How to Configure Conditional Forwarders in Windows Server 2008

Filed Under (Active Directory, DNS, Windows Server 2008) by on 05-09-2008

Conditional Forwarders was a new feature within the Microsoft DNS server for Windows Server 2003.  It was a great addition that allowed you to specify a specific DNS server for clients trying to resolve hosts in a specific domain.  This way you could tell the DNS server to always go to a specific DNS server for specific domain names.

One of the things that you will find different in Windows Server 2008’s DNS is how it displays Conditional Forwarders.  Previously you needed to view the Forwarders tab in the DNS server’s properties. Here is shot of the old way.


The new way is in plain site…but it still seems like people miss it.

Now here is a look at what type of options you have for it:

You just place the DNS domain name in the top section and the IP address of the DNS server that is authoritative for that domain below.  Notice you also can store this Conditional Forwarder in Active Directory if you want.  It is NOT the default.  Behind that drop down is the amount of time the DNS server will wait before it times out…which is 5 seconds by default.

Hopefully that helps you figure out how DNS Conditional Forwarders are set up in Windows Server 2008

9 Responses to “How to Configure Conditional Forwarders in Windows Server 2008”

  1.   dave Says:

    Two questions:
    – does storing in AD require you to have the w2008 schema updates and/or be at 2008 funcational levels for the domain or forest?
    – can you set the conditional forwarders via a command-line or powershell? I can”t find the option in dnscmd.exe


  2.   BrianM Says:

    Hi Dave,

    Windows Server 2008”s DNS does not require your domain to have a 2008 DC nor does it require any special domain or forest functional level. Of course you will get the most bang for your buck if your DC is also a DNS server.

    As for your second question take a look here for more info on using DNSCMD to configure a forwarder –

    Hope that helps,


  3.   XLio Says:


    Do you know how to get list of contitinoal forwarders from the command line or script?



  4.   BrianM Says:

    You could run the following command to view the DNS Forwarders for a server:
    dnscmd /info

    The bottom will have a section called Forwarders and the IPs will be listed.


  5.   Daniel Says:

    I installed a server for a small business with server 2008.I”m unable to view de business domain (only) on the web via the server and all user computers on the LAN.

    Do i have to configure the conditional forwarders?

    Any help would be appreciated….




  6.   Aakash Says:

    The old way offered a “All other DNS domains” option. How can you accomplish setting a forwarding rule for “All other DNS domains” in Server 2008?



  7.   BrianM Says:

    Hi Askash,
    It doesn”t really spell it out for you like it did in 2003. That can be found in the old location which is by going to the properties of the server name in the DNS console. From there you still have the forwarders tab but that is where you will put a condition in for all other domains.



  8.   khem sok Says:

    Hello every one,

    I have problem that need help from all of you very much. I practice with wmware about Relay agent.

    I have 3 machines:
    1- Is server ( AD+DNS+DHCP)
    2- Is SUSE Server that run firewall and proxy for allow client can get IP address from server.
    3_ Client windows 7

    My problem is: My server can not resolve DNS physical dns.
    What should I do?


  9.   Cheri Says:

    I am migrating from an old domain, which is a one level domain name, (domain instead of The old domain fqdn is domain, and the new fqdn is

    So, I can’t get the 2012r2 server to ping domain or server.domain, but I can get the old 2008r2 server to ping, but not

    I tried adding domain to dns, I tried a conditional forwarder, and it resolved the server name but thinks that it’s not authoritative. I added the opposite servers ip add as a secondary domain server in their tcpip properties.

    Any ideas? I can figure out how to do this migration without having the trust, because they only have about 12 users and no exchange, but it would be nice to get their dns going and a trust setup, so that I can do this migration in steps with the 3rd party apps. I thought about using the host record, but not sure if that will play nice.


Leave a Reply