can't use forwarder in Active Directory DNS (extra 500 for a correct answer )

Posted on 2003-10-30
Last Modified: 2010-04-14
Hi there

i configured my active directory and my dns , but i can't use forwareds , it says :
" forwarders are not availbe becasue this is a root server "

all my computers are pointed to the Active Directory DNS and if i can't use forwarders so i can't
have resolving to external sites

what should i do to solve this issue ?

Question by:victorbx

Expert Comment

ID: 9655692
looks like you configured your dns to be a root-dns server
you prolly want to remove the root-domain (eg .com, .de, .at, .*) after that it should work fine.
see following quoting starting at point 6.

quoting from :

These steps guide you through configuring DNS by using the DNS Manager snap-in in Microsoft Management Console (MMC).

   1. Click Start, point to Programs, point to Administrative Tools, and then click DNS Manager. You see two zones under your computer name: Forward Lookup Zone and Reverse Lookup Zone.
   2. The DNS Server Configuration Wizard starts. Click Next.
   3. Right-click Forward Lookup Zone, and then click Properties.
   4. Choose your DNS server to be a root server. Click Next.
   5. Choose to add a forward lookup zone. Click Next.
   6. The new forward lookup zone must be a primary zone so that it can accept dynamic updates. Click Primary, and then click Next.
   7. The new zone contains the locator records for this Active Directory domain. The name of the zone must be the same as the name of the Active Directory domain, or be a logical DNS container for that name.

      For example, if the Active Directory domain is named "", legal zone names are "", "", or "com". Type the name of the zone, and then click Next.

      NOTE: If you name the zone "com" we will believe that we are authoritative for the "com" domain and never forward any requests that we can not answer out to the real "com" domain servers. The same would be true if you named it "", you would never use your forwarder to resolve requests from the real "" servers.
   8. Accept the default name for the new zone file. Click Next.
   9. Choose not to add a reverse lookup zone now. Click Next.

      NOTE: Experienced DNS administrators may want to create a reverse lookup zone, and are encouraged to explore this branch of the wizard.
  10. Click Finish to complete the Server Configuration Wizard.
  11. After the Server Configuration Wizard is finished, DNS Manager starts. Proceed to the next step to enable dynamic update on the zone you just added.

have a nice day,

patric schmitz
LVL 82

Accepted Solution

oBdA earned 500 total points
ID: 9656773
For external lookups to work, you'll have to delete the "." zone in your forward lookup zone.

====8<----[Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS]----
Question: What is the "." zone in my forward lookup zone?
Answer: This setting designates the Windows 2000 or Windows Server 2003 DNS server to be a root hint server and is usually deleted. If you do not delete this setting, you may not be able to perform external name resolution to the root hint servers on the Internet.

Question: Do I need to configure forwarders in DNS?
Answer: No. By default, Windows 2000 and Windows Server 2003 DNS use the root hint servers on the Internet; however, you can configure forwarders to send DNS queries directly to your ISP's DNS server or other DNS servers. In most cases, when you configure forwarders, DNS performance and efficiency increases, but this configuration can also introduce a point of failure if the forwarding DNS server is experiencing problems. The root hint server can provide a level of redundancy in exchange for slightly increased DNS traffic on your Internet connection.
====8<----[Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS]----

Here's the complete document including some other usefule information:
Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS

Expert Comment

ID: 9662254
i had the same problem too then i searched out for the solution. the result i concluded is whenever you set-up ur DNS server through the AD wizard it just mess-up the things. it however configure ur DNS server but it makes it as a Root server as well. once it will be Root server it dont need Forwarders anymore so it just disable the Forwarders check box and also notice there aint anything in the "Root Hints" it should be empty.
so 1st we should configure DNS and then we should install AD.
anyways the work-around for your problem is also available.
Go to the DNS snap-in
Click on the DNS server
you'll get the zones
the very 1st one will be "." zone and then after the forward zone for ur domain name.
all you need to Remove the "." zone from the DNS server.
just delete the Root zone u dont need to be the Root DNS server so therez no sense having "." on the top of your Zones.
so thats it. .. close ur DNS snap-in
re-open ur DNS snap-in and now try to put the Forwarders it should be enabled now .
hope this will work for you.

Expert Comment

ID: 10051140

Expert Comment

ID: 10081755
I tried what has been mentioned above but the method that has worked for me is to delete all forward and reverse lookup zones. Then stop the service. Then delete the database files in the Windows \ System32\Dns folder.
Then restart the service and recreate the zones.
Works fine for me now.

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Stop using "Windows Search" - Use "Search Companion" 3 650
auto copy 8 610
Migrate DFS role 3 710
Active Directory Replication 10 1,129
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
What is Backup? Backup software creates one or more copies of the data on your digital devices in case your original data is lost or damaged. Different backup solutions protect different kinds of data and different combinations of devices. For e…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now