can't use forwarder in Active Directory DNS (extra 500 for a correct answer )

Posted on 2003-10-30
Last Modified: 2010-04-14
Hi there

i configured my active directory and my dns , but i can't use forwareds , it says :
" forwarders are not availbe becasue this is a root server "

all my computers are pointed to the Active Directory DNS and if i can't use forwarders so i can't
have resolving to external sites

what should i do to solve this issue ?

Question by:victorbx

Expert Comment

ID: 9655692
looks like you configured your dns to be a root-dns server
you prolly want to remove the root-domain (eg .com, .de, .at, .*) after that it should work fine.
see following quoting starting at point 6.

quoting from :

These steps guide you through configuring DNS by using the DNS Manager snap-in in Microsoft Management Console (MMC).

   1. Click Start, point to Programs, point to Administrative Tools, and then click DNS Manager. You see two zones under your computer name: Forward Lookup Zone and Reverse Lookup Zone.
   2. The DNS Server Configuration Wizard starts. Click Next.
   3. Right-click Forward Lookup Zone, and then click Properties.
   4. Choose your DNS server to be a root server. Click Next.
   5. Choose to add a forward lookup zone. Click Next.
   6. The new forward lookup zone must be a primary zone so that it can accept dynamic updates. Click Primary, and then click Next.
   7. The new zone contains the locator records for this Active Directory domain. The name of the zone must be the same as the name of the Active Directory domain, or be a logical DNS container for that name.

      For example, if the Active Directory domain is named "", legal zone names are "", "", or "com". Type the name of the zone, and then click Next.

      NOTE: If you name the zone "com" we will believe that we are authoritative for the "com" domain and never forward any requests that we can not answer out to the real "com" domain servers. The same would be true if you named it "", you would never use your forwarder to resolve requests from the real "" servers.
   8. Accept the default name for the new zone file. Click Next.
   9. Choose not to add a reverse lookup zone now. Click Next.

      NOTE: Experienced DNS administrators may want to create a reverse lookup zone, and are encouraged to explore this branch of the wizard.
  10. Click Finish to complete the Server Configuration Wizard.
  11. After the Server Configuration Wizard is finished, DNS Manager starts. Proceed to the next step to enable dynamic update on the zone you just added.

have a nice day,

patric schmitz
LVL 84

Accepted Solution

oBdA earned 500 total points
ID: 9656773
For external lookups to work, you'll have to delete the "." zone in your forward lookup zone.

====8<----[Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS]----
Question: What is the "." zone in my forward lookup zone?
Answer: This setting designates the Windows 2000 or Windows Server 2003 DNS server to be a root hint server and is usually deleted. If you do not delete this setting, you may not be able to perform external name resolution to the root hint servers on the Internet.

Question: Do I need to configure forwarders in DNS?
Answer: No. By default, Windows 2000 and Windows Server 2003 DNS use the root hint servers on the Internet; however, you can configure forwarders to send DNS queries directly to your ISP's DNS server or other DNS servers. In most cases, when you configure forwarders, DNS performance and efficiency increases, but this configuration can also introduce a point of failure if the forwarding DNS server is experiencing problems. The root hint server can provide a level of redundancy in exchange for slightly increased DNS traffic on your Internet connection.
====8<----[Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS]----

Here's the complete document including some other usefule information:
Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS

Expert Comment

ID: 9662254
i had the same problem too then i searched out for the solution. the result i concluded is whenever you set-up ur DNS server through the AD wizard it just mess-up the things. it however configure ur DNS server but it makes it as a Root server as well. once it will be Root server it dont need Forwarders anymore so it just disable the Forwarders check box and also notice there aint anything in the "Root Hints" it should be empty.
so 1st we should configure DNS and then we should install AD.
anyways the work-around for your problem is also available.
Go to the DNS snap-in
Click on the DNS server
you'll get the zones
the very 1st one will be "." zone and then after the forward zone for ur domain name.
all you need to Remove the "." zone from the DNS server.
just delete the Root zone u dont need to be the Root DNS server so therez no sense having "." on the top of your Zones.
so thats it. .. close ur DNS snap-in
re-open ur DNS snap-in and now try to put the Forwarders it should be enabled now .
hope this will work for you.

Expert Comment

ID: 10051140

Expert Comment

ID: 10081755
I tried what has been mentioned above but the method that has worked for me is to delete all forward and reverse lookup zones. Then stop the service. Then delete the database files in the Windows \ System32\Dns folder.
Then restart the service and recreate the zones.
Works fine for me now.

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Print Server: How to Create it? 1 768
Windows 2000 Sever Lab Setup 1 685
Migrating from IIS5 to IIS8.5 3 178
VMware:  Latest Tools version for Windows 2000 Guest 3 230
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Shell script to create broker configuration file using current broker Configuration, solely for purpose of backup on Linux. Script may need to be modified depending on OS-installation. Please deploy and verify the script in a test environment.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question