| Author |
Message |
Noozer
Guest
|
 Posted:
Mon Jan 03, 2005 10:45 am Post subject:
Reverse DNS for internal IP's? |
|
|
I'm fairly green when it comes to DNS. I've got my Win 2K3 server handling
forward lookups for a few domains, but how do I get it to give me a specific
name for an IP?
Basically, if I lookup on 10.0.11.16 I want it to return
"server.mydomain.com". If I enter 10.0.11.64 I want it to return
"client1.mydomain.com", etc. |
|
| Back to top |
|
 |
Todd J Heron
Guest
|
| Posted:
Mon Jan 03, 2005 10:51 am Post subject:
Re: Reverse DNS for internal IP's? |
|
|
You would need to create a reverse zone. However, reverse lookup
zones/records are not required in any way for AD to function properly,
unless you are worried about getting output from NSLookup.
--
Todd J Heron, MCSE
Windows Server 2003/2000/NT
----------------------------------------------------------------------------
This posting is provided "as is" with no warranties and confers no rights |
|
| Back to top |
|
|
Herb Martin
Guest
|
| Posted:
Mon Jan 03, 2005 11:26 am Post subject:
Re: Reverse DNS for internal IP's? |
|
|
"Noozer" <dontspam@me.here> wrote in message
news:uD0C$7U8EHA.1596@tk2msftngp13.phx.gbl...
| Quote: | I'm fairly green when it comes to DNS. I've got my Win 2K3 server handling
forward lookups for a few domains, but how do I get it to give me a
specific
name for an IP?
|
Reverse zones as you have surmised.
You have to create the reverse zones and
there is NO direct relationship in DNS
between the forward and reverse zones
(that is a human assumption.)
| Quote: | Basically, if I lookup on 10.0.11.16 I want it to return
"server.mydomain.com". If I enter 10.0.11.64 I want it to return
"client1.mydomain.com", etc.
|
As Todd (in response said), unless YOU want the
reverse zones they are not critical for most internal
programs.
Even the deal with NSLookup is just a cosmetic matter
and really doesn't hurt anything (except confuse the
unwarry.)
--
Herb Martin
|
|
| Back to top |
|
|
Noozer
Guest
|
| Posted:
Mon Jan 03, 2005 11:49 am Post subject:
Re: Reverse DNS for internal IP's? |
|
|
"Todd J Heron" <todd_heron@hotmail.com> wrote in message
news:%23MQ1b$U8EHA.2276@TK2MSFTNGP09.phx.gbl...
| Quote: | You would need to create a reverse zone. However, reverse lookup
zones/records are not required in any way for AD to function properly,
unless you are worried about getting output from NSLookup.
|
That's one of the issues I want to resolve. This server isn't part of a
domain so AD isn't involved.
I just want to get reverse DNS applied to some of the internal IPs on out
LAN.
I did try to create a reverse zone, but quickly got lost with the
x.x.x.in-arpa...etc. |
|
| Back to top |
|
|
Herb Martin
Guest
|
| Posted:
Mon Jan 03, 2005 1:31 pm Post subject:
Re: Reverse DNS for internal IP's? |
|
|
"Noozer" <dontspam@me.here> wrote in message
news:OT385fV8EHA.4004@tk2msftngp13.phx.gbl...
| Quote: |
"Todd J Heron" <todd_heron@hotmail.com> wrote in message
news:%23MQ1b$U8EHA.2276@TK2MSFTNGP09.phx.gbl...
You would need to create a reverse zone. However, reverse lookup
zones/records are not required in any way for AD to function properly,
unless you are worried about getting output from NSLookup.
That's one of the issues I want to resolve. This server isn't part of a
domain so AD isn't involved.
I just want to get reverse DNS applied to some of the internal IPs on out
LAN.
I did try to create a reverse zone, but quickly got lost with the
x.x.x.in-arpa...etc.
|
MENTALLY you can just read "in-addr.arpa." as
"REVERSE_ZONE" but you do have to use the arpa
name to get it to work.
So you append "in-addr.arpa." onto the particular
child zone you are creating, much as you do you company
name onto .com when you are delegated from the
commercial zone.
You will reverse the octets in the zone - but be warned
the GUI MMC "helps" with this so you must ensure that
the result you obtain is the correct ZONE NAME:
"Ten-Net" zones names normally look like one of:
10.in-addr.arpa
0.10.in-addr.arpa
11.0.10.in-addr.arpa
All of these will work, but you only use the first if
you (or your DNS server really) controlled all of the 10
net, and use the latter if if is only the 10.0.11.0/24 subnet.
Partial octet masks are possible but more complicated to
create. (I also doubt that you care right now.)
Note: Making such a zone and making it DYNAMIC are
two seperate issues -- again, both are unrelated to the
forward zones you deploy.
--
Herb Martin
|
|
| Back to top |
|
|
Noozer
Guest
|
| Posted:
Tue Jan 04, 2005 8:56 am Post subject:
Re: Reverse DNS for internal IP's? |
|
|
<snip>
| Quote: | Basically, if I lookup on 10.0.11.16 I want it to return
"server.mydomain.com". If I enter 10.0.11.64 I want it to return
"client1.mydomain.com", etc.
As Todd (in response said), unless YOU want the
reverse zones they are not critical for most internal
programs.
Even the deal with NSLookup is just a cosmetic matter
and really doesn't hurt anything (except confuse the
unwarry.)
|
Ah, but there are small issues... NSLOOKUP for example.
Since my internal DNS server has no reverse, NSLOOKUP jumps to the secondary
DNS server for lookups:
C:\>nslookup
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 10.0.11.16: Timed out
Default Server: nsc2.so.cg.shawcable.net
Address: 64.59.135.135
....so, now I have to switch BACK to the 10.0.11.16 server that it should be
using in the first place.
It's not a big deal really. I just want to understand how it works as much
as I want to name the IP's on my LAN. |
|
| Back to top |
|
|
Herb Martin
Guest
|
| Posted:
Tue Jan 04, 2005 9:07 am Post subject:
Re: Reverse DNS for internal IP's? |
|
|
| Quote: | Since my internal DNS server has no reverse, NSLOOKUP jumps to the
secondary
DNS server for lookups:
|
That is NOT why NSLookup does this -- it does
it because the first doesn't answer.
NSlookup works just fine with no reverse, it just
puts up a stupic (bogus) error message that
really doesn't matter.
Of course you can use Dig, or just ping.
--
Herb Martin
"Noozer" <dontspam@me.here> wrote in message
news:IBnCd.683585$nl.212562@pd7tw3no...
| Quote: | snip
Basically, if I lookup on 10.0.11.16 I want it to return
"server.mydomain.com". If I enter 10.0.11.64 I want it to return
"client1.mydomain.com", etc.
As Todd (in response said), unless YOU want the
reverse zones they are not critical for most internal
programs.
Even the deal with NSLookup is just a cosmetic matter
and really doesn't hurt anything (except confuse the
unwarry.)
Ah, but there are small issues... NSLOOKUP for example.
Since my internal DNS server has no reverse, NSLOOKUP jumps to the
secondary
DNS server for lookups:
C:\>nslookup
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 10.0.11.16: Timed out
Default Server: nsc2.so.cg.shawcable.net
Address: 64.59.135.135
...so, now I have to switch BACK to the 10.0.11.16 server that it should
be
using in the first place.
It's not a big deal really. I just want to understand how it works as much
as I want to name the IP's on my LAN.
|
|
|
| Back to top |
|
|
Kevin D. Goodknecht Sr. [
Guest
|
| Posted:
Tue Jan 04, 2005 8:15 pm Post subject:
Re: Reverse DNS for internal IP's? |
|
|
In news:IBnCd.683585$nl.212562@pd7tw3no,
Noozer <dontspam@me.here> commented
Then Kevin replied below:
| Quote: | snip
Ah, but there are small issues... NSLOOKUP for example.
Since my internal DNS server has no reverse, NSLOOKUP
jumps to the secondary DNS server for lookups:
C:\>nslookup
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 10.0.11.16: Timed
out
Default Server: nsc2.so.cg.shawcable.net
Address: 64.59.135.135
...so, now I have to switch BACK to the 10.0.11.16 server
that it should be using in the first place.
It's not a big deal really. I just want to understand how
it works as much as I want to name the IP's on my LAN.
|
A point that Herb missed in his reply is that you should not use your ISP's
DNS in any position, especially in an Active Directory environment. Your
ISP's DNS has no information for your local network and will cause errors in
Active Directory.
If this is a Win2k3 Domain you will get 40961 Warnings that "The Security
System could not establish a secured connection with the server <server
name>." Usually the server listed will be prisoner.iana.org which is the
internet black hole DNS server for private IP addresses. To fix this in your
case you need a reverse lookup zone named 11.0.10.in-addr.arpa. (10.0.11.x
Subnet) If you set the zone to allow dynamic updates, your machines will be
able to create their own PTR records. You can also create your own manual
PTRs with any name you choose, reverse lookups are not necessary for proper
AD function, so you should use Secure updates or manual PTRs, IMO.
--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
=================================== |
|
| Back to top |
|
|
Herb Martin
Guest
|
| Posted:
Tue Jan 04, 2005 10:45 pm Post subject:
Re: Reverse DNS for internal IP's? |
|
|
| Quote: | A point that Herb missed in his reply is that you should not use your
ISP's
DNS in any position, especially in an Active Directory environment. Your
ISP's DNS has no information for your local network and will cause errors
in
Active Directory.
|
Yes. I did miss that -- and even after Kevin pointed
it out I had to re-read about 4 messages to see where
it was even mentioned.
It wasn't -- Kevin caught it off the NSLOOKUP RESULTS.
I paid no attention to that -- which is a far bigger deal
than this who reverser lookup or nslookup question.
My mistake was answering the question (really) rather
than seeing the real problem.
Good catch Kevin.
--
Herb Martin
"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:OfsWjfm8EHA.2112@TK2MSFTNGP14.phx.gbl...
| Quote: | In news:IBnCd.683585$nl.212562@pd7tw3no,
Noozer <dontspam@me.here> commented
Then Kevin replied below:
snip
Ah, but there are small issues... NSLOOKUP for example.
Since my internal DNS server has no reverse, NSLOOKUP
jumps to the secondary DNS server for lookups:
C:\>nslookup
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 10.0.11.16: Timed
out
Default Server: nsc2.so.cg.shawcable.net
Address: 64.59.135.135
...so, now I have to switch BACK to the 10.0.11.16 server
that it should be using in the first place.
It's not a big deal really. I just want to understand how
it works as much as I want to name the IP's on my LAN.
A point that Herb missed in his reply is that you should not use your
ISP's
DNS in any position, especially in an Active Directory environment. Your
ISP's DNS has no information for your local network and will cause errors
in
Active Directory.
If this is a Win2k3 Domain you will get 40961 Warnings that "The Security
System could not establish a secured connection with the server <server
name>." Usually the server listed will be prisoner.iana.org which is the
internet black hole DNS server for private IP addresses. To fix this in
your
case you need a reverse lookup zone named 11.0.10.in-addr.arpa. (10.0.11.x
Subnet) If you set the zone to allow dynamic updates, your machines will
be
able to create their own PTR records. You can also create your own manual
PTRs with any name you choose, reverse lookups are not necessary for
proper
AD function, so you should use Secure updates or manual PTRs, IMO.
--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in