Re: Reverse DNS not working internally

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Jimmy (Jimmy_at_discussions.microsoft.com)
Date: 06/28/04 

Date: Mon, 28 Jun 2004 15:10:02 -0700

Herb thanks for your reply,

The objective is to get our SPAM server to do RDNS lookups and reject mail from servers that do not have valid RDNS entries. Our SPAM server points to our internal DNS servers which is uses to deliver mail to our internal mail server. All is working fine until we tell the SPAM server to do RDNS lookups. The SPAM server beings to reject all incoming mail because it is unable to do RDNS on external machines using our internal DNS servers. I am not in any way a DNS guru so feel free to talk down to my level.

I just want to be sure you understand our problem. We are able to resolve RDNS for internal machines on our internal DNS server. That works. The problem is that we want our internal DNS server to do RDNS lookups on external machines and they don't.

"Herb Martin" wrote:

> One presumes that you don't have the "reverse zones" on
> EVERY internal DNS server (nor are you using some
> Win2003 work-around like stub zones or conditional
> forwarding for the zones in question), then when the
> clients request the "internal reverse address record" the
> local DNS server not having it, forwards to the Internet
> DNS server which will NEVER have it since those
> private addresses are not delegated in the INTERNET
> reverse DNS tree.
>
> It is a little confusing exactly which or where the problem
> is surfacing (in your post), but that is most likely the
> reason.
>
> Which servers hold the forward zones you use internally?
> Which servers hold the reverse zones you use internally?
>
> How are these servers configured for "forwarding" or
> internal tree searching (the latter is unlikely)?
>
> How are the clients configured?
>
> --
> Herb Martin
>
>
> "Jimmy" <anonymous@discussions.microsoft.com> wrote in message
> news:22f601c44e7c$fe68f8a0$7d02280a@phx.gbl...
> > --- Problem ---
> >
> > Reverse lookup DNS queries of non-local IP addresses do
> > not resolve on our internal DNS servers.
> >
> > --- Background ---
> > DNS server is internal, supporting Active Directory.
> > It is configured to use forwarders for external lookups.
> > Forward lookups work just fine, both internal and external.
> > Reverse lookups to internal systems work fine too.
> > (10.X.X.X IP space)
> > DNS server is Windows 2000, SP3 AD server.
> > 12.127.17.71 is a DNS server from one of our ISP's.
> > Reverse lookups to this
> > server work just fine.
> > We need this to support an anti-spam product that does
> > reverse lookups for mail servers.
> > We use Hotmail as an example here, but we have also tried
> > to look up other sites/servers.
> >
> >
> > --- This works---
> >
> > C:\>nslookup
> > Default Server: sjc010dc01.fffc.com
> > Address: 10.<deleted>.<deleted>.<deleted>
> >
> > > server 12.127.17.71
> > Default Server: [12.127.17.71]
> > Address: 12.127.17.71
> >
> > > set type=PTR
> > > 230.166.54.65.in-addr.arpa
> > Server: [12.127.17.71]
> > Address: 12.127.17.71
> >
> > Non-authoritative answer:
> > 230.166.54.65.in-addr.arpa name =
> > mc10.bay6.hotmail.com
> >
> > 54.65.IN-ADDR.ARPA nameserver = DNS1.CP.MSFT.NET
> > 54.65.IN-ADDR.ARPA nameserver = DNS1.DC.MSFT.NET
> > 54.65.IN-ADDR.ARPA nameserver = DNS1.SJ.MSFT.NET
> > 54.65.IN-ADDR.ARPA nameserver = DNS1.TK.MSFT.NET
> > 54.65.IN-ADDR.ARPA nameserver = DNS2.CP.MSFT.NET
> > DNS1.CP.MSFT.NET internet address = 207.46.138.20
> > DNS1.DC.MSFT.NET internet address = 64.4.25.30
> > DNS1.SJ.MSFT.NET internet address = 64.4.25.30
> > DNS1.TK.MSFT.NET internet address = 207.46.245.230
> > DNS2.CP.MSFT.NET internet address = 207.46.138.21
> >
> >
> > --- This Does not Work ---
> > C:\>nslookup
> > Default Server: sjc010dc01.fffc.com
> > Address: 10.<deleted>.<deleted>.<deleted>
> >
> > > set type=ptr
> > > 230.166.54.65.in-addr.arpa
> > Server: sjc010dc01.fffc.com
> > Address: 10.<deleted>.<deleted>.<deleted>
> >
> > *** sjc010dc01.fffc.com can't find 230.166.54.65.in-
> > addr.arpa: Non-existent domain
> >
>
>
>

Relevant Pages

  • Re: Restrict Dynamic Updates
    ... outlined in the article "HOW TO Configure DNS for Internet Access in ... Windows Server 2003", realizing that that was not the initial intent ... internal DNS server host external public data. ... internal DNS server that hosts your internal AD infrastructure access from ...
    (microsoft.public.windows.server.dns)
  • Re: Multihomed DNS server install problems
    ... Is this DNS server hosting your ... > order, and make absolutely sure that both NICs are ... "Configure a forwarder for efficient Internet resolution. ... "If it is hosting public records, then you would tell it to only listen on ...
    (microsoft.public.win2000.dns)
  • Re: DNS not resolving correctly on VPN
    ... When they log in via VPN, we pass the same DNS server. ... I will work with one of this machines today and post back. ... > the users use the OWA from the Internet side? ...
    (microsoft.public.win2000.dns)
  • Re: Is this a split / shadow situation resolving non routable IPs without DNS authourity.
    ... for the clients who use the DC DNS server pair ... External is abc-company.com DNS server for abc-company.com is in our DMZ as well as that web host. ... (This is the single example, reality is there are multiple externals def-company.com, ghi-company.com) ... This DNS server then uses forewarders to resolve Internet ...
    (microsoft.public.win2000.dns)
  • Re: Cannot find server or DNS Error
    ... Did you have configured a forwarder on your DNS server to the ISP's DNS server? ... If your internal DNS has no connection to internet or does not know where to forward the request the name resolution stops here. ... you may need to adjust your browser settings. ...
    (microsoft.public.windows.server.dns)