DNS query Conditional forwarding

Windows 2000 DNS server is configured to forward DNS name queries, for which it is not authoritative, to other DNS servers. DNS query Conditional forwarding feature implemented in windows 20003 and windows 2008 which provides better granularity and domain name-dependent conditional forwarding. i.e DNS server on a network forwards DNS queries according to the DNS domain name in the query.

For example, A DNS server can be configured to forward all the DNS queries with domain names ending with dns-info.blogspot.com suffix to a IP address of a specific DNS server or to all the IP addresses of multiple DNS servers.

The following illustrates the usage of DNS conditional query forwarding:

Suppose their exists two companies example.first.com and example.second.com and are now going to merge or simply collaborate. The two companies may allow clients from the internal namespace of first company to resolve the names of the dns clients from the internal namespace of second company.

The administrators from first organization, e.g. example.first.com, may inform the administrators of second organization about the set of DNS servers that they can use to send DNS queries to resolve names within the internal namespace of the first organization. In this case the DNS servers within the example.second.com organization will be configured to forward all queries for names ending with “example.first.com.” to the designated DNS servers.


DNS server must be configured to forward the queries based on the suffix of the queried name. For example, a DNS server can be configured to send all the queries that end with “first.com.” to a IP address of forwarding dns server. The following diagram depicts this scenario.
But a DNS server should refuse creating a forwarding to a domain name for which the server it self is authoritative. For example if a DNS server is authoritative for the zone "blogspot.com" and it contains a delegation to "example.dns-info.blogspot.com", then the server should not allow creation of a domain forwarding to “blogspot.com” and dns-info.blogspot.come”. It can allow forwarding to the “example.dns-info.blogspot.com” and child.example.dns-info.blogspot.com” unless the server is authoritative for these names as well. To create new forwarder, follow the instructions at Create New Forwarder.