Understanding DNS Forwarders and Root Hints in Windows DNS Server

You may have built DNS server to resolve names in your internal network, but you will still need to resolve external names. If you install DNS server role on Windows Server, it will perform query forwarding by default and therefore you can have external name resolution. This forwarding can be to a specific DNS server that you configured as the Forwarder, or by default it will go to the Root Hints. If you’re looking for Understanding DNS Forwarders and Root Hints in Windows DNS Server, continue reading through because in this article we’re going to breakdown the details for you.

Understanding DNS Forwarders and Root Hints in Windows DNS Server

When we talk about DNS Forwarders and Root Hints, that means we’re talking about query forwarding. A forwarding only occurs in case where the DNS server cannot resolve a query by using its own data and local cache. Usually this happens when a query comes in for an external name that is outside the configured zones in a DNS server. Knowing how DNS name resolution works is the key of understanding DNS Forwarders and Root Hints in Windows DNS Server. The following flowchart depicts the sequence for DNS name resolution:

Understanding DNS Forwarders and Root Hints in Windows DNS Server - 1

On the above flowchart, you can see where DNS Forwarders and Root Hints takes part in a name resolution. DNS Forwarders itself is a list of DNS servers that can be used as a helper to resolve a query. DNS Forwarders can be another server in the local network or external network. The only thing to consider is the reachability between the servers.

Meanwhile, Root Hints is a list of authoritative name servers for the root DNS names in the internet. On the above flowchart, you can see Root Hints is the last resort for name resolution. DNS Server will contact Root Hints only when it no Forwarders available or when Forwarders cannot resolve the query. This makes the process of name resolution using Root Hints to be longer. It is due to the fact that using Root Hints must wait for the result from other process. Not to mention the delay and latency in the connectivity, as Root Hints is globally utilized by pretty much every DNS server on the internet.

From end-user perspective, forwarding to DNS Forwarders and forwarding to Root Hints are resulting in the same result. However, as you can see above that DNS Forwarders and Root Hints works a bit differently in handling query. DNS Forwarder handles incoming query in recursive manner. This means when the Forwarder receives a forwarded query, it will perform lookup on behalf of the first DNS server. Meanwhile, Root Hints always works in iterative manner. This means Root Hints will only give reference to an authoritative server for a name and let the first DNS server query the reference server directly. Both method works in a loop until answer to a query can be decided found/not found.

Working with DNS Forwarders and Root Hints in Windows DNS Server

Usually it is the administrator who specify Forwarders in the DNS server configuration. To configure DNS Forwarders in Windows DNS Server, you can go to the DNS server properties in Forwarders tab.

Understanding DNS Forwarders and Root Hints in Windows DNS Server - 2

On the other hand, usually Root Hints already preconfigured and is a standard for every DNS server. To see list of the Root Hints, you can go to the same server properties in the Root Hints tab.

Understanding DNS Forwarders and Root Hints in Windows DNS Server - 3

Dealing with DNS Forwarders and Root Hints are something that you can’t avoid as a system administrator. Therefore, understanding DNS Forwarders and Root Hints in Windows DNS Server is essential.

The following two tabs change content below.

Arranda Saputra

ITIL Certified, CCNA, CCDA, VCP6-DCV, MCSA Administering Windows Server 2012
I am IT practitioner in real life with specialization in network and server infrastructure. I have years of experience in design, analysis, operation, and optimization of infrastructure solutions for enterprise-scaled network. You can send me a message on LinkedIn or email to arranda.saputra@outlook.com for further inquiry regarding stuffs that I wrote or opportunity to collaborate in a project.

Latest posts by Arranda Saputra (see all)

scroll to top

The Backup Bible