What Is a Forwarding DNS Server?

Domain name system forwarding expedites the domain name resolving process by using a DNS forwarding server. Forwarding servers, then, help with this process, becoming a standard practice in most extensive namespace environments. In this article, learn what a forwarding DNS server is, how it works, and the benefits of using one.

What is a forwarding DNS server?

A forwarding DNS server is a type of DNS server that forwards DNS queries to another DNS server instead of resolving them itself. In this setup, the forwarding server doesn't perform the actual work of resolving domain names into IP addresses. It generally acts as an intermediary between clients and authoritative DNS servers.

The server receives DNS queries from clients, processes them, and then forwards them to appropriate authoritative DNS servers for resolution. Once it receives a response from the designated DNS server, it can store the result locally. This whole process is called DNS forwarding.

Any idea of configuring a forwarding server comes in handy when the individual server can’t find a matching IP address for a domain name in its cache.

These servers are sometimes known as forwarders. Most large networks with multiple DNS servers utilize forwarders to take the pressure off initial servers.

One major advantage of this system is that it offers a unique approach to caching DNS records at a network level. Instead of relying solely on caching at individual client machines, forwarding DNS servers pass requests to other DNS servers with recursive capabilities.

By offloading the recursive work to another server, the forwarding server reduces its own resource consumption. You’re provided with greater flexibility in managing your network's DNS traffic.

Internet users can choose to forward queries to different DNS servers based on various criteria, such as the domain name, client IP address, or time of day. The forwarding process makes sense when you want to implement traffic shaping, load balancing, or content filtering policies.

What is DNS forwarding?

A forwarding DNS server is what oversees DNS forwarding. DNS forwarding is a streamlined process where another designated server handles DNS queries because the initially contacted server doesn’t have the answer.

DNS forwarding sends DNS queries from internal networks to external DNS servers. In a network without a DNS forwarder, DNS queries that cannot resolve internally must go directly to external servers.

Using a DNS forwarder helps mitigate these risks as it manages how DNS queries route. The forwarder sends them to a designated external DNS server as a way to reduce the exposure of internal DNS data.

DNS forwarding is especially useful in situations where there are high Internet service provider costs or slow network links. If your ISP charges high fees for DNS traffic, forwarding queries through a single DNS forwarder can consolidate and reduce these costs. Additionally, by caching external DNS data locally, a DNS forwarder reduces the need to repeatedly query external servers, speeding up DNS resolution and improving network performance.

A DNS forwarder also reduces the amount of external DNS traffic by managing an internal cache of external DNS responses. The caching minimizes repeated queries for the same domain names, easing the load on the network.

How does a forwarding DNS server work?

A forwarding DNS server works by directing DNS queries to another DNS server that’s closer to the source of the request. Here's a breakdown of how it works.

The client makes a request. When you try to load a website, your device sends a DNS query to a configured DNS server to resolve the domain name into an IP address.
The forwarding DNS server sends the request. If the DNS server receiving the query is a forwarding server, it doesn’t look up the IP for the domain. But it forwards the query to another DNS server. This could be a more authoritative DNS server, such as one maintained by an ISP.
Resolution. The designated server, in turn, either resolves the query from its cache or continues to forward the request up the chain, eventually reaching an authoritative DNS server that can provide the requested IP address.
The response chain activates. Once the IP address is resolved, the response goes back to the forwarding DNS server, which then sends the response to the original client.
Caching occurs. The forwarding server may cache the response for a period, so future queries for the same domain can be resolved quickly without having to forward the request again.

Suppose you have a home network with multiple devices. Instead of each device querying the ISP's DNS server directly, your home router acts as a forwarding server.

When any device requests a domain name resolution, the router forwards the query to the ISP's DNS server, caches the response, and then returns it to the device. This setup speeds up subsequent queries for the same domain from any device on your network.

Properties of a forwarding DNS server

A forwarding DNS server is primarily defined by three properties: the ability to handle recursive requests without performing recursion, the ability to provide a local cache at a closer network location, and increased flexibility in defining local domain space.

DNS forwarding servers can handle recursive requests without performing recursion. A forwarding DNS server's primary function is to pass DNS requests to another server for resolution. So, it doesn’t resolve them itself. The designated recursive DNS server to which queries are forwarded performs the mapping of domain names to IP addresses.

The servers maintain a local cache of DNS query results. This cache is stored closer to the client machines to significantly reduce the time it takes to resolve domain names. Rather than building a full-fledged recursive DNS solution, the forwarding server can utilize public recursive DNS servers, such as those provided by Google, to resolve queries.

They also increase flexibility in managing DNS traffic by conditionally passing requests to different servers. For example, it can direct internal (private) DNS queries to internal servers while sending external (public) queries to public DNS servers. The forwarding strategy allows for better control over the network.

Benefits of using a forwarding DNS server

Forwarding DNS servers offer several advantages, from better website performance to the opportunity for centralized management across larger networks.

Improved website performance

One notable benefit of installing a forwarding DNS server is improved website performance. The caching of DNS responses can quickly respond to repeat queries. Forwarding queries to an efficient upstream server quickens the resolution process, thus reducing latency.

Enhanced security features

Security is another area where these programs excel. Many forwarding DNS servers are equipped with security features that protect against various online threats. For instance, they can block access to malicious websites by filtering DNS queries based on known malware databases.

Increased flexibility and control

System administrators are given greater flexibility and control over their DNS management. They can configure the server to forward queries to specific top-level servers.

As a result, the organizations are able to optimize their DNS resolution process according to their specific needs.

You can set up forwarding DNS servers to use multiple upstream servers to achieve redundancy.

Centralized management

DNS forwarding centralizes DNS management. In distributed networks, maintaining consistent DNS configurations across multiple servers remains a challenge.

Servers guide all DNS traffic through a central server that can uniformly apply DNS policies, filtering, and logging. This centralized approach simplifies the management of DNS settings

Challenges of a forwarding DNS server

Forwarding DNS servers do, however, present a few potential challenges to users. These include:

Potential latency issues. When a server forwards queries to geographically distant DNS servers, it can introduce latency. This latency may result in delayed responses to DNS queries for time-sensitive applications.
Risk of outages. A forwarding server that lacks redundancy can become a single point of failure. If the forwarding DNS server goes down, all DNS queries from clients relying on that server will fail, causing widespread network outages.
Troubleshooting challenges. Troubleshooting issues in a forwarding server setup can be more complex than in a standard DNS configuration. Problems can arise at multiple points - on the client side, within the forwarding server, or with the upstream DNS servers.

How to configure a forwarding DNS server

The basic configuration steps are as follows:

Install DNS server software. Install the DNS server software of your choice. On Windows, you can add the DNS server role via the server manager.
Configure forwarding. Use the DNS manager to navigate to the server properties, and add the IP addresses of the upstream DNS servers under the "Forwarders" tab.
Test the configuration. After configuring the forwarding settings, restart the DNS server service and use tools like nslookup to verify that DNS queries are being forwarded as expected.
Monitor and log. Enable logging on the DNS server to monitor the forwarding process and catch any errors or performance issues.

When implementing a forwarding server, make sure to keep in mind security considerations. Consider DNSSEC to protect against DNS spoofing attacks. Additionally, restrict access to the DNS server by configuring firewall sules along with access control lists.

You also want to set up multiple forwarding DNS servers for redundancy to avoid a single point of failure.

As a precaution, keep the DNS server software updated to ensure it has the latest security patches and performance improvements.

Common use cases for forwarding DNS servers

Forwarding DNS servers are versatile. You can apply them in various scenarios to optimize your network.

Content delivery networks, for example, capitalize on DNS to direct users to the nearest server. Information technology customizes forwarding servers to work seamlessly with content delivery networks, resolving DNS queries efficiently.

These servers also help with load balancing and traffic management. In environments where load balancing matters, forwarding DNS servers help distribute traffic. They distribute traffic evenly across a set of servers so that a single server doesn’t get overwhelmed. Customers in big entities receive uninterrupted service.

Furthermore, cloud computing and virtual private network environments commonly use these servers. In cloud computing, they help manage DNS queries across distributed networks. For virtual private networks, the system provides secure DNS resolution to protect users' online activities from interception.

Frequently asked questions

Can I use a forwarding DNS server with my existing DNS setup?

Yes, you can integrate a forwarding DNS server into your existing setup to optimize query handling.

Does a forwarding DNS server cache DNS responses?

Yes, forwarding DNS servers cache DNS responses locally to boost resolution for repeated queries within the cache's lifespan.

What happens if the upstream DNS server is unavailable?

The forwarding DNS server can fall back to alternative servers if the upstream server isn't available.

Written by Lizzy Schinkel & WhatIsMyIP.com® Editorial Contributors

Lizzy is a tech writer for WhatIsMyIP.com®, where she simplifies complex tech topics for readers of all levels. A Grove City College graduate with a bachelor’s degree in English, she’s been crafting clear and engaging content since 2020. When she’s not writing about IP addresses and online privacy, you’ll likely find her with a good book or exploring the latest tech trends.

Technically Reviewed by Brian Gilbert

Brian Gilbert is a tech enthusiast, network engineer, and lifelong problem solver with a knack for making complicated topics simple. As the overseer of WhatIsMyIP.com®, he combines decades of experience with a passion for helping others navigate the digital world.