PowerShell – DNS – Create conditional forwarder zone

Best practices for DNS forwarding:

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754941%28v%3dws.10%29

https://www.petri.com/best-practices-for-dns-forwarding

To export conditional forwarder zones:

Conditional forwarders are in the same registry key as the zones.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DNS Server\Zones

Export the key then you can import it to the other server.

To export global forwarders settings:

Global forwarders are setup in the following key.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters

Forwarders key

Export the key then you can import it to the other server.

To create a conditional forwarder zone in powershell:

read this reference doc: https://docs.microsoft.com/en-us/powershell/module/dnsserver/add-dnsserverconditionalforwarderzone?view=win10-ps

Examples:

To create a conditional forwarder zone (stored in the registry of the DNS Server):

Add-DnsServerConditionalForwarderZone -Name “contoso.com” -MasterServers 172.23.90.124 -PassThru

ZoneName                            ZoneType        IsAutoCreated   IsDsIntegrated  IsReverseLookupZone  IsSigned

——–                            ——–        ————-   ————–  ——————-  ——–

contoso.com                         Forwarder       False           False           False

This command creates an Active Directory-integrated conditional forwarder zone for contoso.com:

Add-DnsServerConditionalForwarderZone -Name “contoso.com” -ReplicationScope “Forest” -MasterServers 172.23.90.124

To change an existing conditional forwarder zone, use the cmdlet:

Set-DnsServerConditionalForwarderZone