none
DNS Reverse Lookup Question RRS feed

  • Question

  • We have a DNS forward lookup zone called domain.com.

    This relates to an empty Active Directory root domain called DOMAIN, but most servers/services will have a manual entry in domain.com (for legacy reasons).

    There is also a DNS forward lookup zone called corporate.domain.com which relates to an Active Directory child domain called CORPORATE. This is where most servers will actually be joined and will have dynamically registered themselves.

    So any given server will probably have an entry in both DNS domains, one manually created and the other dynamically registered.

    Then we have dedicated DNS servers used by client PCs (to take load off of DCs) which have a secondary copy of domain.com (transferred from the domain controllers in DOMAIN) and a secondary copy of corporate.domain.com (transferred from the domain controllers in CORPORATE).

    All good so far.

    However, when it comes to reverse lookup zones for DNS we run into a bit of an issue. 
    There could feasibly be a reverse look up zone containing an entry for server1.domain.com on the DOMAIN DCs, and the same zone with an entry for server1.corporate.domain.com on the CORPORATE DCs.
    The trouble is the reverse lookup zone will have the same name <reverse_ip>.in-addr.arpa, so when it comes to setting this up on the corporate DNS servers used by clients, which version of the reverse lookup should it transfer/hold?

    The domain.com tends to be the more widely used namespace, but the corporate.domain.com is where everything is dynamically created.

    Or does it not really matter? AS long as it can resolve an IP to a valid FQDN...

    Any advice/best practises would be appreciated.

    Thursday, September 6, 2018 2:49 PM

All replies

  • Hi,

    Thanks for your question.

    It does not matter because DNS server can resolve an IP to a valid domain name.

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, September 7, 2018 6:46 AM
    Moderator
  • Thanks for the response.

    So would best practise be to only set up reverse lookup zones in one of the domains?
    For instance to have all reverse lookup zones on CORPORATE DCs and none at all on DOMAIN DCs?

    Then just set up secondary copies of all the reverse lookup zones on the separate corporate DNS servers used by the clients... transferring from the CORPORATE DCs as the masters?

    Friday, September 7, 2018 12:11 PM
  • Hi,

    Thanks for your reply.

    Yes, your idea is feasible. 

    In fact, setting up a reverse lookup zone in any domain is fine.

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, September 10, 2018 1:48 AM
    Moderator
  • Hi,

    Just checking in to see if the information provided was helpful.

    Please let us know if you would like further assistance.

    Best Regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, September 21, 2018 9:22 AM
    Moderator