Windows Server – How to configure a Conditional Forwarder in DNS

Home > Blogs > Windows Server > Windows Server – How to configure a Conditional Forwarder in DNS

Windows Server – How to configure a Conditional Forwarder in DNS

Like This Blog 6Rick Trader
Added by April 16, 2013

Conditional Forwarders are a DNS feature introduced in Windows Server 2003. A Conditional Forwarder allows an organization to resolve names to a private namespace or speed up name resolution to a public namespace.  When a DNS server receives a client query request for a host address that is not part of its authoritative namespace, it starts a resolution process beginning with a root name server and continues the process until the name is resolved. When a Conditional Forwarder is configured the local DNS server will forward the request to a DNS authoritative for the domain namespace of the query. In this blog we will look at how to configure a Conditional Forwarder in DNS.


Two organizations, USSHQ and Dulce Base need to be able to share resources. A trust relationship between the two organizations Active Directory Domain Services is desired, but neither organization name space can be resolved through public name resolution. In order to configure the trust relationship name resolution need to be configured. One option for name resolution is to use Conditional Forwarders. DNS in each domain will be configured to forward request for the other organization name space to a DNS server that is authoritative. All other names needing resolved will use the default name resolution method.

If a computer from Dulce Base attempts to contact a computer in USSHQ it is unable to resolve the name. See figure below, the same result would occur going the other direction.

Configuring a Conditional Forwarder (Same steps will be accomplished in both DNS servers)

  1. Launch the DNS Console.


  1. Secondary Click on Conditional Forwarders, click New Conditional Forwarder.


  1. Enter the DNS Name of the desired domain to be resolved.


  1. Click on Click here to add an IP Address or DNS Name, enter the IP Address of the remote DNS Server, press Enter. Click OK.


  1. The DNS Forwarder has been created.


  1. Name resolution will now succeed from DulceBase.Local to USSHQ.Local. Once the DNS administrator completes the configuration on the USSHQ.Local DNS server name resolution will succeed from USSHQ.Local to DulceBase.local.


As you can see configuring a Conditional Forwarder is a simple fix to resolving names in a private network when public name resolution fails.

Until next time, RIDE SAFE!

Rick Trader
Windows Server Instructor – Interface Technical Training
Phoenix, AZ

Videos You May Like

Creating Users and Managing Passwords in Microsoft Office 365

0 470 3

In this Office 365 training video, instructor Spike Xavier demonstrates how to create users and manage passwords in Office 365.

Subnetting a TCP/IP Network using the Magic Box Method

0 1172 4

In this session, we are going to look at how to subnet a Class B address into multiple network segments using what's called The Magic Box. Let's run through this real quick.

Detailed Forensic Investigation of Malware Infections – April 21, 2015

4 462 3

In this IT Security training video, Security expert Mike Danseglio (CISSP / CEH) will perform several malware investigations including rootkits, botnets, viruses, and browser toolbars.

Write a Comment

See what people are saying...

  1. Avatar Gyanendra Singh

    I tried to create conditional forwarder in both of forest to name resolution but when I did nslookup it failed instead ping reply is giving continuously resolvin. What to do

  2. Avatar Sandeep

    Thank you , great article

  3. Pingback: Skype4B Server Multi-Forest Yapılandırma - İletişime Güç İşinizde Yarar

  4. Avatar juve

    Great Explanation!

    Thank and BigUp.

  5. Avatar jake

    And what about the error while creating the new conditional forwarder. Red cross, the server with this ip address is not athoritative for the required zone?

  6. Avatar mark

    Thanks for this. One has to configure the DNS suffixes in the TCP/IP properties of the servers first, right ?

Share your thoughts...

Please fill out the comment form below to post a reply.