How to configure DNS Forwarding and a forwarder name server

A DNS forwarder is a resolver system that forwards all queries to the configured caching-only DNS server. Forwarding DNS queries to a caching-only server is called DNS forwarding. A DNS forwarder is similar to a caching-only name server. If we have a caching-only name server, we can easily convert it into a DNS forwarder.

In the previous tutorial of this series, we configured a caching-only name server in our practice lab. In this tutorial, we will convert it into a DNS forwarder. Since a DNS forwarder forwards queries to a caching-only name server, we also need a caching-only name server. We will configure RHELServer2 as the caching-only name server. Currently, the DNS service is not running on this system.

The following image shows this lab setup.

lab set up for DNS forwarding

Configuring the DNS forwarder

As mentioned earlier, a DNS forwarder is similar to a caching-only name server. To configure a DNS forwarder, we must follow all the configuration steps of a caching-only name server. I have already explained those steps in the previous tutorial. By following those steps, configure and verify a caching-only name server.

This tutorial is part of the following tutorial series on DNS server concepts and configurations.

Chapter 01   How to configure DNS Server in Linux
Chapter 02   DNS Basic Concepts, Fundamentals, and Terminology
Chapter 03   DNS Server and Query Types Explained
Chapter 04   The /etc/hosts, /etc/resolv.conf, and /etc/nsswitch.conf files
Chapter 05   The dig command on Linux
Chapter 06   The nslookup command on Linux
Chapter 07   Change or specify the DNS server to the nslookup command
Chapter 08   DNS zone File Format
Chapter 09   The TTL and ORIGIN directives in the zone file
Chapter 10   Types of resources records in zone files
Chapter 11   The SOA Record Explained in the DNS zone file
Chapter 12   The NS Record, Glue record, and Lame Delegation
Chapter 13   The MX record in a zone file explained
Chapter 14   The a, aaaa, and cname DNS record types
Chapter 15   The pointer (PTR) record and Reverse mapping Explained
Chapter 16   How to configure a caching-only name server
Chapter 17   How to configure DNS Forwarding and a forwarder name server
Chapter 18   How to configure a primary or master authoritative name server
Chapter 19   How to configure a secondary or slave authoritative name server
Chapter 20   How to configure reverse mapping on DNS name servers

Converting a caching-only name server into a DNS forwarder

In our lab, we configured the caching-only name server on RHELServer1. Let us convert it into a DNS forwarder.
Login from the root account and open the /etc/named.conf file.

the /etc/named.conf file

The following image shows the current configuration of this file. With this configuration, the DNS service runs the caching-only name server on this system.

caching-only name server configuration

The following two options convert this caching-only name server into a DNS forwarder.

forwarders {IP_address_of_the_caching_only_server;};
forward only;

The first option requires the IP address of the caching-only name server that will receive DNS queries from this system. In other words, this system will forward DNS queries to the caching-only name server configured in this option. In our example, we will configure the caching-only DNS server on RHELServer2. RHELServer2's IP address is 192.168.29.101. Therefore, we will add this IP address to this option.

A DNS forwarder forwards DNS queries to the configured caching-only name server. If DNS queries fail because of a server error or timeout, a forwarder starts working as the caching-only name server. It is the default behaviour of the DNS forwarder. The second option overrides this behaviour and configures the name server as a DNS forwarder-only server.

Configure both options and save the file.

DNS forwarding configuration

Restart the named server.

Restart named service

Add an allow rule for the DNS service in the firewall.

firewall rule

Flush the DNS cache.

flush DNS cache

Configuring a DNS client for testing

We have already configured RHELClient as a DNS client system for testing. With the current configuration, it sends DNS queries to RHELServer1. Since we have configured RHELServer1 as a DNS forwarder, we do not need to make any changes.

Configuring the caching-only name server

The following steps configure RHELServer2 as the caching-only name server.

  • Install the bind and bind-utils packages.
  • Open the /etc/named.conf file.
  • Add RHELServer2's IP address in the listen-on port 53 option and the network address 192.168.29.0/24 in the allow-query option.
  • Restart the named service.
  • Add an allow rule for the DNS service in the firewall.
  • Flush the DNS cache.

I have already explained the above steps in the previous tutorial. You can check that tutorial if you need help with any configuration step.

The following image shows the configuration in /etc/named.conf you need on RHELServer2

caching-only name server configuration

The following image shows the command you need to allow the DNS service in the firewall.

firewall rule

Testing and verifying the DNS forwarding

To test and verify DNS forwarding, use the following command on RHELClient.

#dig google.com

dig google

Since we configured RHELServer1's IP address as the DNS server IP address on RHELClinet, this command sends a DNS query to RHELServer1. RHELServer1 is a DNS forwarder. It forwards this query to RHELServer2. RHELServer2 is a caching-only name server. It resolves this query, caches the answer, and replies to RHELServer1. RHELServer1 caches the answer and replies to RHELClient.

DNS forwarding process

We can view the DNS cache on the DNS forwarder and the caching-only name server to verify both systems cache the answer. DNS saves the cache data in an encrypted format. The rndc dumpdb -cache command de-encrypts it and saves the output into the /var/named/data/cache_dump.db file.

We can use the grep command to find a record in the output file.

The following image shows how to verify the answer is cached on the DNS forwarder (RHELServer1).

viewing DNS cache

The following image shows how to verify the answer is cached on the caching-only name server (RHELServer2).

viewing DNS cache

To verify only the caching-only server is resolving queries, stop the named service on RHELServer2 and send ping requests to yahoo.com from RHELClient.

The following command stops the named service.

#systemctl stop named

Use this command on RHELServer2.

stopping named service

The following command sends ping requests to yahoo.com.

#ping yahoo.com

Use this command on RHELClient.

ping fail

Now, use the following command to start the named service again.

#systemctl start named
or
#systemclt restart named

Start named service

Send the ping requests to yahoo.com from RHELClient again.

Testing and verfing yahoo

When we stop the named service, RHELClient fails to get yahoo.com's IP address from the configured name server. When we start the named service, RHELClient gets yahoo.com's IP address from the configured name server. It verifies only the caching-only name server is resolving DNS queries in the network.

Conclusion

A DNS forwarder forwards DNS queries to the caching-only server. A caching-only server resolves them and replies to the forwarder system. The forwarder caches the answer and replies to the DNS clients. The difference between a forwarder and a caching-only name server is that only a caching-only name server can communicate with authoritative names to resolve DNS queries.

By ComputerNetworkingNotes Updated on 2025-09-29

ComputerNetworkingNotes Linux Tutorials How to configure DNS Forwarding and a forwarder name server

We do not accept any kind of Guest Post. Except Guest post submission, for any other query (such as adverting opportunity, product advertisement, feedback, suggestion, error reporting and technical issue) or simply just say to hello mail us ComputerNetworkingNotes@gmail.com