A Windows Server 2022 DNS server that handles internal queries must also resolve hostnames in the partner domain fabric.example. The partner's administrators supplied the IP addresses of two authoritative DNS servers but do not permit any zone transfers. The solution must keep queries for fabric.example inside the private network, avoid copying the partner's zone data to the local server, and prevent the server from forwarding every other external query to the partner. Which DNS feature should the administrator configure on the Windows Server DNS role to meet these requirements?
Set a global forwarder that directs all unresolved queries to the partner's DNS servers.
Create a stub zone for fabric.example and specify the partner's DNS servers as masters.
Configure a conditional forwarder for fabric.example that lists the partner's two authoritative DNS servers.
Host a secondary zone for fabric.example on the local server and disable dynamic updates.
Conditional forwarding is designed precisely for situations in which a DNS server should forward queries for one specific domain to a designated set of external name servers. The local server stores only the IP addresses of those authoritative servers, so no records from the partner's zone are replicated and no zone transfer is needed. When a client asks for a name in fabric.example, the query is forwarded directly to the partner's DNS servers, keeping the traffic on-premises and bypassing public recursion.
A stub zone would still attempt periodic transfers of the SOA, NS, and related glue records, which violates the partner's no-transfer policy. A secondary zone would copy the entire zone database, also disallowed. Configuring a global (unconditional) forwarder would route every unresolved query-not just fabric.example-to the partner, needlessly exposing other traffic and contradicting the stated requirement.