Tag Archive: Forwarders

Best practices for DNS forwarding:



To create a conditional forwarder zone in powershell:

read this reference doc: https://docs.microsoft.com/en-us/powershell/module/dnsserver/add-dnsserverconditionalforwarderzone?view=win10-ps


To create a conditional forwarder zone (stored in the registry of the DNS Server):

Add-DnsServerConditionalForwarderZone -Name “contoso.com” -MasterServers 2001:4898:7020:f100:458f:e6a2:fcaf:698c, -PassThru

ZoneName                            ZoneType        IsAutoCreated   IsDsIntegrated  IsReverseLookupZone  IsSigned

——–                            ——–        ————-   ————–  ——————-  ——–

contoso.com                         Forwarder       False           False           False


This command creates an Active Directory-integrated conditional forwarder zone for contoso.com:

Add-DnsServerConditionalForwarderZone -Name “contoso.com” -ReplicationScope “Forest” -MasterServers 2001:4898:7020:f100:458f:e6a2:fcaf:698c,


To change an existing conditional forwarder zone, use the cmdlet:



what’s new in DNS on Windows 2012 server ? http://technet.microsoft.com/en-us/library/hh831667.aspx

understanding DNS ? http://technet.microsoft.com/library/cc732997(WS.10).aspx

How works DNS queries and processes/interactions/dynamic updates… : http://technet.microsoft.com/en-us/library/dd197552(v=ws.10).aspx

How to access DNS application partition (AD-integrated-DNS zone) with adsiedit.msc:

from adsiedit,  Connect to the partition:  Dc=domainDnszones,dc=mydom,dc=domain,dc=net

Then expand to go to mydom.domain.net

You can find all the DNS records,

Select the CN=MYCOMPUTER1 for instance, right-click properties, edit attributes

Check the attribute value “whenChanged” you have the real time when the DNS record has been modified (real timestamp !)