none
DNS Reverse Lookup Zones

    Question

  • Hi,

    We have a Domain with Multiple Domain Controllers and all of those Servers are also holding DNS roles. It is mix of Windows 2003 and Windows 2008.

    We have several AD sites and Subnets associated to those sites. As per my understanding we need to have reverse lookup zone for every subnet we define in Active Directory.

    I have checked and found that we do not have Reverse Lookup zones created for each subnet. Is there a way to find what all Subnets do not have any Reverse Lookup zone created. There is always a way to check manually but is there any other way

    Wednesday, January 22, 2014 1:08 PM

Answers

All replies

  • You don't need any reverse zones for AD.  You should just be able to add a large supernet zone if all your forward zones fall within that set of subnets.

    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security, BS CSci
    2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
    Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
    Please no e-mails, any questions should be posted in the NewsGroup.
    This posting is provided AS IS with no warranties, and confers no rights.

    Wednesday, January 22, 2014 1:24 PM
  • Hi,

    Active Directory does not require the use of reverse lookup zones to validate clients. The primary function of AD DNS is to permit the lookup of clients, services, and the all-valuable DC GUIDs for inter-DC communication.

    Do you use reverse lookup zones?

    http://msmvps.com/blogs/dns/archive/2005/03/05/37681.aspx


    Regards,
    Rafic

    If you found this post helpful, please give it a "Helpful" vote.
    If it answered your question, remember to mark it as an "Answer".
    This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!

    Wednesday, January 22, 2014 1:33 PM
  • Its not mandatory, but its always good to create reverse lookup zones for IP to hostname resolution. AD is not dependent on reverse lookupzone, but there might be certain applications which require this feature. I guess SCCM sometimes make use of reverse lookup zone, if host to IP falls.


    Awinish Vishwakarma - MVP

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Thursday, January 23, 2014 1:20 AM
  • Hi,

    Thanks for your suggestions, I agree that AD do not require Reverse Lookup Zones but there are certain applications which make use of Reverse Lookup Zones( As Awinish also suggested). Please let me know if there is a way to find the missing zones and create those.

    Friday, January 24, 2014 12:07 PM
  • You can export the dns zones, compare them & can merge them or use dnscmd.

    http://blogs.technet.com/b/ashleymcglone/archive/2010/09/02/powershell-script-to-combine-dns-zones.aspx


    Awinish Vishwakarma - MVP

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Friday, January 24, 2014 2:09 PM