Configure Conditional Forwarding in Windows Server 2012 R2MustBeGeek

Spread the love

Conditional forwarding is another method of resolving external names by forwarding DNS query to another DNS server (or called the Forwarder). Conditional forwarding is different with regular DNS forwarding. In regular DNS forwarding the server will forward all queries that it cannot resolve to the Forwarder, but in conditional forwarding the server will only forward queries to the Forwarder for a specified zone name. In this article we are going to demonstrate the steps to Configure Conditional Forwarding in Windows Server 2012 R2 as well as the reason why conditional forwarding could be your option.

How to Configure Conditional Forwarding in Windows Server 2012 R2

The concept of conditional forwarding somewhat similar to Secondary or Stub zone, where you will create a specific zone name in the DNS server. However, instead of storing copy of records from that zone, in conditional forwarding you will only define the IP address of the Forwarder server. There are two ways to configure conditional forwarding in Windows Server 2012 R2, you can use either DNS Manager or PowerShell.

Method 1. Using DNS Manager

Just like the other DNS configuration, we start from the Server Manager then go to Tools > DNS.

In the DNS Manager window, expand the server name and you will see some items with folder icon. One of the items will be Conditional Forwarders.

Right click on Conditional Forwarders and select New Conditional Forwarder.

Input the zone name in DNS Domain field then add the IP address of the Forwarder server for that name. In this example we want to resolve names in corp.mbg.com and the authoritative server for that domain is 192.168.0.5. To add the IP address simply type it and press Enter key. Don’t worry if it cannot be validated for now.

Notice there is option to enable Active Directory integration. If this option enabled, the conditional forwarder settings will be replicated to all DNS servers in the forest or domain depending on your selection in the dropdown menu.

Click OK to confirm all your settings. You’ll see the result under Conditional Forwarders folder, where the DNS domain name you have specified previously is now resides. If you click on it, you will only see the list of the forwarder.

Method 2. Using PowerShell

The above steps can also be performed using PowerShell. You can enter the command below in an elevated PowerShell window to create new conditional Forwarders.

Add-DnsServerConditionalForwarderZone -Name "DNS_DOMAIN" -MasterServers FORWARDER_IP [-ReplicationScope SCOPE]

Replace the DNS_DOMAIN and FORWARDER_IP with the value according to your settings. Additionally you can also add key ReplicationScope to enable Active Directory integration. When you do, replace the SCOPE with value either Forest/Domain depending on your preference.

Below is the example command that match our requirement in our environment. This command will resulting the same outcome as the previous example using DNS Manager.

Working with Conditional Forwarding in Windows Server 2012 R2

If you install DNS server in Windows Server 2012 R2 you will have at least three options to forward DNS query for a specific zone. You can use either Secondary zone, Stub zone, or enable conditional forwarding. Using conditional forwarding is the most secure option out of those three. This is because conditional forwarding only store the Forwarder IP address and nothing more. In a case where you need forwarding but not possible to keep any records of the external domain, then you can choose to use conditional forwarding.

The trade-off for this security is that administrator must ensure that the Forwarder IP address is static and not going to change very often. As there is no SOA and NS records stored in the DNS server, the administrator needs to update the Conditional Forwarders configuration if the Forwarder address changed. This is why it is important to learn how to configure conditional forwarding in Windows Server 2012 R2.