Creating a Reverse Lookup Zone for a classless subnet/domain

Discussion in 'DNS Server' started by EPGeek, Jun 9, 2006.

  1. EPGeek

    EPGeek Guest

    I just upgraded my corporate LAN from NT4 to WindowsServer Interim with
    Active Directory. Everything works great, and now I'm cleaning up a few
    errors/warnings and have run into a problem. When I do an NSLOOKUP the
    command does return the name and IP address that I requested. However it
    also informs me that the DNS server IP I'm using is an "UNKNOWN SERVER". The
    irony is that it even searches correctly when I give it the name of my DNS
    server, but still screams about an "UNKNOWN SERVER". When I queried the
    knowledge base it indicated that I need a "reverse lookup zone" for my
    domain. I use a classless subnet for my zone with a mask of 255.255.248.0 .
    My domain network address is 172.16.8.0 ... My DNS server was configured on
    one my domain controllers with an integrated active directory zone when I
    upgraded the network. I have read KB article 174419 which claims to say how
    to configure the Reverse Lookup Zone I need, but it ends up referring to
    parent domains delegating zones to a child domain??? Not my situation, I
    reside in a private network that does forward Internet requests to an ISP.
    So how do I use the reverse lookup zone wizard in my situation?? Any help
    would be greatly appreciated.
     
    EPGeek, Jun 9, 2006
    #1
    1. Advertisements

  2. The article you noted is for creating a subnetted reverse lookup zone where
    different DNS servers are used for each subnet and the PTRs are delegated to
    the different DNS servers.

    If you have only one DNS server for all subnets, or one zone for all subnets
    it is probably not the best to use. Then, you would just create a zone using
    172.16.x.x (16.172.in-addr.arpa.) when create sub zones for each subnet. You
    can also allow dynamic updates on the zone and these sub zones and PTRs will
    be dynamically created.

    However, if you're total network infrastructure includes your 172.16.8.0/21
    and also the 172.16.0.0/21 separately then you need to follow the article.


    --
    Best regards,
    Kevin D. Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    http://support.wftx.us/
    https://secure.lsaol.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht Sr. [MVP], Jun 10, 2006
    #2
    1. Advertisements

  3. EPGeek

    EPGeek Guest

    Kevin, Thanks for the prompt reply. I will give this a try in the next few
    days. My network infrastructure does consist only as the one subnet of
    172.16.8.0 with a subnet mask of 255.255.248.0 . I tried to set up a reverse
    lookup zone last week using this technique, but it did not seem to work as I
    still received Unknow Server when using NSLOOKUP. However I did not
    necessarily set up a proper PTR record, and perhaps I did not allow the DNS
    caches to clear? Your recommendation has given me the confidence to try this
    again. Thanks for your help.
     
    EPGeek, Jun 12, 2006
    #3
  4. Nslookup bypasses the DNS Client cache, and if you are querying the DNS that
    has the reverse lookup zone directly it would have not had the reverse
    lookup cached if the zone is properly created.
    If the zone has dynamic updates allowed, running ipconfig /flushdns &
    ipconfig /registerdns on the DNS server machine itself should register the
    PTR if dynamic updates have not been disabled on the NIC.

    246804 - How to enable or disable dynamic DNS registrations in Windows 2000
    and in Windows Server 2003:
    http://support.microsoft.com/default.aspx?scid=kb;en-us;246804&Product=winsvr2003

    --
    Best regards,
    Kevin D. Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    http://support.wftx.us/
    https://secure.lsaol.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht Sr. [MVP], Jun 12, 2006
    #4
  5. EPGeek

    EPGeek Guest

    Kevin, I am only creating a Reverse Lookup Zone so that my NSLOOKUP commands
    do not say UNKNOWN SERVER. Do I really need a "reverse lookup zone?" for
    this or for anything else? Was the installation of my forward lookup zone
    for Active Directory also supposed to create a Reverse Lookup Zone? or did
    my "classless" subnet somehow mess things up? Also how do I create a reverse
    pointer record for my NS when my subnet is 255.255.248.0 and the NS is at
    172.16.8.8 The example in the KB article is for a 26 bit network mask and
    would have me enter only the last octet. However my net mask is 21 and would
    include more than the last octet (or not?). Sorry for all the questions, but
    my research has turned up nil on classless subnet zones. I did read the KB
    articles you recommended including Q253575 which says that dynamic updates
    are not performed on a classless subnet reverse lookup zone, so that I must
    do them manually.
     
    EPGeek, Jun 13, 2006
    #5
  6. Not really, reverse lookup zones are not required for AD communication.

    for this or for anything else?
    There is a couple of minor reasons for having a reverse zone, one is
    nslookup, the other is to prevent your server from trying to register PTR
    records in the internet blackhole DNS server, priosoner.iana.org causing
    40960 and 40961 events.


    Was the installation of my forward lookup zone for Active Directory also
    supposed to create a Reverse Lookup Zone?

    No I do not believe that creating reverse lookup zones is done by DCpromo,
    unless it was added with SP1.
    No, not unless you have set up reverse delegations.

    Also how do I create a reverse pointer record for my NS when my subnet is
    255.255.248.0 and the NS is at 172.16.8.8
    The subnet mask is not relevant for creating reverse lookups zones. Create
    the zone, using the wizard using 172.16 leave the last octet blank, or
    create the zone named 16.172.in-addr.arpa. and allow dynamic updates.

    The example in the KB article is for a 26 bit network mask and would have
    me enter only the last octet.
    However my net mask is 21 and would include more than the last octet (or
    not?).

    When you create a reverse lookup zone using this KB, you have to create two
    zones, one named 16.172.in-addr.arpa. with the CNAMES and delegations in it,
    and the other the zone using the delegated zone name e.g.
    8/21.8.16.172.in-addr.arpa. I do not think this zone will dynamically
    update.



    --
    Best regards,
    Kevin D. Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    http://support.wftx.us/
    https://secure.lsaol.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht Sr. [MVP], Jun 13, 2006
    #6
  7. EPGeek

    EPGeek Guest

    Kevin, I created the Reverse Lookup Zone yesterday as network id 172.16 (a
    class B address), and it worked great. I was able to force my NS to register
    using IPCONFIG /registerdns , and all my XP workstations registered
    themselves without prompting. I had wrongly thought that my classless subnet
    would force me to build a classless reverse lookup zone, and be doomed
    forever to manually updating the zone. Thankfully you corrected my thinking.
    Thanks again, epgeek
     
    EPGeek, Jun 16, 2006
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.