IgNiTeD SoUL

Problem

You want to configure forwarding to allow for name resolution outside of your corporate network.

Solution

Using a graphical user interface

Using a command-line interface

The following command sets the default forwarders. Replace <IPsOfForwarders> with a space-separated list of IP addresses for the nameservers to forward requests to.

	>  
dnscmd <ServerName> /resetforwarders <IPsOfForwaders>

For example:

	> dnscmd dns01 /resetforwarders 10.22.3.4 10.22.3.5

The following command creates a domain-based forwarder:

	> dnscmd <ServerName> /zoneadd <DomainName> /forwarder <IPsOfForwarders>

The following command configures the default forwarder timeout:

	> dnscmd <ServerName> /config / 
forwardingtimeout <NumSeconds>

The following command configures the forwarder timeout for a specific domain:

	> dnscmd <ServerName> /config <DomainName> /forwardertimeout <NumSeconds>

Using VBScript

	' This code enumerates the default forwarders.
	' ------ SCRIPT CONFIGURATION ------
	strServer = "<ServerName> " ' e.g. dns1.rallencorp.com
	' ------ END CONFIGURATION --------

	set objDNS = GetObject("winMgmts:\\" & strServer & "\root\MicrosoftDNS")
	set objDNSServer = objDNS.Get("MicrosoftDNS_Server.Name="".""")
	for each strForwarder in objDNSServer.Forwarders
	   Wscript.Echo strForwarder
	Next

	' This code sets the default forwarders.
	' ------ SCRIPT CONFIGURATION ------
	strServer = "<ServerName>" ' e.g. dns1.rallencorp.com
	arrForwarders = Array("<IP1>","<IP2>")
	' ------ END CONFIGURATION --------

	set objDNS = GetObject("winMgmts:\\" & strServer & "\root\MicrosoftDNS")
	set objDNSServer = objDNS.Get("MicrosoftDNS_Server.Name="".""")
	objDNSServer.Forwarders = arrForwarders
	objDNSServer.Put_
	Wscript.Echo "Successfully set default forwarders"
	' This code sets the  
forwarders for a specific domain.
	' ------ SCRIPT CONFIGURATION ------
	strServer = "<ServerName>" ' e.g.  
dns01
	strNewZone = "<ZoneName>"  ' e.g. othercorp.com
	arrMasterIPs = Array("<IP1>","<IP2>") ' replace <IPx> with IPs of master server
	' ------ END CONFIGURATION --------
	on error resume next
	set objDNS = GetObject("winMgmts:\\" & strServer & "\root\MicrosoftDNS")
	set objDNSZone = objDNS.Get("MicrosoftDNS_Zone")
	strNull = objDNSZone.CreateZone(strNewZone,3,false,"",arrMasterIPs)
	if Err then
	   WScript.Echo "Error occurred creating zone: " & Err.Description
	else
	   WScript.Echo "Domain forwarder created."
	end if

Discussion

Nameservers have long supported the notion of forwarders. Rather than sending all unresolved queries to the root Internet nameservers, you can use forwarders to send queries to a specific server or set of servers, perhaps hosted by your ISP or by a partner corporation. This allows you to better control the name resolution process on your network.

Microsoft has extended this capability in Windows Server 2003 to support conditional forwarding. With conditional forwarding, you can forward unresolved queries for specific domains to different nameservers. The most common use of conditional forwarding is when you have two or more noncontiguous namespaces. Consider, for example, a merger between the rallencorp.com and othercorp.com corporations. Normally, for the nameservers of rallencorp.com to resolve queries for othercorp.com, the queries would have to first be forwarded to the root Internet nameservers. With conditional forwarding, you can configure the rallencorp.com DNS servers so that all requests for othercorp.com should be sent directly to the othercorp.com nameservers and all other unresolved queries should be sent to the Internet, and vice versa. The trade-off for this feature is the additional CPU processing that’s necessary to examine each query and forward it to the appropriate server, rather than just funneling all unresolved queries to a single external server.