none
Best Practise Reverse DNS Configuration for Subnetted Environment RRS feed

  • Question

  • Hi,

    I believe it's best practise to add a reverse DNS lookup zone for every subnet but since there is no way to define the size of the subnet when creating a reverse lookup zone I am left wondering what the point is and why I shouldn't create a single zone for my entire environment?  I can see 3 possible ways to create the zone; either:

    • Create a single 10.in-addr-.arpa zone, which would cover all subnets
    • Since Windows server doesn't ask for a subnet mask it clearly doesn't care how the given address has been subnetted, so this to me is the most logical solution
    • Create zones 10.1.in-addr.arpa, 10.2... 10.3... 10.4... and so on
    • This would reflect the zones as they exist in AD Sites & Services
    • Create zones 10.1.1.in-addr.arpa, 10.1.2... 10.1.3... 10.1.4... and so on
    • This would reflect how the subnets are actually being used in the environment

    What would be the best approach, or is it just down to how one would like to manage DNS?

    Regards,

    Robert

    Monday, January 18, 2016 12:51 PM

Answers

  • I always create reverse lookup zones for all possible private IPs. Unless you have a requirement to exclude some ranges from registering, I do not see a need to proceed differently.

    This posting is provided AS IS with no warranties or guarantees , and confers no rights.

    Ahmed MALEK

    My Website Link

    My Linkedin Profile

    My MVP Profile

    • Marked as answer by kidtrebor Tuesday, January 19, 2016 3:22 PM
    Monday, January 18, 2016 11:30 PM
  • Hi Robert,

    DNS client Dynamic Update process will dynamically create PTR record.

    For more information, click this link:

    https://technet.microsoft.com/en-us/library/cc771255.aspx

    Best Regards,

    Leo


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    • Marked as answer by kidtrebor Wednesday, January 20, 2016 8:36 AM
    Wednesday, January 20, 2016 6:18 AM
    Moderator

All replies

  • I always create reverse lookup zones for all possible private IPs. Unless you have a requirement to exclude some ranges from registering, I do not see a need to proceed differently.

    This posting is provided AS IS with no warranties or guarantees , and confers no rights.

    Ahmed MALEK

    My Website Link

    My Linkedin Profile

    My MVP Profile

    • Marked as answer by kidtrebor Tuesday, January 19, 2016 3:22 PM
    Monday, January 18, 2016 11:30 PM
  • Hi Robert,

    I agree with Mr X, keep all IP addresses to one zone unless you have additional requirements.

    DNS provides a reverse lookup process, in which clients use a known IP address and look up a computer name based on its address. This process is not related to subnetting.

    For more information about DNS Reverse Lookup, you may check the following link:

    https://technet.microsoft.com/en-us/library/cc730980.aspx

    Best Regards,

    Leo


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Tuesday, January 19, 2016 6:54 AM
    Moderator
  • Thanks this is what I thought, I just got a bit confused by a few comments I read mentioning one must specify separate lookup zones even when using classless addressing.  Thank you!

    Regards,

    Robert

    Tuesday, January 19, 2016 3:22 PM
  • Just one more thing - is there any reason to create static PTR records or will the zone populate automatically?  What's the trigger for a dynamic PTR to be created, by the way?

    Regards,

    Robert

    Tuesday, January 19, 2016 3:34 PM
  • Hi Robert,

    DNS client Dynamic Update process will dynamically create PTR record.

    For more information, click this link:

    https://technet.microsoft.com/en-us/library/cc771255.aspx

    Best Regards,

    Leo


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    • Marked as answer by kidtrebor Wednesday, January 20, 2016 8:36 AM
    Wednesday, January 20, 2016 6:18 AM
    Moderator
  • Hi Kidtrebor,

    I am looking into the same as you and after reading this https://tools.ietf.org/html/rfc6303 i think i will create reverse lookup zones like stated in that link under section 4.1

    4.1.  RFC 1918 Zones

       The following zones correspond to the IPv4 address space reserved in
       [RFC1918].

    +----------------------+
     | Zone                 |
     +----------------------+
     | 10.IN-ADDR.ARPA      |
     | 16.172.IN-ADDR.ARPA  |
     | 17.172.IN-ADDR.ARPA  |
     | 18.172.IN-ADDR.ARPA  |
     | 19.172.IN-ADDR.ARPA  |
     | 20.172.IN-ADDR.ARPA  |
     | 21.172.IN-ADDR.ARPA  |
     | 22.172.IN-ADDR.ARPA  |
     | 23.172.IN-ADDR.ARPA  |
     | 24.172.IN-ADDR.ARPA  |
     | 25.172.IN-ADDR.ARPA  |
     | 26.172.IN-ADDR.ARPA  |
     | 27.172.IN-ADDR.ARPA  |
     | 28.172.IN-ADDR.ARPA  |
     | 29.172.IN-ADDR.ARPA  |
     | 30.172.IN-ADDR.ARPA  |
     | 31.172.IN-ADDR.ARPA  |
     | 168.192.IN-ADDR.ARPA |
     +----------------------+

    Thursday, December 22, 2016 10:30 PM