DNS - Forwarders vs Root Hints

  • Article

First of all I would like to say that there's no right configuration...

... but taking in consideration the work I’ve done during the last years as network and ISA/TMG support engineer I personally recommend the use of forwarders instead of root hints.

When you have TMG/ISA doing requests against a DC this configuration is quite important for having good performance... I had quite some issues related with this.
... also based on DNS Best Practice Analyzer Microsoft also recommends the use of forwarders.

I personally recommend to use your ISP DNS servers as forwarders.
The main reason for you to use Forwarders is related with performance – the number of hops required to reach your ISP DNS server is much lower for sure than to access the root hints.
The reason for use root hints is reliability, however in my opinion - this is an old idea…: - most of the Server providers are now reliable and they don’t change their DNS server IPs without proper information. 10 Years ago this was not the case… DNS Server in ISP sometimes were quite problematic and many people suggested and preferred to use Root Hints.
We have also another reason to use forwarders … this reason is related with Firewall configuration, It’s easy to allow only DNS external traffic against those specific ISP DNS Server used has forwarders.
https://technet.microsoft.com/en-us/library/cc816653(WS.10).aspx
Some other forums / discussion topics.
https://social.technet.microsoft.com/Forums/windowsserver/en-US/f815e91c-d8e7-42d8-9b1a-42492022b9e4/dns-forwarders?forum=winserverDS
https://social.technet.microsoft.com/Forums/windowsserver/en-US/2f35cae2-341c-4bfe-9dac-724ddace6d51/dns-question-root-hints-vs-forwarders?forum=winserverNIS