Knowledge Base

Conditional Forwarders and Stub Zones in Windows DNS


This article provides information on Conditional Forwarders and Stub Zones in Windows DNS


Forwarders and root hints allow a DNS server to direct queries elsewhere if it is unable to answer them using the data in its DNS database or cache.
These two methods are very general, though; any query that the local DNS server can't answer gets sent to a server in the list of forwarders or root hints, regardless of the details of the query.
It is often necessary to configure a DNS server to direct queries for records in specific domains to specific servers.
There are two ways to do this in Windows DNS: conditional forwarders and stub zones.

While conditional forwarders and stub zones perform similar functions from an end-user perspective, they are applicable to different situations, and it is important to understand the differences between them.

  • A conditional forwarder redirects a query just like a normal forwarder, but the destination server depends on the domain name in the query. A conditional forwarder is nothing more than a list of servers and a domain name. When a DNS server receives a query for a record in that domain, it sends the query to one of the servers in the list. Queries for records in other domains are unaffected.
  • A stub zone contains the list of authoritative DNS servers for a zone (domain) and host records that contain their IP addresses (known as glue records). It also contains the IP address of at least one master server for the zone. The master servers are queried regularly to ensure that the stub zone's list of authoritative servers remains up to date. The update process uses standard DNS queries rather than zone transfers, so no configuration is necessary on the master servers in order for a stub zone to remain up to date. When a DNS server receives a query for a record in a stub zone, its response depends on whether the query is recursive or iterative:
    • If the server receives a recursive query, it sends an equivalent iterative query to the authoritative servers for the zone, then sends the response back to the querying machine.
    • If the server receives an iterative query, it sends a referral to the querying machine containing the nameserver (NS) records of the authoritative servers for that zone.

Conditional forwarders are appropriate when the list of DNS servers for the domain in question is well-known and unlikely to change.
If a change is needed (for example, if a destination DNS server's address changes or a new server is added), the change must be made manually.
Stub zones, on the other hand, are updated automatically from the master servers and typically require no manual modification once they are created.
For this reason, conditional forwarders are preferred over stub zones in an environment with strict security restrictions on the flow of DNS traffic, but stub zones are preferred in an environment in which the list of authoritative DNS servers for the zone in question changes frequently.

Conditional forwarders (in Windows Server 2008 and later versions) and stub zones (in all versions) can be stored in Active Directory and replicated among domain controllers.

For information on creating a conditional forwarder in Windows Server, see How to Create a Conditional Forwarder on a Windows DNS Server.
For information on creating a stub zone in Windows Server, see How to Create a Stub Zone on a Windows DNS Server.


Need more help?
Find additional Product Resources

Visit and ask for support in our Communities

Create an online support Request




Article ID: SLN156306

Last Date Modified: 12/07/2016 08:11 AM


Rate this article

Accurate
Useful
Easy to understand
Was this article helpful?
Yes No
Send us feedback
Feedback shows invalid character, not accepted special characters are <> () &#92;
Sorry, our feedback system is currently down. Please try again later.

Thank you. Your feedback has been sent.