none
Missing Reverse Lookup in DNS

    Question

  • The problem server is running Windows Serve 2003 R2 Standard x64, Service Pack 2.  

    It has the following roles: File Server, Domain Controller, DNS Server and DHCP Server.  

    A scope was created in DHCP with a start IP of 10.82.188.1, end IP of 10.82.188.250 and subnet 255.255.254.0 (length 23).

    The end should not have been 10.82.188.250 but rather 10.82.189.254.  The end IP has now been corrected in the DHCP scope but there are no entries in the Reverse Lookup Zone for 10.82.189.x, not even a folder for 189 in the tree.

    What must be done to create the Reverse Lookukp Zones in DNS?  

     

     

    Friday, March 18, 2011 2:23 PM

Answers

  • I discovered that our firewall (hardware) had decided to start giving out IPs via DHCP.  Since the IPs were coming from the firewall and no the DHCP server there were no entries in DCHP.  Disabling DHCP on the firewall fixed my issues. 

     

    Now to figure out why DHCP was enabled on the Firewall . . . .

     

    Thanks everyone for the assistance. 


    ~JuniorG33k "Why is this thus? What is the reason for this thusness?"
    • Marked as answer by JuniorG33k Monday, March 21, 2011 4:21 PM
    Monday, March 21, 2011 4:20 PM

All replies

  • To create a reverse lookup zone in DNS, refer to this Microsoft article:

    http://support.microsoft.com/kb/323445/en

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

    Friday, March 18, 2011 2:45 PM
  • Thanks for the reply Mr X.  

    The revers lookup zone already exists but it is not complete.  In the DNS console the Reverse Lookup Zones looks like this:

    ------------------------------

    Reverse Lookup Zones

    [+]192.168.1.x Subnet

    [+]10.x.x.x. Subnet

    [+]152

    [-]82

    -187

    -188

    -------------------------------

    Under 82 there should also be 189.  The article you linked has a section called "How to Modify the Reverse Lookup Zone Properties" but it does not seem to contain any information that will help me right now.

     

    Or are you saying it is necessary to create a new Zone since the DHCP scope has been modified? 


    ~JuniorG33k "Why is this thus? What is the reason for this thusness?"
    Friday, March 18, 2011 3:43 PM
  • I gave you the link that desribe how to create reverse lookup zones and how to modify their properties to check if you have configued your DNS zones correctly.

    Could you please explain more that you have exactely as config because I have not understood well what you have already performed?

    As you see, you have created your reverse lookup zone and you don't have existing records on it.

    Please make sure that your client computers are using your DNS server as primary DNS server and then run ipconfig /registerdns on them and check if PTR records had been recorded.


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

    Friday, March 18, 2011 4:03 PM
  • Hello JuniorG33K,

    I agree with Mr X that we'll need additional information. My initial feeling is that machines are not possibly only  using the internal DNS server addresses configured in their NICs.

    Please post an ipconfig /all of a sample machine that should have registered.

    As an FYI, the basic rules of DNS Dynamic Registration are as follows:

    • By default, a Windows 2000 and newer statically configured machines will register their A record (hostname) and PTR (reverse entry) into DNS.
    • If set to DHCP, a Windows 2000 or newer machine will request DHCP to allow the machine itself to register its own A record, but DHCP will register its PTR (reverse entry) record.

    Therefore, it depends on your configuration if it is working properly or not. The additional info you provide will help us evaluate it further. In the meantime, please read the following for more specific information on how the whole thing works and options to optimize it.

    DHCP, Dynamic DNS Updates, Scavenging, static entries & timestamps, and the DnsProxyUpdate Group (How to remove and prevent future duplicate DNS host records)
    http://msmvps.com/blogs/acefekay/archive/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group.aspx

     

    Ace


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Friday, March 18, 2011 4:59 PM
  • I discovered that our firewall (hardware) had decided to start giving out IPs via DHCP.  Since the IPs were coming from the firewall and no the DHCP server there were no entries in DCHP.  Disabling DHCP on the firewall fixed my issues. 

     

    Now to figure out why DHCP was enabled on the Firewall . . . .

     

    Thanks everyone for the assistance. 


    ~JuniorG33k "Why is this thus? What is the reason for this thusness?"
    • Marked as answer by JuniorG33k Monday, March 21, 2011 4:21 PM
    Monday, March 21, 2011 4:20 PM
  • I'm glad to hear you nailed down the problem. That is a good question why it would be enabled on the firewall. Usually that's one of the first things we do is to disable it on the firewall.

    I hope you can find out why to prevent if from occuring again!

    Cheers!

    Ace


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Monday, March 21, 2011 5:20 PM