The system failed to register pointer (PTR) resource records (RRs) fornetwork adapter

Discussion in 'DNS Server' started by Kirill S. Palagin, Jan 4, 2004.

  1. Hello.

    On each bootup of WS2003 I am getting event 11161 (below). It is sending
    update to some bogus DNS server. Where does it get that server? IPCONFIG
    /all below.

    Thanks a lot.

    Event Type: Information
    Event Source: DnsApi
    Event Category: None
    Event ID: 11161
    Date: 04.01.2004
    Time: 16:04:42
    User: N/A
    Computer: S05
    Description:
    The system failed to register pointer (PTR) resource records (RRs) for
    network adapter
    with settings:

    Adapter Name : {143DCD93-1CD9-428B-AB58-B0E16CFC6828}
    Host Name : s05
    Adapter-specific Domain Suffix : phxmsk.ru
    DNS server list :
    172.16.0.16
    Sent update to server : 192.175.48.1
    IP Address : 172.16.0.15

    The reason the system could not register these RRs during the update
    request was because of a system problem. You can manually retry DNS
    registration of the network adapter and its settings by typing "ipconfig
    /registerdns" at the command prompt. If problems still persist, contact
    your DNS server or network systems administrator. For specific error
    code, see the record data displayed below.

    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 51 27 00 00 Q'..


    U:\>ipconfig /all

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : s05
    Primary Dns Suffix . . . . . . . : phxmsk.ru
    Node Type . . . . . . . . . . . . : Unknown
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : phxmsk.ru

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : 3Com EtherLink XL 10/100 PCI For
    Complete
    PC Management NIC (3C905C-TX)
    Physical Address. . . . . . . . . : 00-04-79-66-BB-99
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 172.16.0.15
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . :
    DNS Servers . . . . . . . . . . . : 172.16.0.16
     
    Kirill S. Palagin, Jan 4, 2004
    #1
    1. Advertisements

  2. Kirill S. Palagin

    Thomas Lee Guest

    You need to look at 172.16.0.15 - do you have a reverse loookup zone
    defined there?



    Thomas
     
    Thomas Lee, Jan 4, 2004
    #2
    1. Advertisements

  3. Thanks for your response.
    172.16.0.15 is IP address of S05, which is the server that generates that
    event. It does not have DNS service installed.
     
    Kirill S. Palagin, Jan 4, 2004
    #3
  4. Kirill S. Palagin

    sharad Guest

    It seems you have on your network a DNS Server
    with IP address 172.16.0.16
    In that DNS server do you have a reverse lookup zome
    0.16.172 in arpa?

    If not then create a reverse lookup zone on that DNS server.
    Sharad
     
    sharad, Jan 4, 2004
    #4
  5. Why do I need reverse lookup zone and where does 192.175.48.1 come from?

    Thanks.
     
    Kirill S. Palagin, Jan 5, 2004
    #5
  6. In Kirill S. Palagin <> posted a question
    Then Kevin replied below:
    : Why do I need reverse lookup zone and where does 192.175.48.1 come
    : from?
    :
    Since you don't have a zone it is being refered to iana.org
    Asking f.root-servers.net for 16.0.16.172.in-addr.arpa PTR record:
    f.root-servers.net says to go to indigo.arin.net. (zone:
    172.in-addr.arpa.)
    Asking indigo.arin.net. for 16.0.16.172.in-addr.arpa PTR record:
    indigo.arin.net says to go to BLACKHOLE-2.IANA.ORG. (zone:
    16.172.in-addr.arpa.)
    Asking BLACKHOLE-2.IANA.ORG. for 16.0.16.172.in-addr.arpa PTR record:
    Reports that no PTR records exist.

    Asking e.root-servers.net for 1.48.175.192.in-addr.arpa PTR record:
    e.root-servers.net says to go to chia.arin.net. (zone:
    192.in-addr.arpa.)
    Asking chia.arin.net. for 1.48.175.192.in-addr.arpa PTR record:
    chia.arin.net says to go to NOC.UMD.EDU. (zone:
    48.175.192.in-addr.arpa.)
    Asking NOC.UMD.EDU. for 1.48.175.192.in-addr.arpa PTR record: Reports
    prisoner.iana.org.

    Answer:
    192.175.48.1 PTR record: prisoner.iana.org.


    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ============================
    --
    When responding to posts, please "Reply to Group" via your
    newsreader so that others may learn and benefit from your issue.
    To respond directly to me remove the nospam. from my email.
    ==========================================
    http://www.lonestaramerica.com/
    ==========================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ==========================================
    Keep a back up of your OE settings and folders with
    OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ==========================================
     
    Kevin D. Goodknecht [MVP], Jan 5, 2004
    #6
  7. Kirill S. Palagin

    sharad Guest

    192.175.48.1 is RFC1918 blackhole server (prisoner.iana.org).

    Win2003 when booted it tires to registers dynamic updates 'A' and PTR
    record.
    Now for 'A' dynamic update, on your DNS you already have forward lookup
    zone.

    Your 2003 box when tries to register it's PTR it asks your DNS Server
    who is resopnsible for that 192.168.0 .... PTR records.Since you do not
    have
    reverse lookup zone, your DNS server searches for it on the internet, for
    192...
    and resolves it to 192.175.48.1 (this is because prisoner.iana.org, leaks
    it's
    IP on the interent many times, which it is not supposed to do.)

    SO your win 2003 server tries to update the PTR record on 192.175.48.1 .

    This problem can be solved by creating the Reverse Look Up zone on your
    DNS server for 192.168.0, so that your DNS server will accept the
    PTR update and will not forward the PTR update request on the internet.

    Sharad
     
    sharad, Jan 5, 2004
    #7
  8. Kirill S. Palagin

    sharad Guest

    Sorry I messed up the IP addresses with my server's one, in the rpely.
    But you must have understood... create reverse lookup zone
    for 172.16.0
    (even for this through roots servers, your DNS will keep on searching
    who is responsible for this reverse lookup and will resolve to whoever
    is leaking the bogus IP on the internet.)

    Sharad

     
    sharad, Jan 5, 2004
    #8
  9. OK, got it.
    Thanks a lot sharad and Kevin.
     
    Kirill S. Palagin, Jan 5, 2004
    #9
  10. Now I have got another question -
    looking at entries in newly created reverse lookup zone I can see some host
    names are appended with DNS domain and some are not. Why?

    Thanks.
     
    Kirill S. Palagin, Jan 5, 2004
    #10
  11. Kirill S. Palagin

    sharad Guest

    On the host machines which are not appending DNS Suffix,
    set the DNS suffix, in TCP/IP properties DNS Tab.

    There is another way to do this on the server itself.
    (I assume your DNS Server is on win 2003 K box)
    On that box:
    Default Domain Policies-> computer configuration->
    Administrative Template->Network->DNS Client
    There find Primary DNS Suffix, enable it and give the
    DNS suffix you wish.
    With this setting enabled all computers joining the Domain
    will register DNS Suffix that is set in above setting, irrespective
    of what DNS suffix is mentioned (or not at all mentioned) on
    individual computers.

    Sharad
     
    sharad, Jan 5, 2004
    #11
  12. Kirill S. Palagin

    sharad Guest

    Please note for the later option, you must restart
    the host machines, (not the server) for change to
    take effect on the host machines.

    Sharad
     
    sharad, Jan 5, 2004
    #12
  13. It isdistributed via DHCP to every machine (except servers):

    Windows 2000 IP Configuration

    Host Name . . . . . . . . . . . . : suhaas
    Primary DNS Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : Yes
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : phxmsk.ru

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . : phxmsk.ru
    Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast
    Eth
    ernet NIC
    Physical Address. . . . . . . . . : 00-A0-0C-90-D6-C2
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    IP Address. . . . . . . . . . . . : 172.16.0.136
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . :
    DHCP Server . . . . . . . . . . . : 172.16.0.16
    DNS Servers . . . . . . . . . . . : 172.16.0.16
    Primary WINS Server . . . . . . . : 172.16.0.16
    Lease Obtained. . . . . . . . . . : 05 January 2004 12:04:02
    Lease Expires . . . . . . . . . . : 05 January 2004 12:12:02
     
    Kirill S. Palagin, Jan 5, 2004
    #13
  14. Kirill S. Palagin

    sharad Guest

    With DHCP you distribute connection specific domain suffix.
    But whether to use if for regstration or not is decided by the client
    machine.
    On the client machines which are not registering the DNS Suffix,
    in TCP/IP Properties on DNS Tab, check that
    "Use this connection's DNS Suffix in DNS registration" check box is enabled
    or not.
    By default it is disabled.

    Is it that some of the cleinet machines are member of a domain and some are
    not (just workgroup)?
    If this is the case then machines which are member of doamin phxmsk.ru
    will append the
    DNS suffix, even if you do not do what I told above. Those who are not
    member of domain
    will not append the DNS Domain Suffx unless you do what I told above.

    The other option I told to do through Group Policy, for that you don't need
    to do anything else.
    whether domain member or not the DNS suffix will be appended.

    Sharad
     
    sharad, Jan 5, 2004
    #14
  15. What are the implications of leaving everything the way it is (i.e. some with
    DNS suffix and others without)?
    All machines are members of newly created (by upgrade from NT4) Windows 2003
    domain.
     
    Kirill S. Palagin, Jan 5, 2004
    #15
  16. Kirill S. Palagin

    sharad Guest

    I don't think there would be any implications.
    If you run a specific application / service on clicent
    machine which requires a reverse lookup then you
    will need the PTR to be recorded with DNS suffix
    (For example .. a mail server (public) would need a
    reverse lookup..)
    But I don't think you will be
    running a mail server on a cleint machine.

    Sharad
     
    sharad, Jan 5, 2004
    #16
  17. OK.
    Thanks for your help!
     
    Kirill S. Palagin, Jan 5, 2004
    #17
  18. s> Your 2003 box when tries to register it's PTR it asks your
    s> DNS Server who is resopnsible for that 192.168.0 .... PTR
    s> records.Since you do not have reverse lookup zone, your DNS
    s> server searches for it on the internet, for 192... and
    s> resolves it to 192.175.48.1 (this is because prisoner.iana.org,
    s> leaks it's IP on the interent many times, which it is not
    s> supposed to do.)

    This is not a "leak" of that IP address, and far from being something that is
    not supposed to occur what is being published is in fact entirely proper.

    Where there _is_ a leak is _in his own_ proxy DNS server. DNS lookups for the
    reverse lookup domain names corresponding to the RFC 1918 non-public IP
    address ranges that he uses should not have escaped his system to reach the
    rest of Internet. _That_ is the leak.
     
    Jonathan de Boyne Pollard, Jan 5, 2004
    #18
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.