Discussion:
Creating a Reverse Lookup Zone for a classless subnet/domain
(too old to reply)
EPGeek
2006-06-09 20:58:02 UTC
Permalink
I just upgraded my corporate LAN from NT4 to WindowsServer Interim with
Active Directory. Everything works great, and now I'm cleaning up a few
errors/warnings and have run into a problem. When I do an NSLOOKUP the
command does return the name and IP address that I requested. However it
also informs me that the DNS server IP I'm using is an "UNKNOWN SERVER". The
irony is that it even searches correctly when I give it the name of my DNS
server, but still screams about an "UNKNOWN SERVER". When I queried the
knowledge base it indicated that I need a "reverse lookup zone" for my
domain. I use a classless subnet for my zone with a mask of 255.255.248.0 .
My domain network address is 172.16.8.0 ... My DNS server was configured on
one my domain controllers with an integrated active directory zone when I
upgraded the network. I have read KB article 174419 which claims to say how
to configure the Reverse Lookup Zone I need, but it ends up referring to
parent domains delegating zones to a child domain??? Not my situation, I
reside in a private network that does forward Internet requests to an ISP.
So how do I use the reverse lookup zone wizard in my situation?? Any help
would be greatly appreciated.
Kevin D. Goodknecht Sr. [MVP]
2006-06-10 01:58:45 UTC
Permalink
Post by EPGeek
I just upgraded my corporate LAN from NT4 to WindowsServer Interim
with Active Directory. Everything works great, and now I'm cleaning
up a few errors/warnings and have run into a problem. When I do an
NSLOOKUP the command does return the name and IP address that I
requested. However it also informs me that the DNS server IP I'm
using is an "UNKNOWN SERVER". The irony is that it even searches
correctly when I give it the name of my DNS server, but still screams
about an "UNKNOWN SERVER". When I queried the knowledge base it
indicated that I need a "reverse lookup zone" for my domain. I use a
classless subnet for my zone with a mask of 255.255.248.0 . My
domain network address is 172.16.8.0 ... My DNS server was configured
on one my domain controllers with an integrated active directory zone
when I upgraded the network. I have read KB article 174419 which
claims to say how to configure the Reverse Lookup Zone I need, but it
ends up referring to parent domains delegating zones to a child
domain??? Not my situation, I reside in a private network that does
forward Internet requests to an ISP. So how do I use the reverse
lookup zone wizard in my situation?? Any help would be greatly
appreciated.
The article you noted is for creating a subnetted reverse lookup zone where
different DNS servers are used for each subnet and the PTRs are delegated to
the different DNS servers.

If you have only one DNS server for all subnets, or one zone for all subnets
it is probably not the best to use. Then, you would just create a zone using
172.16.x.x (16.172.in-addr.arpa.) when create sub zones for each subnet. You
can also allow dynamic updates on the zone and these sub zones and PTRs will
be dynamically created.

However, if you're total network infrastructure includes your 172.16.8.0/21
and also the 172.16.0.0/21 separately then you need to follow the article.
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
EPGeek
2006-06-12 13:11:02 UTC
Permalink
Kevin, Thanks for the prompt reply. I will give this a try in the next few
days. My network infrastructure does consist only as the one subnet of
172.16.8.0 with a subnet mask of 255.255.248.0 . I tried to set up a reverse
lookup zone last week using this technique, but it did not seem to work as I
still received Unknow Server when using NSLOOKUP. However I did not
necessarily set up a proper PTR record, and perhaps I did not allow the DNS
caches to clear? Your recommendation has given me the confidence to try this
again. Thanks for your help.
Post by Kevin D. Goodknecht Sr. [MVP]
Post by EPGeek
I just upgraded my corporate LAN from NT4 to WindowsServer Interim
with Active Directory. Everything works great, and now I'm cleaning
up a few errors/warnings and have run into a problem. When I do an
NSLOOKUP the command does return the name and IP address that I
requested. However it also informs me that the DNS server IP I'm
using is an "UNKNOWN SERVER". The irony is that it even searches
correctly when I give it the name of my DNS server, but still screams
about an "UNKNOWN SERVER". When I queried the knowledge base it
indicated that I need a "reverse lookup zone" for my domain. I use a
classless subnet for my zone with a mask of 255.255.248.0 . My
domain network address is 172.16.8.0 ... My DNS server was configured
on one my domain controllers with an integrated active directory zone
when I upgraded the network. I have read KB article 174419 which
claims to say how to configure the Reverse Lookup Zone I need, but it
ends up referring to parent domains delegating zones to a child
domain??? Not my situation, I reside in a private network that does
forward Internet requests to an ISP. So how do I use the reverse
lookup zone wizard in my situation?? Any help would be greatly
appreciated.
The article you noted is for creating a subnetted reverse lookup zone where
different DNS servers are used for each subnet and the PTRs are delegated to
the different DNS servers.
If you have only one DNS server for all subnets, or one zone for all subnets
it is probably not the best to use. Then, you would just create a zone using
172.16.x.x (16.172.in-addr.arpa.) when create sub zones for each subnet. You
can also allow dynamic updates on the zone and these sub zones and PTRs will
be dynamically created.
However, if you're total network infrastructure includes your 172.16.8.0/21
and also the 172.16.0.0/21 separately then you need to follow the article.
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Kevin D. Goodknecht Sr. [MVP]
2006-06-12 13:32:45 UTC
Permalink
Post by EPGeek
Kevin, Thanks for the prompt reply. I will give this a try in the
next few days. My network infrastructure does consist only as the
one subnet of 172.16.8.0 with a subnet mask of 255.255.248.0 . I
tried to set up a reverse lookup zone last week using this technique,
but it did not seem to work as I still received Unknow Server when
using NSLOOKUP. However I did not necessarily set up a proper PTR
record, and perhaps I did not allow the DNS caches to clear? Your
recommendation has given me the confidence to try this again. Thanks
for your help.
Nslookup bypasses the DNS Client cache, and if you are querying the DNS that
has the reverse lookup zone directly it would have not had the reverse
lookup cached if the zone is properly created.
If the zone has dynamic updates allowed, running ipconfig /flushdns &
ipconfig /registerdns on the DNS server machine itself should register the
PTR if dynamic updates have not been disabled on the NIC.

246804 - How to enable or disable dynamic DNS registrations in Windows 2000
and in Windows Server 2003:
http://support.microsoft.com/default.aspx?scid=kb;en-us;246804&Product=winsvr2003
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
EPGeek
2006-06-13 21:16:02 UTC
Permalink
Kevin, I am only creating a Reverse Lookup Zone so that my NSLOOKUP commands
do not say UNKNOWN SERVER. Do I really need a "reverse lookup zone?" for
this or for anything else? Was the installation of my forward lookup zone
for Active Directory also supposed to create a Reverse Lookup Zone? or did
my "classless" subnet somehow mess things up? Also how do I create a reverse
pointer record for my NS when my subnet is 255.255.248.0 and the NS is at
172.16.8.8 The example in the KB article is for a 26 bit network mask and
would have me enter only the last octet. However my net mask is 21 and would
include more than the last octet (or not?). Sorry for all the questions, but
my research has turned up nil on classless subnet zones. I did read the KB
articles you recommended including Q253575 which says that dynamic updates
are not performed on a classless subnet reverse lookup zone, so that I must
do them manually.
Post by Kevin D. Goodknecht Sr. [MVP]
Post by EPGeek
Kevin, Thanks for the prompt reply. I will give this a try in the
next few days. My network infrastructure does consist only as the
one subnet of 172.16.8.0 with a subnet mask of 255.255.248.0 . I
tried to set up a reverse lookup zone last week using this technique,
but it did not seem to work as I still received Unknow Server when
using NSLOOKUP. However I did not necessarily set up a proper PTR
record, and perhaps I did not allow the DNS caches to clear? Your
recommendation has given me the confidence to try this again. Thanks
for your help.
Nslookup bypasses the DNS Client cache, and if you are querying the DNS that
has the reverse lookup zone directly it would have not had the reverse
lookup cached if the zone is properly created.
If the zone has dynamic updates allowed, running ipconfig /flushdns &
ipconfig /registerdns on the DNS server machine itself should register the
PTR if dynamic updates have not been disabled on the NIC.
246804 - How to enable or disable dynamic DNS registrations in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;246804&Product=winsvr2003
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Kevin D. Goodknecht Sr. [MVP]
2006-06-13 22:21:05 UTC
Permalink
Post by EPGeek
Kevin, I am only creating a Reverse Lookup Zone so that my NSLOOKUP commands
do not say UNKNOWN SERVER. Do I really need a "reverse lookup zone?"
Not really, reverse lookup zones are not required for AD communication.

for this or for anything else?
There is a couple of minor reasons for having a reverse zone, one is
nslookup, the other is to prevent your server from trying to register PTR
records in the internet blackhole DNS server, priosoner.iana.org causing
40960 and 40961 events.


Was the installation of my forward lookup zone for Active Directory also
supposed to create a Reverse Lookup Zone?

No I do not believe that creating reverse lookup zones is done by DCpromo,
unless it was added with SP1.
Post by EPGeek
or did my "classless" subnet somehow mess things up?
No, not unless you have set up reverse delegations.

Also how do I create a reverse pointer record for my NS when my subnet is
255.255.248.0 and the NS is at 172.16.8.8
The subnet mask is not relevant for creating reverse lookups zones. Create
the zone, using the wizard using 172.16 leave the last octet blank, or
create the zone named 16.172.in-addr.arpa. and allow dynamic updates.

The example in the KB article is for a 26 bit network mask and would have
me enter only the last octet.
However my net mask is 21 and would include more than the last octet (or
not?).

When you create a reverse lookup zone using this KB, you have to create two
zones, one named 16.172.in-addr.arpa. with the CNAMES and delegations in it,
and the other the zone using the delegated zone name e.g.
8/21.8.16.172.in-addr.arpa. I do not think this zone will dynamically
update.
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
EPGeek
2006-06-16 13:03:01 UTC
Permalink
Kevin, I created the Reverse Lookup Zone yesterday as network id 172.16 (a
class B address), and it worked great. I was able to force my NS to register
using IPCONFIG /registerdns , and all my XP workstations registered
themselves without prompting. I had wrongly thought that my classless subnet
would force me to build a classless reverse lookup zone, and be doomed
forever to manually updating the zone. Thankfully you corrected my thinking.
Thanks again, epgeek
Post by Kevin D. Goodknecht Sr. [MVP]
Post by EPGeek
Kevin, I am only creating a Reverse Lookup Zone so that my NSLOOKUP commands
do not say UNKNOWN SERVER. Do I really need a "reverse lookup zone?"
Not really, reverse lookup zones are not required for AD communication.
for this or for anything else?
There is a couple of minor reasons for having a reverse zone, one is
nslookup, the other is to prevent your server from trying to register PTR
records in the internet blackhole DNS server, priosoner.iana.org causing
40960 and 40961 events.
Was the installation of my forward lookup zone for Active Directory also
supposed to create a Reverse Lookup Zone?
No I do not believe that creating reverse lookup zones is done by DCpromo,
unless it was added with SP1.
Post by EPGeek
or did my "classless" subnet somehow mess things up?
No, not unless you have set up reverse delegations.
Also how do I create a reverse pointer record for my NS when my subnet is
255.255.248.0 and the NS is at 172.16.8.8
The subnet mask is not relevant for creating reverse lookups zones. Create
the zone, using the wizard using 172.16 leave the last octet blank, or
create the zone named 16.172.in-addr.arpa. and allow dynamic updates.
The example in the KB article is for a 26 bit network mask and would have
me enter only the last octet.
However my net mask is 21 and would include more than the last octet (or
not?).
When you create a reverse lookup zone using this KB, you have to create two
zones, one named 16.172.in-addr.arpa. with the CNAMES and delegations in it,
and the other the zone using the delegated zone name e.g.
8/21.8.16.172.in-addr.arpa. I do not think this zone will dynamically
update.
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Continue reading on narkive:
Search results for 'Creating a Reverse Lookup Zone for a classless subnet/domain' (Questions and Answers)
3
replies
what is DNS?what is Active Directory?what is patch file?
started 2006-10-10 03:15:22 UTC
computer networking
Loading...