Re: Deploy Design Question
From: Kevin D. Goodknecht Sr. [MVP] (admin_at_nospam.WFTX.US)
Date: 07/02/04
- Next message: Kevin D. Goodknecht Sr. [MVP]: "Re: DNS AD replication"
- Previous message: Sharad Naik: "Re: How to add a second ip address in dns for a website (nslookup)"
- In reply to: April: "Re: Deploy Design Question"
- Next in thread: Ace Fekay [MVP]: "Re: Deploy Design Question"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 2 Jul 2004 04:48:45 -0500
In news:24aee01c45fe6$51aa0430$a301280a@phx.gbl,
April <anonymous@discussions.microsoft.com> posted a question
Then Kevin replied below:
> Is this true? What does the event description say?
Actually, there are two events 40960 and 40961 it is not per se' because it
is trying to do a reverse lookup. Win2k3 cannot make a secure connection to
the DNS or LDAP server noted in the event. It simply is letting you know
that a secure connection cannot be made.
It does not mean that it needs a reverse lookup zone or PTR it just wants to
make a secure connection to the server so it can register its addresses.
> The reverse records, are needed for mail servers and
> other apps to verify the authenticity of the requesting
> names...so they have their merit to exist.
Yes some mail servers do make a reverse lookup on the IP of the connecting
server. But beware, in the case of public IP addresses, just because you
created a reverse lookup zone on your DNS server does not mean it will get
used. Just like any other DNS name, and it is a name, it must be delegated
to the DNS server it is on before other DNS servers will know it exists.
In fact an improper reverse lookup zone on a DNS server that is directly
being used by your mail server can do more harm than good because the zone
covers more IP addresses than it is Authoritative for. This may cause your
mail server to reject mail based on the lack of a proper PTR because it is
looking at the wrong DNS. It is very important that any reverse lookup for a
public IP address you create be delegated to you and that you create it
exactly as it is delegated to you.
You usually cannot create a public reverse zone as you would a private
reverse zone. You can create a reverse lookup for a private zone that covers
an entire subnet such as 192.168.in-addr.arpa. If you do that for a public
IP /29 subnet the zone covers 65534 IP addresses when you only own 8 and can
only use 5.
-- Best regards, Kevin D4 Dad Goodknecht Sr. [MVP] Hope This Helps ============================ -- When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue. To respond directly to me remove the nospam. from my email. ========================================== http://www.lonestaramerica.com/ ========================================== Use Outlook Express?... Get OE_Quotefix: It will strip signature out and more http://home.in.tum.de/~jain/software/oe-quotefix/ ========================================== Keep a back up of your OE settings and folders with OEBackup: http://www.oehelp.com/OEBackup/Default.aspx ==========================================
- Next message: Kevin D. Goodknecht Sr. [MVP]: "Re: DNS AD replication"
- Previous message: Sharad Naik: "Re: How to add a second ip address in dns for a website (nslookup)"
- In reply to: April: "Re: Deploy Design Question"
- Next in thread: Ace Fekay [MVP]: "Re: Deploy Design Question"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
