Windows 7 / Networking

DNS forwarders

One of the scenarios in which DNS servers do send recursive queries to other servers is when you configure a server to function as a forwarder. On a network running several DNS servers, you might not want all of the servers sending queries to other DNS servers on the Internet. If the network has a relatively slow connection to the Internet, for example, several servers transmitting repeated queries might use too much of the available bandwidth.

To prevent this, most DNS implementations enable you to configure one server to function as the forwarder for all Internet queries generated by the other servers on the network. Any time that a server has to resolve the DNS name of an Internet system and fails to find the needed information in its cache, it transmits a recursive query to the forwarder, which is then responsible for sending its own iterative queries over the Internet connection. Once the forwarder resolves the name, it sends a reply back to the original DNS server, which relays it to the client.

To configure forwarders on a Windows Server 2012 DNS server, right-click the server node, open the Properties sheet, and click the Forwarders tab. On this tab, you can add the names and addresses of the servers that you want your server to use as forwarders.

Reverse name resolution

The name resolution process described earlier is designed to convert DNS names into IP addresses. However, there are occasions when it is necessary for a computer to convert an IP address into a DNS name. This is called a reverse name resolution.

Because the domain hierarchy is broken down by domain names, there is no apparent way to resolve an IP address into a name using iterative queries, except by forwarding the reverse name resolution request to every DNS server on the Internet in search of the requested address, which is obviously impractical.

To overcome this problem, the developers of the DNS created a special domain called in-addr.arpa, specifically designed for reverse name resolution. The in-addr.arpa second-level domain contains four additional levels of subdomains. Each of the four levels consists of subdomains that are named using the numerals 0 to 255. For example, beneath in-addr.arpa, there are 256 third-level domains, which have names ranging from 0.in-addr.arpa to 255.in-addr.arpa. Each of those 256 third-level domains has 256 fourth-level domains beneath it, also numbered from 0 to 255, and each fourth-level domain has 256 fifth-level domains. Each of those fifth-level domains can then have up to 256 hosts in it, also numbered from 0 to 255.

Using this hierarchy of subdomains, it is possible to express the first three bytes of an IP address as a DNS domain name, and to create a resource record named for the fourth byte in the appropriate fifth-level domain. For example, to resolve the IP address 192.168.89.34 into a name, a DNS server would locate a domain called 89.168.192.in-addr.arpa in the usual manner and read the contents of a resource record named 34 in that domain.

Note: In the in-addr.arpa domain, the IP address is reversed in the domain name because IP addresses have the least pertinent bit (that is, the host identifier) on the right and in DNS fully qualified domain names (FQDNs), the host name is on the left.
[Previous] [Contents] [Next]

In this tutorial:

  1. Deploying and configuring core network services
  2. Configure IPv4 and IPv6 addressing
  3. Classless Inter-Domain Routing
  4. IPv4 subnetting
  5. Assigning IPv4 addresses
  6. IPv6 addressing
  7. IPv6 address types
  8. Assigning IPv6 addresses
  9. Planning an IP transition
  10. Tunneling
  11. Configure servers
  12. DHCP communications
  13. Deploying a DHCP serve
  14. Using PXE
  15. Deploying a DHCP relay agent
  16. Deploy and configure the DNS service
  17. DNS server caching
  18. DNS forwarders
  19. Deploying a DNS server
  20. Creating resource records