Configure DNS forwarders on Microsoft Windows Server 2008 R2 and 2016
Note the IP addresses of the ETP recursive DNS servers. For more information, see View DNS server information.
Before you begin
Complete these procedures to configure DNS forwarding on the Microsoft Windows Server 2008 R2 and 2016. You can configure DNS forwarding with the Windows Server graphical user interface or the command line.
Graphical user interface
- Click Start and then Administrative Tools. Click DNS
- Right-click the DNS server that you want to configure as a forwarder.
- In the Action menu, select Properties.
- Click the Forwarders tab.
- Click Edit.
- In the Edit Forwarders dialog, enter the primary IP address of the ETP recursive DNS server and press Enter.
- Enter the secondary IP address of the ETP recursive DNS server and press Enter.
- If other servers are listed as forwarders, delete this information. The primary and secondary recursive DNS servers should be the only forwarders listed.
- To change the number of seconds that a DNS server waits for a response before it tries the IP address of the other DNS server, enter a new value in the Number of seconds before forward queries times out field.
- Click OK.
- If selected, disable the Use roots hints if no forwarders are available option. Disable root hints to ensure that all requests are protected by ETP.
- In the properties dialog, click OK.
Command line interface
- Open a command prompt. Run the command prompt as an administrator.
Type this command and press Enter:
dnscmd <ServerName> /ResetForwarders <PrimaryIPaddress ...> [/TimeOut <Time>] [/Slave]
- <ServerName> is the hostname or IP address of the DNS server. To specify the DNS on your local computer, you can type (.)
- <PrimaryIPaddress ...> is one or more IP addresses of the DNS servers where you are forwarding queries. In this case, enter the ETP server IP addresses. Separate each IP address with a space.
- <Time> is the value that you want to configure for the time out setting in seconds. The default time out value is five seconds.
/Slaveparameter indicates that the server will not attempt iterative queries if there is no response from ETP. This means roots hints are used. Do not use root hints to ensure all requests are protected by ETP.