DNS Conditional Forwarder Multiple Internal Domains Setup

I do a lot of work in the home lab environment and this includes building up Active Directory domains for various types of testing and building out of test environments. If you do build out different environments for testing and use different Active Directory domain names, name resolution can get to be a pain as you have different authoritative DNS servers for different domain names all potentially residing on the same subnet. There is a type of DNS forwarding that can come to the rescue that helps to resolve names residing in different domains from your administrative workstation – the conditional forwarder. In this post let’s look at DNS conditional forwarder multiple internal domains setup and see how you can configure the conditional forwarder for seamless name resolution in the environment.

What is a DNS Conditional Forwarder

The DNS conditional forwarder is a special DNS forwarder that allows forwarding requests for name resolution for a specific domain name to a specific server. DNS servers in general have forwarders they typically forward all requests for names it does not hold locally. You can think of these forwarders like the “default gateway” for DNS resolution.

However, think of the conditional forwarder as a “static route” that forwards specific DNS traffic to the specific DNS server that is authoritative for that domain. This is especially helpful as you may have many different internal DNS domain names that are not publicly resolvable using a public DNS server. So the conditional forwarder comes into play in this case.

A prime use case, again, is internal domain names. As I mentioned in the outset, if you make use of a lab environment and have many different test domains that you build up and test with, the conditional forwarder allows you to have one set of DNS entries on your administrative workstation and still be able to resolve the queries for the other internal test domains.

DNS Conditional Forwarder Multiple Internal Domains Setup

Let’s take a look at the use case of multiple internal domains and how you would setup a conditional forwarder for resolving a couple of multiple DNS zone names.

In the DNS server below, the primary domain is cloud.local (an internal domain). I have spun up another internal test domain called neptune.local. Right-click the Conditional forwarders node and select New Conditional Forwarder.

Creating a new conditional forwarder in Microsoft DNS server
                    Creating a new conditional forwarder in Microsoft DNS server

Add the IP address to the master servers. Select whether or not you want the Conditional forwarder domain to be included in Active Directory replication. If you have multiple DCs, this is generally the best approach, unless there is a reason you do not want to replicate the DNS zone.

Add the IP address and the server that is authoritative for the domain
            Add the IP address and the server that is authoritative for the domain

After adding the new internal domain as a Conditional forwarder, the new zone is created successfully.New domain is added to the conditional forwarder domains                    New domain is added to the conditional forwarder domains

The benefits of Conditional Forwarding

Now, the benefits of conditional forwarding become evident. Since we have added a conditional forwarder, your DNS server settings you have configured on your management workstation do now have to change. The DNS server simply forwards the requests for the new internal domain to the conditional forwarder and name resolution works as expected.

This prevents having to change DNS server settings along the way or add hosts file entries simply to resolve a server hostname correctly in a different internal domain than the one your management workstation resides in.

Pings to conditional forwarder domain by FQDN are successful
        Pings to conditional forwarder domain by FQDN are successful

With conditional forwarding, you will still need to have your DNS suffixes in place for NETBIOS names that you want to ping. Below, I have added the new internal domain name to the list of DNS suffixes for the properties of the LAN connection.

Adding DNS suffixes for proper resolution of short names
       Adding DNS suffixes for proper resolution of short names

Now, I can ping the server with the short name and it will reply with the FQDN as it goes through the list of DNS suffixes for name resolution until it finds a match for the server. If you have servers with the same name, it will return the server in the first zone configured in the DNS suffixes as it works its way from top down.

With DNS suffixes in place we can successfully ping short names with conditional forwarding
    With DNS suffixes in place we can successfully ping short names with conditional forwarding

Wrapping up

Building out infrastructure in the home lab is a lot of fun and a great learning experience. Having DNS work for you and not against you helps to make your labbing experience as good as possible. With the conditional forwarder, you can forward DNS requests to multiple internal DNS servers that are authoritative for their respective domains without changing your DNS settings on your management workstation. Using a combination of conditional forwarding and DNS suffixes, you can still ping the short names of all internal servers, regardless of the FQDN of the server. Hopefully this will help those running multiple home labs who may be flipping back and forth between DNS server settings or making manual hosts file edits.

Post a Comment

0 Comments