none
Reverse DNS with 2 domains in forest RRS feed

  • Question

  • Hi everyone,

    I have a parent domain (abc.local) and a child domain (dev.abc.local) in the same forest.  The child domain is a development domain which is a loose duplicate of the parent domain used for testing purposes.  Parent domain has 2 DNS servers and child domain has 2 DNS servers, each authoritative for its own domain.  All DNS zones are AD integrated and we have one server subnet (172.16.0.0/16).  The child domain DNS servers forward to the parent domain DNS servers and there is a forward stub zone (dev.abc.local) on the parent domain DNS servers.

    Right now, the parent domain DNS servers are authoritative for all reverse zones.  When a static DNS entry is added in the child domain, I get the error "The associated pointer (PTR) record cannot be created, probably because the referenced reverse lookup zone cannot be found".  If I execute a "ipconfig /registerdns" for a computer in the child domain, a forward record is registered, but the reverse is not.  There are no errors in the event log.   I tried adding a reverse stud zone for 16.172.in-addra.arpa in the child domain but this does not resolve the problem.

    How do I get reverse records to work in the child domain?  What is the best practice for this setup?  Do I need a different subnet for the 2 domains so that the child domain can be authoritative for its own reverse zone?

    Thanks in advance.

    Wednesday, February 3, 2016 10:47 PM

Answers

  • Hi lifeisahighway,

           I have done some tests with your enviroment in my lab.

         >>error "The associated pointer (PTR) record cannot be created, probably because the referenced reverse lookup zone cannot be found". 

          I only got this error when I don’t create the Reverse Zone for  my child domain’s DNS server, please check  the Reverse Zone is available .

     

       >>How do I get reverse records to work in the child domain? 

          Since your DNS zones are AD integrated, please check the Dynamic updates option in your child domain’s Reverse zone. In my test ,if it is set to NONE, the RR could not be registered.

     

       >>What is the best practice for this setup? 

         

            Generally, in this parent/child DNS structure, on the DNS servers which are lower in the hierarchy, configure the higher DNS servers as forwarders to ensure that all internal queries, including reverse zones, are resolved.

            You would handle the delegation of DNS zone.  The delegation is created on the "parent" DNS server pointing the zone to the location of the DNS servers in the child domain that will host the zone.

            Related resource for your reference:

           https://support.microsoft.com/en-us/kb/255248

     

    >>Do I need a different subnet for the 2 domains so that the child domain can be authoritative for its own reverse zone?

         I just use one subnet in my lab for 2 domains, it’s ok ,or you have additional requires.

     

      Best Regards,

    Cartman


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, February 4, 2016 8:11 AM

All replies

  • Hi lifeisahighway,

           I have done some tests with your enviroment in my lab.

         >>error "The associated pointer (PTR) record cannot be created, probably because the referenced reverse lookup zone cannot be found". 

          I only got this error when I don’t create the Reverse Zone for  my child domain’s DNS server, please check  the Reverse Zone is available .

     

       >>How do I get reverse records to work in the child domain? 

          Since your DNS zones are AD integrated, please check the Dynamic updates option in your child domain’s Reverse zone. In my test ,if it is set to NONE, the RR could not be registered.

     

       >>What is the best practice for this setup? 

         

            Generally, in this parent/child DNS structure, on the DNS servers which are lower in the hierarchy, configure the higher DNS servers as forwarders to ensure that all internal queries, including reverse zones, are resolved.

            You would handle the delegation of DNS zone.  The delegation is created on the "parent" DNS server pointing the zone to the location of the DNS servers in the child domain that will host the zone.

            Related resource for your reference:

           https://support.microsoft.com/en-us/kb/255248

     

    >>Do I need a different subnet for the 2 domains so that the child domain can be authoritative for its own reverse zone?

         I just use one subnet in my lab for 2 domains, it’s ok ,or you have additional requires.

     

      Best Regards,

    Cartman


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, February 4, 2016 8:11 AM
  • Thanks for your time and effort on this Cartman!

    1) The reverse zone (16.172.in-addra.arpa) is currently in the parent domain.  Registration works for all clients in the parent domain, but registration for the reverse zone fails for all clients in the child domain.

    2) If I were to create the same reverse zone in the child domain, there will be a duplicate zone in both domains.  Registration will work for both domains, but one domain will not be able to reverse lookup the other domain, and vice versa.  I'm pretty sure this setup is incorrect.

    3) If I were to move this reverse zone to the child domain (without adding a delegationin the parent domain), then registration will fail for all clients in the parent domain, but registration will work for all clients in the child domain.

    None of these 3 options above work.  I tested with delegating the forward zone instead of using stub zones.  The same results happened as above.  I'm still missing something here.  If there is one subnet, which DNS server should be authoritative for the reverse zone, the parent or the child?  Should I be delegating the reverse zone as well?

    Thursday, February 4, 2016 6:33 PM
  • Hi lifeisahighway,

         I tested in my lab again, Yes, I got  the same problem.

         So you could try to give them different subnet, and do a delegation from parent reverse zone to child reverse zone. I’ll test later, anything new ,I will get back to you.

    Best Regards,

    Cartman


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, February 5, 2016 6:55 AM