Re: Reverse DNS Forwarding between 2003 Domains

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance


"Bryan" <Bryan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1FDD244E-939B-44F1-9672-C72D3FEAE47B@xxxxxxxxxxxxxxxx
Herb,

The syntax for the entry in the conditional forwarding is what was getting
me. For those that find this thread, in windows 2003, go to 'properties'
then 'Forwarders' then 'New', then in the DNS Domain section put
'1.1.1.in-addr.arpa' (your reverse lookup zone name) in.

Ok. That would be impossible to know if you understood it though so
let's do a more realistic one: 172.16.x.y

Put in 16.172.in-addr.arpa


I knew it was something stupid I was missing, but I could not find
anything
about reverse dns forwards.

That's because to DNS there is no difference between a forward and
a reverse zone.

This is something Microsoft introduced to make it "easier" on admins with
no DNS experience (like calling 'A records' 'host records', and CNAME
an ALIAS -- perfectly sensible but just something else to learn twice or
unlearn now.)

Number order for a reverse zone is reversed to NAME the zone so that
DNS recursion and delegation rules will work exactly the same for them
as they do for forward zones (made it easier on the PROGRAMMERS
of DNS and a bit harder on the Admins).

Then Microsoft created the GUI MMC and made it EASIER to enter
a reverse zone without knowing all this.

But, then in the Conditional Forwarding you are giving th actual name
of the zone so you (almost certainly) need to put it in the technically
correct (reversed) order.

To answer your question as to why do we want to do this, we have installed
detailed auditing software that tracks changes to monitored servers. We
are
using this software across multiple forests. The software requires that
reverse DNS work correctly or it generates errors.

Ok... most of the people worrying about reverse zones have no real
reason for it -- we always explain how to do them anyway but most
of the time it turns out they are worried about nothing of value.

Thank you for your help, I really appreceate it.

"Herb Martin" wrote:


"Bryan" <Bryan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A7BC55C1-30C5-4A22-A476-EFC2A971C950@xxxxxxxxxxxxxxxx
Thank you Herb,

The domains are conditionally forwarded.

I did not forward the Reverse zone. How do I do that?

Basically the same as the way you did the Conditional Forwarding
of the Forward zone. They are all just ZONES.

You could also create a locally adminstered parent range and delegate
those -- e.g., for 10--- 172.16--31--- and 192.168----

You can create secondaries or stubs too.

Got to ask: Why do you even need reverse for them?


"Herb Martin" wrote:


"Bryan" <Bryan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:71E120EB-0888-45C4-8238-02539BCF27C4@xxxxxxxxxxxxxxxx
We have two domains (DomainA.local (1.1.1.0/24) and DomainB.local
(2.2.2.0/24)) on seperate subnets. The domains are connected via a
router.
I have put forwarders in DomainA and DomainB dns servers that
forward
requests to each other.

We must presume that you mean "Conditionally Forward" to each other
as you must NEVER unconditionally forward (i.e., All other domains) to
each other -- they go into an infinite loop whenever a zone is not
held
locally.

Forwarding really has nothing to do with "different domains" in the
sense
of
the where the DNS servers BELONG -- DNS doesn't care about domain
membership nor authentication except for Secure Only Dynamic
Registration.

I successfully do a nslookup for
ServerA.DomainA.local and the servers IP address (1.1.1.10) is
returned.
I
do a nslookup on 1.1.1.10 and receive an unknown server response.
If I
do
a
nslookup 1.1.1.10 DNSserver.DomainA.local I receive the correct
response
from
the DNS server.

Did you forward the REVERSE zone (explicitly) too? (The reverse and
forward
zones are UNRELATED to each other.)

Did you include 1.1.1.0 (or whatever) zone on BOTH sets of servers
without
replicating them TOGETHER?

Once a Zone is found WITHOUT the requested record no forwarding (nor
further recursion) will be done.

Forwarding only works for zones that are MISSING from the
local/current
DNS Server.

I am sure I am missing something small and stupid but I can
not figure it out. If anyone knows what I need to do to resolve the
issue
I
would appreceate them tell me.









.

Relevant Pages

  • Re: Replication issues
    ... I wanted to say Zone Transfers not Zone Forwarding. ... AD-Integrated DNS does not do zone transfers between the ... your DNS server will bypass ...
    (microsoft.public.windows.server.active_directory)
  • Re: Replication issues
    ... I wanted to say Zone Transfers not Zone Forwarding. ... on 2 servers out of 4 DNS servers. ... DNS and 2003 DNS and how to set up Conditional Forwarding. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Error 40960
    ... Hello Shana, ... Do you have the Reverse lookup zone in DNS? ...
    (microsoft.public.windows.server.general)
  • Re: Should DCs with DNS point to self first?
    ... a secondary zone? ... Slow startups are generally cause because the AD starts before DNS, ... proper name for this - unconditional forwarding? ... You can create a reverse lookup zone in order to prevent your server ...
    (microsoft.public.windows.server.active_directory)
  • RE: Broken reverse DNS lookup which I cant fix
    ... 4015 about DNS and you cannot delete a wrong reverse zone. ... Open Active Directory Users and Computers, click View, Advanced Features. ...
    (microsoft.public.windows.server.sbs)