Then the DNS server will cache the information into DNS cache and will send the information to the client

    This article may help you

    https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/reviewing-dns-concepts

    In this example, the following events occur:
    1.A client queries a DNS server for the name ftp.contoso.com.

    2.The DNS server forwards the query to another DNS server, known as a forwarder.

    3.Because the forwarder is not authoritative for the name and does not have the answer in its cache, it uses root hints to find the IP address of the DNS root server.

    4.The forwarder uses an iterative query to ask the DNS root server to resolve the name ftp.contoso.com. Because the name ftp.contoso.com ends with the name com, the DNS root server returns a referral to the Com server that hosts the com zone.

    5.The forwarder uses an iterative query to ask the Com server to resolve the name ftp.contoso.com. Because the name ftp.contoso.com ends with the name contoso.com, the Com server returns a referral to the Contoso server that hosts the contoso.com zone.

    6.The forwarder uses an iterative query to ask the Contoso server to resolve the name ftp.contoso.com. The Contoso server finds the answer in its zone files, and then returns the answer to the server.

    7.The forwarder then returns the result to the original DNS server.

    8.The original DNS server then returns the result to the client.


    This posting is provided AS IS without warranty of any kind

    • Marked as answer by PPAdm7 Friday, July 5, 2019 6:23 AM
    Thursday, July 4, 2019 7:53 PM

All replies

  • When you have configured your Conditional Forwarder, did you check the box to store this conditional forwarder in Active Directory (DNS Servers in Forest or in Domain).

    If not, only the DNS Server you have the conditional forwarder on will work.


    This posting is provided AS IS without warranty of any kind

    Thursday, July 4, 2019 2:14 PM
  • Yes, they are AD integrated.

    I actually did wireshark capture earlier on our DC and it seems UDP 53 packets are being sent to "domain.ro" DNS, but there are no replies. So contrary to what networks are saying the forwarder is working or trying to poll the remote DNS server as per the conditional forwarder settings.

    Now we need to figure our what is happening. Apparently there is unidirectional UDP 53 rule only which explains how our local DNS is sending the query...

    Thursday, July 4, 2019 5:26 PM
  • The DNS Server will query the DNS forwarder on behalf of the client.  Then the DNS server will cache the information into DNS cache and will send the information to the client

    This article may help you

    https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/reviewing-dns-concepts

    In this example, the following events occur:
    1.A client queries a DNS server for the name ftp.contoso.com.

    2.The DNS server forwards the query to another DNS server, known as a forwarder.

    3.Because the forwarder is not authoritative for the name and does not have the answer in its cache, it uses root hints to find the IP address of the DNS root server.

    4.The forwarder uses an iterative query to ask the DNS root server to resolve the name ftp.contoso.com. Because the name ftp.contoso.com ends with the name com, the DNS root server returns a referral to the Com server that hosts the com zone.

    5.The forwarder uses an iterative query to ask the Com server to resolve the name ftp.contoso.com. Because the name ftp.contoso.com ends with the name contoso.com, the Com server returns a referral to the Contoso server that hosts the contoso.com zone.

    6.The forwarder uses an iterative query to ask the Contoso server to resolve the name ftp.contoso.com. The Contoso server finds the answer in its zone files, and then returns the answer to the server.

    7.The forwarder then returns the result to the original DNS server.

    8.The original DNS server then returns the result to the client.


    This posting is provided AS IS without warranty of any kind

    • Marked as answer by PPAdm7 Friday, July 5, 2019 6:23 AM
    Thursday, July 4, 2019 7:53 PM