can't use forwarder in Active Directory DNS (extra 500 for a correct answer )

Posted on 2003-10-30
Medium Priority
Last Modified: 2010-04-14
Hi there

i configured my active directory and my dns , but i can't use forwareds , it says :
" forwarders are not availbe becasue this is a root server "

all my computers are pointed to the Active Directory DNS and if i can't use forwarders so i can't
have resolving to external sites

what should i do to solve this issue ?

Question by:victorbx

Expert Comment

ID: 9655692
looks like you configured your dns to be a root-dns server
you prolly want to remove the root-domain (eg .com, .de, .at, .*) after that it should work fine.
see following quoting starting at point 6.

quoting from http://support.microsoft.com/?kbid=237675 :

These steps guide you through configuring DNS by using the DNS Manager snap-in in Microsoft Management Console (MMC).

   1. Click Start, point to Programs, point to Administrative Tools, and then click DNS Manager. You see two zones under your computer name: Forward Lookup Zone and Reverse Lookup Zone.
   2. The DNS Server Configuration Wizard starts. Click Next.
   3. Right-click Forward Lookup Zone, and then click Properties.
   4. Choose your DNS server to be a root server. Click Next.
   5. Choose to add a forward lookup zone. Click Next.
   6. The new forward lookup zone must be a primary zone so that it can accept dynamic updates. Click Primary, and then click Next.
   7. The new zone contains the locator records for this Active Directory domain. The name of the zone must be the same as the name of the Active Directory domain, or be a logical DNS container for that name.

      For example, if the Active Directory domain is named "support.microsoft.com", legal zone names are "support.microsoft.com", "microsoft.com", or "com". Type the name of the zone, and then click Next.

      NOTE: If you name the zone "com" we will believe that we are authoritative for the "com" domain and never forward any requests that we can not answer out to the real "com" domain servers. The same would be true if you named it "microsoft.com", you would never use your forwarder to resolve requests from the real "microsoft.com" servers.
   8. Accept the default name for the new zone file. Click Next.
   9. Choose not to add a reverse lookup zone now. Click Next.

      NOTE: Experienced DNS administrators may want to create a reverse lookup zone, and are encouraged to explore this branch of the wizard.
  10. Click Finish to complete the Server Configuration Wizard.
  11. After the Server Configuration Wizard is finished, DNS Manager starts. Proceed to the next step to enable dynamic update on the zone you just added.

have a nice day,

patric schmitz
LVL 86

Accepted Solution

oBdA earned 2000 total points
ID: 9656773
For external lookups to work, you'll have to delete the "." zone in your forward lookup zone.

====8<----[Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS]----
Question: What is the "." zone in my forward lookup zone?
Answer: This setting designates the Windows 2000 or Windows Server 2003 DNS server to be a root hint server and is usually deleted. If you do not delete this setting, you may not be able to perform external name resolution to the root hint servers on the Internet.

Question: Do I need to configure forwarders in DNS?
Answer: No. By default, Windows 2000 and Windows Server 2003 DNS use the root hint servers on the Internet; however, you can configure forwarders to send DNS queries directly to your ISP's DNS server or other DNS servers. In most cases, when you configure forwarders, DNS performance and efficiency increases, but this configuration can also introduce a point of failure if the forwarding DNS server is experiencing problems. The root hint server can provide a level of redundancy in exchange for slightly increased DNS traffic on your Internet connection.
====8<----[Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS]----

Here's the complete document including some other usefule information:
Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS

Expert Comment

ID: 9662254
i had the same problem too then i searched out for the solution. the result i concluded is whenever you set-up ur DNS server through the AD wizard it just mess-up the things. it however configure ur DNS server but it makes it as a Root server as well. once it will be Root server it dont need Forwarders anymore so it just disable the Forwarders check box and also notice there aint anything in the "Root Hints" it should be empty.
so 1st we should configure DNS and then we should install AD.
anyways the work-around for your problem is also available.
Go to the DNS snap-in
Click on the DNS server
you'll get the zones
the very 1st one will be "." zone and then after the forward zone for ur domain name.
all you need to Remove the "." zone from the DNS server.
just delete the Root zone u dont need to be the Root DNS server so therez no sense having "." on the top of your Zones.
so thats it. .. close ur DNS snap-in
re-open ur DNS snap-in and now try to put the Forwarders it should be enabled now .
hope this will work for you.

Expert Comment

ID: 10051140

Expert Comment

ID: 10081755
I tried what has been mentioned above but the method that has worked for me is to delete all forward and reverse lookup zones. Then stop the service. Then delete the database files in the Windows \ System32\Dns folder.
Then restart the service and recreate the zones.
Works fine for me now.

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Configure external lookups on for external mail flow on Exchange 2013 and Exchange 2016.
Watch the video to know how one can repair corrupt Exchange OST file effortlessly and convert OST emails to MS Outlook PST file format by using Kernel for OST to PST converter tool. It can convert OST to MSG, MBOX, EML to access them. It can migrate…
If you are looking for an automated tool which can generate reports for Outlook emails and other items from PST file, then you can go for Kernel PST Reporter tool. The reports which are created by this tool are helpful to analyze and understand PST …

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question