none
Reverse Lookup in Cross-forest Scenario RRS feed

  • Question

  • Hi Guys

    We have two separate Windows 2003 / 2008 forests (a.com and b.com). All the domain controllers in both forests are DNS servers. Forward lookup and reverse lookups work within each forest and we have name resolution setup between the forests using forwarders. Forward resolution works between the forest, however, when we perform reverse lookup from forest A to forest B, it fails saying "Server can't find X.X.X.X: Non-existent domain"

    The reverse lookup zones in both the forests are "10.in-addr.arpa", so we can't create duplicate one in any of the forest.

    The problem is that we have Linux based backup server in A.com forest that is trying to reach Windows servers in B.com it says "Reverse DNS lookup failed for Server01.b.com".

    What are the options here to enable reverse name resolution between two forests.

    Thanks

    Taranjeet Singh


    zamn

    Thursday, December 22, 2016 10:44 AM

All replies

  • use a conditional forwarder to pass specific zone queries to specific DNS servers
    • Edited by Jon.Knight Thursday, December 22, 2016 11:35 AM
    Thursday, December 22, 2016 11:35 AM
  • Hi Jon

    As I already said, forwarding is already employed to enable forward name resolution between forest and that's working perfectly. It's the reverse lookup that's not happening.

    Thanks

    Taranjeet Singh


    zamn

    Thursday, December 22, 2016 11:58 AM
  • reverse lookup is just a zone like all the others, try putting the IP as the conditional zone name and the conditional forwarder is the IP of DNS zerver who hosts the real PTR zone.

    e.g. 30.20.10.in-addr.arpa

    • Edited by Jon.Knight Thursday, December 22, 2016 12:07 PM
    Thursday, December 22, 2016 12:06 PM
  • The reverse lookup zones in both the forests are "10.in-addr.arpa", so we can't create duplicate one in any of the forest.

    So my question is, how do we achieve it if at all needed. I'm sure mine is not a unique case and others in community might have seen/dealt that.

    Thanks

    Taranjeet Singh


    zamn


    Thursday, December 22, 2016 12:12 PM
  • dont be so lazy and put such a wide reverse zone, both sites cant have that wide range subnet on them?

    be specific on each AD site with the reverse zones.

    Thursday, December 22, 2016 1:31 PM
  • It's not the question of being lazy, the environment exists from a long time (build by someone else) and both the forests were build at different times with not a view of having inter-relationship between them.

    Thanks

    Taranjeet Singh


    zamn

    Friday, December 23, 2016 8:27 AM
  • delete the reverse zones on each side and recreate using more accurate, smaller subnets, and create forwarders.
    Friday, December 23, 2016 9:56 AM