Set Windows DNS forwarders to SecureSchool for reliable content filtering.

Summary #

In a typical Microsoft Windows network, all workstations point to the domain controller for DNS resolution. To ensure SecureSchool can filter traffic properly, your Windows DNS servers must forward all external DNS queries to the SecureSchool appliance.

This is especially important for Chromebooks, tablets, and handheld devices, which may not use proxy settings consistently. Forwarding guarantees SecureSchool enforces filtering on all devices.

Why this matters: If DNS requests are not forwarded, users may bypass SecureSchool filtering by setting an external DNS service (Google, Cloudflare, etc.) or using DNS apps.

Windows Server 2016, 2019, or 2022 #

1. Open Server Manager > Tools > DNS.
2. In the DNS Manager console, right-click your server name and choose Properties.
3. Select the Forwarders tab.
4. Click Edit, then enter the IP address of your SecureSchool appliance.
5. Remove any other forwarders from the list.
6. Uncheck Use root hints if no forwarders are available.
7. Click OK to save changes.
8. Clear the DNS cache:
   • From the DNS Manager: right-click Cached Lookups > Clear Cache.
   • Or from a command prompt:

     ipconfig /flushdns

9. Repeat on all DNS servers in your network.

Windows Server 2012 / 2012 R2 #

Follow the same process as above. The menus may look slightly different, but the steps are identical:

• Open DNS Manager
• Edit the Forwarders tab
• Enter your SecureSchool IP
• Remove other forwarders
• Uncheck root hints
• Clear cache

Windows Server 2008 (Legacy Environments) #

1. Go to Start > Administrative Tools > DNS.
2. Right-click the server name > Properties.
3. Select the Forwarders tab.
4. Add the IP of your SecureSchool appliance as a forwarder.
5. Remove other forwarders.
6. Uncheck Use root hints if no forwarders are available.
7. Repeat on all DNS servers.

Windows Server 2000 / 2003 (Obsolete) #

While these platforms are no longer supported, the legacy method is:

1. Start > Administrative Tools > DNS.
2. Right-click server name → Properties.
3. Select Forwarders tab.
4. Add the IP of your SecureSchool appliance as a forwarder.
5. Remove other forwarders.
6. Check Do not use recursion for this domain.
7. Repeat on all DNS servers.

Note: Windows 2000/2003 are obsolete and should be upgraded for security reasons.

Once configured, all external DNS queries will be processed by SecureSchool, ensuring consistent and reliable filtering across your entire network.

References #

• Microsoft: DNS Forwarding in Windows Server
• Microsoft: Quickstart: Install and configure DNS Server on Windows Server Microsoft Learn
• Microsoft: Troubleshoot DNS name resolution failures related to DNS forwarders Microsoft Learn