Implementing DNS Forwarding

Sign up to access this lesson

Click here to sign up and get access to this lesson!

Saving Progress...

In this Video we will: 

  • We will illustrate how DNS Forwarding can work in your organization.
  • We will consider a common scenario in which DNS forwarding can be deployed.
  • At the completion of this lecture you will gain valuable-work related knowledge and experience by utilizing and implementing the steps given in this lecture.

Prerequisites: You must have access to or have installed in your lab the following: 

  • One Windows 2016 Server with Active Directory installed and promoted to a domain controller (DNS installs automatically).
  • Or a VM with the identical configuration.
  • Don’t forget to download the supplemental information that I have supplied with this lecture.

Adequate permissions will be needed 

  • To configure a DNS server that is running on a domain controller, you must be a member of the DNS Administrators, Domain Administrators, or Enterprise Administrators group.

So what is forwarding?  And how are forwarders used? 

A forwarder is a DNS server on a network that forwards DNS queries for external DNS names to DNS servers outside that network.

We will illustrate how forwarders are implemented using a typical scenario:  Let’s say for discussion purposes we have a user named Joe, and Joe has an office computer named dellpc.  

• Joe opens his browser and tries to access foxnews.com. Joe’s company has a DNS server named DNS1.  

Here is what is happening between Joe’s browser and the DNS server DNS1.

  1. Dellpc sends a recursive query to DNS1 asking DNS1 to resolve foxnews.com into its associated IP address. DNS1 checks its local cache, then it’s data base,and finds zone information for only bus.dns.local domain not finding foxnews.com.
  2. DNS1 uses its root hints file and sends an iterative query to the first available Internet Root server.  
  3. Which responds with the IP address of a name server authoritative for the .com top-level domain.  
  4. DNS1 sends a second iterative query to the name server authoritative for .com.  
  5. This server responds with the IP address of a name server authoritative for the foxnews.com.domain.
  6. DNS1 sends a third iterative query to the name server authoritative for foxnews.com.and  
  7. This server responds with the IP address for foxnews.com.
  8. DNS1 returns the IP address of www.foxnews.com.to dellpc and Joe sees foxnews.com.appear in his browser’s window.

That is a lot of processing going on! What if the company had a slow WAN link. Now you are wasting valuable bandwidth. Think with me for a minute. If there are 500 users all sending queries to the local DNS server for various internet sites outside the local network, you could definitely understand how DNS1 could get bogged down with DNS requests.  

We ask this question, is there a better way than always going to the root server for answers to our queries? Why not create a forwarder to the ISP’s DNS server.

Let’s see how configuring a forwarder to our ISP’s DNS server would play out in our scenario.

  1. Dellpc sends a recursive query to DNS1 asking DNS1 to resolve foxnews.com into its associated IP address. DNS1 checks its local cache not finding foxnews.com.
  2. Then because forwarders always take precedence over the server’s root hints file, DNS1 checks its list of forwarders to see if any forwarders have been configured to help resolve the query. On the forwarders list DNS1 finds the IP address of the external name server hosted by the company’s Internet Service Provider, so it forwards the query to the ISP’s name server.
  3. The ISP’s Name server goes up to the root server as needed (which results in several more iterative queries.
  4. Finally, the ISP receives an answer and resolves www.foxnews.com into its IP address.  
  5. The ISP returns this address to DNS1.
  6. DNS1 returns the IP address of www.foxnews.com.to dellpc and Joe sees foxnews.com.appear in his browser’s window.

Sign up to access the rest of this lesson

You must either log in or sign up to access this lesson.

Saving Progress...

0 0 votes
Lesson Rating
Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments

Installing and Configuring Domain Name System (DNS)

0%

0/1 Lessons

Course Introduction

• 10min

0 / 2 lessons complete

DNS Basics

• 1hr 16min

0 / 8 lessons complete

DNS Resource Records

• 46min

0 / 5 lessons complete

DNS Zones

• 4hr 11min

0 / 12 lessons complete

DNS Delegation

• 50min

0 / 4 lessons complete

DNS Security Techniques

• 36min

0 / 5 lessons complete

Advanced DNS Topics

• 22min

0 / 5 lessons complete

DNS Security (DNSSEC)

• 1hr 16min

0 / 6 lessons complete

DNS Policies

• 55min

0 / 6 lessons complete

PowerShell for DNS

• 1hr 27min

0 / 6 lessons complete

Troubleshooting DNS Issues - Troubleshooting Tools

• 1hr 39min

0 / 8 lessons complete