[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


can't use forwarder in Active Directory DNS (extra 500 for a correct answer )

Posted on 2003-10-30
Medium Priority
Last Modified: 2010-04-14
Hi there

i configured my active directory and my dns , but i can't use forwareds , it says :
" forwarders are not availbe becasue this is a root server "

all my computers are pointed to the Active Directory DNS and if i can't use forwarders so i can't
have resolving to external sites

what should i do to solve this issue ?

Question by:victorbx
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 9655692
looks like you configured your dns to be a root-dns server
you prolly want to remove the root-domain (eg .com, .de, .at, .*) after that it should work fine.
see following quoting starting at point 6.

quoting from http://support.microsoft.com/?kbid=237675 :

These steps guide you through configuring DNS by using the DNS Manager snap-in in Microsoft Management Console (MMC).

   1. Click Start, point to Programs, point to Administrative Tools, and then click DNS Manager. You see two zones under your computer name: Forward Lookup Zone and Reverse Lookup Zone.
   2. The DNS Server Configuration Wizard starts. Click Next.
   3. Right-click Forward Lookup Zone, and then click Properties.
   4. Choose your DNS server to be a root server. Click Next.
   5. Choose to add a forward lookup zone. Click Next.
   6. The new forward lookup zone must be a primary zone so that it can accept dynamic updates. Click Primary, and then click Next.
   7. The new zone contains the locator records for this Active Directory domain. The name of the zone must be the same as the name of the Active Directory domain, or be a logical DNS container for that name.

      For example, if the Active Directory domain is named "support.microsoft.com", legal zone names are "support.microsoft.com", "microsoft.com", or "com". Type the name of the zone, and then click Next.

      NOTE: If you name the zone "com" we will believe that we are authoritative for the "com" domain and never forward any requests that we can not answer out to the real "com" domain servers. The same would be true if you named it "microsoft.com", you would never use your forwarder to resolve requests from the real "microsoft.com" servers.
   8. Accept the default name for the new zone file. Click Next.
   9. Choose not to add a reverse lookup zone now. Click Next.

      NOTE: Experienced DNS administrators may want to create a reverse lookup zone, and are encouraged to explore this branch of the wizard.
  10. Click Finish to complete the Server Configuration Wizard.
  11. After the Server Configuration Wizard is finished, DNS Manager starts. Proceed to the next step to enable dynamic update on the zone you just added.

have a nice day,

patric schmitz
LVL 85

Accepted Solution

oBdA earned 2000 total points
ID: 9656773
For external lookups to work, you'll have to delete the "." zone in your forward lookup zone.

====8<----[Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS]----
Question: What is the "." zone in my forward lookup zone?
Answer: This setting designates the Windows 2000 or Windows Server 2003 DNS server to be a root hint server and is usually deleted. If you do not delete this setting, you may not be able to perform external name resolution to the root hint servers on the Internet.

Question: Do I need to configure forwarders in DNS?
Answer: No. By default, Windows 2000 and Windows Server 2003 DNS use the root hint servers on the Internet; however, you can configure forwarders to send DNS queries directly to your ISP's DNS server or other DNS servers. In most cases, when you configure forwarders, DNS performance and efficiency increases, but this configuration can also introduce a point of failure if the forwarding DNS server is experiencing problems. The root hint server can provide a level of redundancy in exchange for slightly increased DNS traffic on your Internet connection.
====8<----[Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS]----

Here's the complete document including some other usefule information:
Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS

Expert Comment

ID: 9662254
i had the same problem too then i searched out for the solution. the result i concluded is whenever you set-up ur DNS server through the AD wizard it just mess-up the things. it however configure ur DNS server but it makes it as a Root server as well. once it will be Root server it dont need Forwarders anymore so it just disable the Forwarders check box and also notice there aint anything in the "Root Hints" it should be empty.
so 1st we should configure DNS and then we should install AD.
anyways the work-around for your problem is also available.
Go to the DNS snap-in
Click on the DNS server
you'll get the zones
the very 1st one will be "." zone and then after the forward zone for ur domain name.
all you need to Remove the "." zone from the DNS server.
just delete the Root zone u dont need to be the Root DNS server so therez no sense having "." on the top of your Zones.
so thats it. .. close ur DNS snap-in
re-open ur DNS snap-in and now try to put the Forwarders it should be enabled now .
hope this will work for you.

Expert Comment

ID: 10051140

Expert Comment

ID: 10081755
I tried what has been mentioned above but the method that has worked for me is to delete all forward and reverse lookup zones. Then stop the service. Then delete the database files in the Windows \ System32\Dns folder.
Then restart the service and recreate the zones.
Works fine for me now.

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Ransomware, the malware that locks down its victim’s files until they pay up, has always been a frustrating issue to deal with. However, a recent mobile ransomware will make the issue a little more personal… by sharing the victim’s mobile browsing h…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question