DNS forwarding allows a server to forward all queries for which it is not authoritative to other DNS servers.
Normally, when a DNS server configured to accept recursive queries receives a query for which it is not authoritative, it checks for the answer in its cache. If it does not have the answer, it queries the Internet DNS root servers and other DNS servers throughout the DNS namespace until it receives an answer. The DNS server then returns the answer to the original client.
An organization may have a number of DNS servers accepting recursive queries. Each server queries the namespace independently and changes its information based on a defined time to live. While such a system can work well, there is often duplication of cached data because multiple servers are performing the same Internet queries and caching the same information. Such redundant queries can waste bandwidth. Additionally, each server exposes itself to any potential threats while traversing the Internet.
You can use DNS forwarding to increase the efficiency and security of a DNS topology that uses recursion. One or more DNS servers acting as forwarders receive queries from other DNS servers, which in turn are configured to forward their recursive queries to the forwarders. In such an arrangement, only the forwarders query the root servers and other servers on the Internet. The forwarders build their caches as they perform queries. As this centralized cache builds, query time decreases going forward as the rest of the DNS servers are able to use the centralized cache.
- Configuring DNS forwarding—when the Forwarding DNS option is enabled, all queries for which a server is not authoritative are sent to other DNS server.
- Configuring DNS zone forwarding—use this method if you want to forward queries for different domain names to different DNS servers according to the specific domain names contained in the queries.