When upgrading DC's to 2008 R2 (ADI DNS) conditional forwarders do not work. In the console they fail to resolve and validate with the error 'not authoritative for the namespace) my question is what are the requirements for a conditional forwarders and have they changed since 2003
I presume 2003 conditional forwarders were happy with receiving referrals from conditional forwarders and processing them
Windows Server 2008DNS
Last Comment
arnold
8/22/2022 - Mon
Mark Bill
we do not want forwarders in DNS, yes they should work but its actually Microsoft recomended to use root hints.
Why dont you try to enable root hints and remove your forwarders?
Mark Bill
Also if you were going to use forwarders you should be forwarding to your ISP DNS server and the ipconfig of domain controllers should be like this.
IP: ip address
Mask: mask
Gateway: your gateway
DNS1: domaincontroller IP
DNS2: domaincontroller IP
Active directory domain controllers should only be pointing to domain controllers who are doing DNS for the domain whether your using root hints or forwarders.
arnold
conditional meaning you have a specific domain name or are you forwarding all non ad domain based requests.
As Mark pointed out, forwarding was used to offload load/traffic, but it was susseptible to poisoning, ...... And ....
I'm not forwarding, conditional forwarders are added for specific domains in a partner organisation. These are not resolvable from the Internet.
arnold
The DNS,you are pointing to are not authoritative for the domain according to the error you got. An alternative to forwarders is the use of stub zones that achieve a similar result. I.e. Your DNS will get the DNS responsive and will send the requests there. Another option is to setup the other domains as a secondary zones that your DNS will transfer directly from the other server who will need to be configured to allow zone transfers to your server.
Stuart
ASKER
Hi I agree with your thinking but stub and secondary zones are not allowed in this instance. What I am trying to find out is do the conditional forwards have to be to only servers authoritative for that zone because it can't of been the case in 2003. I'm struggling to find any Microsoft documentation to support this
Hi firewall changes can be made to allow c.fwdr to point to the authoritative server, it was more a case of understanding why pointing to a non authoritative server doesn't now work on 2008 and a supporting article from Microsoft to explain. I appreciate your comments :)
Stuart
ASKER
This was resolved by re creating the conditional forwarders and restarting the DNS service... It does look like the servers have to be authoritative.. Hmmm
The functionality is not in dispute, the question dealt with when setting up the conditional forwarding the wizard failed to resolve and validate with the error dealing with the referenced servers being non-authoritative.
Why dont you try to enable root hints and remove your forwarders?