none
Reverse zone delegation RRS feed

  • Question

  • Hi

    I am delegating 172.16.3.x subnet to another linux server. The idea is that the other server administrator will manage the reverse lookup for this subnet.

    I followed the following setups but somehow my primary dns is not resolving a PTR record hosted on the other server.

    I have created a reverse zone on my windows DNS 172.16.3.x subnet

    Then I right click on it and selected the option New Delegation.

    Delegation domain: Test

    so I become: test.3.16.172.in-addr.arpa

    In Name server option: I wrote FQDN of the other host i.e testdns.abc.com

    IP Address: 10.1.1.1 and pressed resolved and it can resolve.

    Now I created record on testdns.abc.com with 172.16.3.8 and try to nslookup from 10.1.1.1

    nslookup 172.16.3.8 10.1.1.1 but getting error.

    can't find 172.16.3.8: Non-existent domain

    do I need to add something more for 10.1.1.1 to resolve 172.16.3.8?

    Thanks

    Thursday, December 6, 2018 10:36 AM

Answers

  • Hi,

    I’m sorry for the inconvenience but I’ve done a lab experiment and found things wrong with test.3.16.172.in-addr.arpa. Actually it seems that it’s not configured in the right way.

    The delegation works only when the delegating zone is 16.172.in-addr.arpa and the delegated zone is 3.16.172. in-addr.arpa in my environment. Maybe you should try this.

    By the way please make sure that you’ve created the child zone before the delegation.

    You can also configure a conditional forwarder if you have trouble keeping the reverse zone 16.172.in-addr.arpa.

    Regards,

    Zoe


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by capricorn1980 Wednesday, December 19, 2018 1:23 PM
    Wednesday, December 12, 2018 7:13 AM
  • Hi,

    First I’d like to share a thread in which someone has a quite clear explanation:

    what is the difference between Delegation and Forwarding DNS?

    https://social.technet.microsoft.com/Forums/en-US/131beef7-6461-46c9-bf1a-4b9dba02a25c/what-is-the-difference-between-delegation-and-forwarding-dns?forum=winserveripamdhcpdns

     

    In a forward zone delegation, when a new zone for a subdomain (example.microsoft.com) is created, delegation from the parent zone (microsoft.com) is needed.

    Similarly, you need a parent zone 16.172.in-addr.arpa if you would like 3.16.172.in-addr.arpa to be managed.

    In this situation, as the parent zone is not available, a conditional forwarder becomes a better choice.

     

    Do I make myself clear?

     

    Regards,

    Zoe


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by capricorn1980 Thursday, February 14, 2019 8:48 AM
    Thursday, December 20, 2018 9:47 AM

All replies

  • anyone can suggest in this case?

    I am simple delegating reverse zone to another linux server and its not working.

    Friday, December 7, 2018 7:47 AM
  • Hi,

    Before we go further, I would like to confirm the following question first:

    Has the reverse zone test.3.16.172.in-addr.arpa been created on the name server testdns.abc.com before the delegation?

    Because as far as I know, all domains that appear as part of the applicable zone delegation must be created in the current zone before delegation is performed.

    For your reference:

    Understanding Zone Delegation

    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc771640(v%3dws.10)

    Create a Zone Delegation

    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753500(v%3dws.10)

    Regards,

    Zoe


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, December 7, 2018 8:58 AM
  • Hi!

    Thanks for you reply.

    Has the reverse zone test.3.16.172.in-addr.arpa been created on the name servertestdns.abc.com before the delegation?

    Yes Zone is created on name server testdns.abc.com

    Friday, December 7, 2018 9:14 AM
  • Just to confirm and make it correct.

    If I do nslookup 172.16.3.8 10.1.1.1 then it works as 10.1.1.1 is another server which I have delegated the 172.16.3.x

    It doesnt working if I do nslookup 172.16.3.8 as it try to resolve to my dns server which is 10.2.1.1.

    So reverse DNS resolution works if I try to resolve it with the server that contains the reverse zone but not working from our main server.

    Friday, December 7, 2018 9:30 AM
  • Hi,

    Would you please check on the DNS server 10.2.1.1 to make sure that the domain is properly delegated

    If it is, the delegating domain should show in gray just as in the picture below.

    Please check the NS record as well.

     

    For your reference:

    Create a Zone Delegation

    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753500(v=ws.11)

    Regards,

    Zoe


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.



    Monday, December 10, 2018 3:31 AM
  • Hi!

    Yes the delegation domain is showing as gray and when I click on test folder which is grayed then I can see on the right side 

    Name                                              Type                                              Data

    (same as parent folder)                     Name Server (NS)                          10.1.1.1

    If I right click on test folder and properties then I can see FQDN pointing to the name of 10.1.1.1 and IP address as 10.1.1.1.

    All looks good there.

    Monday, December 10, 2018 8:42 AM
  • Hi,

    Would you please try nslookup –d2 command to show the details

    Please also pay attention to your personal information while posting the result online.

    Regards,

    Zoe


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, December 11, 2018 2:42 AM
  • I have edit the data to remove my default server name.

    ------------
    SendRequest(), len 42
        HEADER:
    opcode = QUERY, id = 1, rcode = NOERROR
    header flags:  query, want recursion
    questions = 1,  answers = 0,  authority records = 0,  additional = 0

        QUESTIONS:
    1.1.2.10.in-addr.arpa, type = PTR, class = IN

    ------------
    ------------
    Got answer (75 bytes):
        HEADER:
    opcode = QUERY, id = 1, rcode = NOERROR
    header flags:  response, auth. answer, want recursion, recursion avail.
    questions = 1,  answers = 1,  authority records = 0,  additional = 0

        QUESTIONS:
    1.1.2.10.in-addr.arpa, type = PTR, class = IN
        ANSWERS:
        ->  1.1.2.10.in-addr.arpa
    type = PTR, class = IN, dlen = 21
    name = myserver.name.here
    ttl = 86400 (1 day)

    ------------
    Default Server:  myserver.name.here
    Address:  10.2.1.1


    Tuesday, December 11, 2018 8:13 AM
  • Hi,

    I’m sorry for the inconvenience but I’ve done a lab experiment and found things wrong with test.3.16.172.in-addr.arpa. Actually it seems that it’s not configured in the right way.

    The delegation works only when the delegating zone is 16.172.in-addr.arpa and the delegated zone is 3.16.172. in-addr.arpa in my environment. Maybe you should try this.

    By the way please make sure that you’ve created the child zone before the delegation.

    You can also configure a conditional forwarder if you have trouble keeping the reverse zone 16.172.in-addr.arpa.

    Regards,

    Zoe


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by capricorn1980 Wednesday, December 19, 2018 1:23 PM
    Wednesday, December 12, 2018 7:13 AM
  • Hi!

    Thanks for the update.

    I am still running win 2003 dns server and I tested the forwarder by right clicking on server and under Forwarders option and add dns domain as mentioned and then added the select domain forward IP address as the other server which is holding the zone and nslookup works. fine.

    I also found something related to this zone creation with short name. I will test that and will update.

    Which one is more better? I think delegating zone requires more work than Conditional forwarder.

    Thanks again.


    Wednesday, December 12, 2018 9:32 AM
  • Hi,

    Both conditional forwarder and DNS delegation can work as long as they are configured in the right way. You can choose as you like.

    For your reference:

    Understanding Zone Delegation

    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc771640(v=ws.11)

    Understanding Forwarders

    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc730756(v%3dws.11)

    Regards,

    Zoe


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, December 13, 2018 2:22 AM
  • Hi,

    Just checking in to see if the information provided was helpful.

    Please let us know if you would like further assistance.

    Best Regards,

    Zoe


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, December 14, 2018 7:37 AM
  • Hi,

    Was your issue resolved?

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

    If no, please reply and tell us the current situation in order to provide further help.

    Best Regards,

    Zoe


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, December 17, 2018 1:50 AM
  • Hi,

    As this thread has been quiet for a while, we will propose the solution as answer. If you need further help, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.

    BTW, we’d love to hear your feedback about the solution. By sharing your experience, you can help other community members facing similar problems. Thanks for your understanding and efforts.

    Best Regards,

    Zoe


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, December 19, 2018 5:25 AM
  • Hi!

    I setup the forwarder and it works fine. I was not able to test delegation because I have different subnets like 192.168.20.x and cannot make something on the top 192.168.x.x.

    Can you tell little more "Both conditional forwarder and DNS delegation can work as long as they are configured in the right way. You can choose as you like."

    Wednesday, December 19, 2018 1:23 PM
  • Hi,

    First I’d like to share a thread in which someone has a quite clear explanation:

    what is the difference between Delegation and Forwarding DNS?

    https://social.technet.microsoft.com/Forums/en-US/131beef7-6461-46c9-bf1a-4b9dba02a25c/what-is-the-difference-between-delegation-and-forwarding-dns?forum=winserveripamdhcpdns

     

    In a forward zone delegation, when a new zone for a subdomain (example.microsoft.com) is created, delegation from the parent zone (microsoft.com) is needed.

    Similarly, you need a parent zone 16.172.in-addr.arpa if you would like 3.16.172.in-addr.arpa to be managed.

    In this situation, as the parent zone is not available, a conditional forwarder becomes a better choice.

     

    Do I make myself clear?

     

    Regards,

    Zoe


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by capricorn1980 Thursday, February 14, 2019 8:48 AM
    Thursday, December 20, 2018 9:47 AM