Re: Reverse Lookup Zones - Multiple Subnets/Multiple DNS Servers

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Herb Martin (news_at_LearnQuick.com)
Date: 06/14/04 

Date: Mon, 14 Jun 2004 15:42:38 -0500

"Shahir A. Ahang" <thisisbs.saa@thisisbsintrinsic.thisisbsnet> wrote in
message news:uphGw6jUEHA.1952@TK2MSFTNGP12.phx.gbl...
> All,
>
> I am trying to figure out the best way to implement reverse lookup zones
for
> an organization that has many different IP subnets across multiple sites
and
> multiple DNS servers. In this environment:

Best is a VERY relative term.

> -There 2 Windows 2000 AD domains which are child domains of an empty
forest
> root
> -Each site contains a domain controller with AD integrated DNS which hosts
> the zone corresponding to the AD Domain
> -In the central location, there are 2 DNS servers, Primary and a Secondary
> which hosts about 30 forward lookup zones
> -All clients at each site point to their respected AD domain controller
for
> DNS resolution
> -All AD domain controllers use Forwarders to forward to the Primary and
> Secondary DNS servers at the central site

In some sense, your REVERSE issues are unrelated to the above --
but it does allow for guessing where you will put your reverse zones.

Reverse and Forward zones are TECHNICALLY unrelated to each other;
DNS doesn't care -- only humans notice that "most machines" in a domain
happen to have addresses from the same range of addresses but that is
NOT a "rule."

> -The subnets consist of 192.168.x, 10.x.x, as well as some public ranges
> being used internally

That complicates things unless the PUBLIC ranges are properly delegated
or you can otherwise resolve the reverse entries.

One also presumes that you intend this to work with "Dynamic reverse zones".
If not, it gets easier -- just create the required zones "at HQ" and have
secondaries at all the other sites.

If not, then you have to figure out the best placement for the "Primary"
DNS servers (or AD integrated DCs) that will be allowing updates.

Obviously, if all machines using 192.168.0.0 are at one site (or even
192.168.128.0 and below then you would likely create the corresponding
zone and make it dynamic THERE. On the other DNS servers you either
hold a "secondary" for this zone, or you arrange the delegation from the
"top down" just as you would for the forward zones but using the
convention for naming reverse zones instead.

> Currently, if I point a client to any DNS server in the environment, I can
> resolve Forward queries the exact same way getting the same result. My
goal
> is to be able to do the same with Reverse queries.
>
> -What is the best way to implement this?
> -Would each domain controller host the reverse lookup zones for each
subnet
> for the site?

Sounds reasonable.

> If so, how will clients from other sites resolve Reverse
> queries corresponding to this site?

Either by "delegation" or by holding "secondaries" (Stubs are also
a possibility with Win2003 but let's not complicate the discussion yet.)

Delegation works WHEN/IF your DNS servers can all reach a "common
parent" (the root, or some internal common parent as you have them
forwarding now) and then that common parent has the delegation back to
ALL the children.

It sounds like you have this for Forward zones -- one choice is to do the
same for the reverse.

Probably best in your case.

The other choice is to just make sure that every DNS server has a
SECONDARY for all zones which is doesn't otherwise hold -- this
gets messy as the number of zones increases but it works for a few.

> -Would the 10.in-addr.arpa, 168.192.in-addr.arpa, etc. reside on the
Primary
> and Secondary DNS servers at the central location and delegate each
portion
> of the address space (reverse name space I guess??) to the domain
> controllers in each site? In this case, will utilizing Forwarders work
the
> same way for reverse lookup zones as it does for forward lookup zones?

Yes.

> Thanks in advance for any information.
>
> Shahir Ahang
>
>

Relevant Pages

  • Re: Trust Relationship Between 2 Domains
    ... My apologies the DNS servers are Domain Controllers. ... If your using Active Directory Integrated zones, ... The Forward Lookup zones for the DC in domain A has the replication ... I suggest you to reset computer account. ...
    (microsoft.public.windows.server.migration)
  • Re: No Reverse Lookup
    ... > I have a class C address block assigned to me from my ISP. ... >> In general, the Reverse lookup zones belong to the ISPs, ... FROM parent REVERSE zone to YOUR reverse DNS ... > I like the flexibility of having my DNS server under my control. ...
    (microsoft.public.windows.server.dns)
  • Re: Reverse Lookup Zones - Multiple Subnets/Multiple DNS Servers
    ... > but it does allow for guessing where you will put your reverse zones. ... > DNS servers that will be allowing updates. ... > forwarding now) and then that common parent has the delegation back to ...
    (microsoft.public.windows.server.dns)
  • Re: Public DNS server
    ... When you say enter the hostname of the DNS server with the registar do you ... Right click on 'Forward Lookup Zones' select 'New Zone' and click Next ... I would like some advice on hosting my own Public DNS servers. ...
    (microsoft.public.windows.server.dns)
  • Re: DCDIAG DNS Failure
    ... Adding a ptr record for the loopback address in the reverse lookup zone. ... Having the DNS server point to the loopback address instead of hard ... I cleaned up the extra zones referring to the loopback address ... Without advance view I have 4 forward lookup zones and 7 ...
    (microsoft.public.windows.server.dns)