none
Reverse DNS smaller than /24 (v4)

    Question

  • Hey everyone, i only have a /29 range assinged to me with cname pointing to my server for ptr, i tried adding the range to reverse zone in my server, but does not update. 

    when i dig my addy i get this response

    if i dig -x 185.169.164.171 @ -my server- it works fine.

    171.164.169.185.in-addr.arpa. 7200 IN   CNAME   171.168/29.164.169.185.in-addr.a

    how do i add only the /29 to the settings apposed to the entire /24

     

    so that i can match the CNAMEs to the isp set onces 

     

    Sunday, November 7, 2010 7:25 PM

Answers

  • Hi Niklas,

    Thank you for emailing me the IPs and information. It helped to understand the scenario better.

    Just to bring anyone following this thread up to speed, the /29 zone has been properly delegated to Niklas' nameserver.

    Using nslookup, I was able to retrieve SOA info as well as other responses that indicated the zone on Niklas' nameserver is responding. Only thing I didn't find was any A records, however website access without the www worked.

    Ace

     


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Wednesday, November 10, 2010 3:07 PM
  • Summary after remoting in and creating the subnetted reverse zone:

    The key thing is setting the NS records to the nameserver that is authorative for the zone based on ARIN and remove all iterations of your own nameserver.


    Follow the syntax to create the subnetted, delegated zone by using the syntax for "Child subnetted reverse lookup zone file" in the following article. Keep in mind, this MUST be done using a Primary zone, so if it's an AD Integrated zone, you must revert it to a Primary zone so you can work on the zone files. Once you're done you can change it back to AD Integrated, if you so desire.

    How to configure a subnetted reverse lookup zone on Windows NT, Windows 2000, or Windows Server 2003
    http://support.microsoft.com/kb/174419

    • Ask ISP to delegate the subnetted zone to your nameserver
    • First create the 168_29.159.164.185.in-addr.arpa.dns zone
    • Then go into the file and change all NS iterations from your server to ns.ISP'sauthorativeServer.com.
    • Save the file
    • Then go into DNS, right click NS, choose restart.
    • Then right-click the zone, choose Reload
    • Then right-click the zone, properties, Nameserver tab, remove your own server as an NS record only keeping the authorative server.
    • Create a PTR such as 171 under the zone, and call it whatever you want, such as ace.domain.com
    • Run nslookup or DIG to test a query to 185.164.159.171 using a an external public nameserver
    • If it doesn't work, re-do your steps above. Follow the syntax EXACTLY.
    • If it does work, pour yourself a cold one.

    All is good now!

    Ace


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    • Marked as answer by Niklas M Thursday, November 18, 2010 9:37 PM
    Thursday, November 18, 2010 9:32 PM

All replies

  • Reverse zones don't have subnet masks, so they must be defined at class boundries, (i.e A, B or C class or 8, 16 or 24 bit)

    The only thing I can suggest is to create a seperate reverse zone for each IP address.

    Create a reverse zone for 171.164.169.185.in-addr.arpa, then create your reverse record in that zone.

    Monday, November 8, 2010 9:26 AM
  • Actually, you can create a subnetted reverse zone as per the instructions in this MS Article. 

    How to configure a subnetted reverse lookup zone on Windows NT, Windows 2000, or Windows Server 2003
    http://support.microsoft.com/kb/174419

     


    Visit: anITKB.com, an IT Knowledge Base.
    Monday, November 8, 2010 3:55 PM
  • Reverse zones don't have subnet masks, so they must be defined at class boundries, (i.e A, B or C class or 8, 16 or 24 bit)

    The only thing I can suggest is to create a seperate reverse zone for each IP address.

    Create a reverse zone for 171.164.169.185.in-addr.arpa, then create your reverse record in that zone.

    Thank you for your response,  when i made a revserse zone for the the initre IP it does not allow me to add records to it 

    171.159.164.185.in-addr.arpa

    IP in add PTR shwos up as 185.164.159.171. when i try to add one it says invalid IP :/

     

    @[JM] I am running 2008r2

     

     

    Monday, November 8, 2010 7:52 PM
  • Based on the article that JM posted, and that you want to register .171 in the 185.164.159.168/29 subnet, have you tried the following?

    168-29.159.164.185.in-addr.arpa

    Ace


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Tuesday, November 9, 2010 1:26 AM
  • Hey, it does indeed works if i do a 

    dig -x 185.164.159.171 @ (my nameserver)  (..170)

    but it does not work outside. 

     

    as for 168-29.159.164.185.in-addr.arpa when i add that to a new reverse loopup zone, it does not allow  me to add PTR records, keeps nagging that the ip are invalid 

    Tuesday, November 9, 2010 2:55 AM
  • Hey, it does indeed works if i do a 

    dig -x 185.164.159.171 @ (my nameserver)  (..170)

    but it does not work outside. 

    If you mean from the internet, the ISP that owns the IP block must delegate the subnet to your nameservers in order for you to host and be authorative for the reverse zone.

    I tried to find out who the IP address owner is, however iit appears that 185.164.159.171 is actually an IANA Reserved IP block, as the following link indicated:

    IP Lookup: 185.164.159.171
    http://ip-address-lookup-v4.com/lookup.php?ip=185.164.159.171

    Are your intentions to host and your nameservers become authorative for your public IP range?

     

    as for 168-29.159.164.185.in-addr.arpa when i add that to a new reverse loopup zone, it does not allow  me to add PTR records, keeps nagging that the ip are invalid 

    What IP address are you trying to add to the zone? Is it within that subnet?

     


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Tuesday, November 9, 2010 4:55 AM
  • The IP comes up as IANA resverd bez i did some changes to it before posting. since the real one gives out my full name and adress.  

    I can pm you the right adresse if you want.

    its  PA-Assigment from my ISP, Which has inturn setup cname on everyone of them to point to me.

     

     168/29          IN      NS      ns.mydomain.com.
     169             IN      CNAME   169.168/29
     170             IN      CNAME   170.168/29
     171             IN      CNAME   171.168/29
     172             IN      CNAME   172.168/29
     173             IN      CNAME   173.168/29
     174             IN      CNAME   174.168/29
     175    IN      CNAME  175.168/29

     

    Tuesday, November 9, 2010 10:35 AM
  • I don't believe that CNAMES will do the trick that you want. If you want your DNS server to be able to handle your reverse subnet, the ISP needs to delegate the subnet zone to you so you host the Primary zone on your hostname server. Keep in mind, to host forward or reverse zones, you will need two hostname servers per the registrar rules.

    I did this years ago when I had a full /24 subnet on a T1 line. I had two hostname servers hosting numerous domain names for my customers. I asked and was granted delegation of the /24 subnet to my two hostname servers. This way I can create and manipulate the reverse names as I pleased.

    I haven't yet heard of creating a CNAME to point to another IP, but I guess that's one solution, however, when someone on the internet runs a DIG or nslookup on the IP querying for the name servers, it won't (assuming this is how it was setup) won't point to your two hostname servers, rather to your ISP's hostname servers.

    Yes, please do PM me with the actual IP addresses. I am curious how the ISP has set it up.

    Ace


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Tuesday, November 9, 2010 9:30 PM
  • No, CNAME is the correct selution

     

    http://www.ripe.net/info/faq/rs/reverse.html

     

    sent email to the one on your site hotmail.com 

     

     

    My ipv6 range works fine thats a full /48
    Wednesday, November 10, 2010 9:07 AM
  • Hi Niklas,

    Thank you for emailing me the IPs and information. It helped to understand the scenario better.

    Just to bring anyone following this thread up to speed, the /29 zone has been properly delegated to Niklas' nameserver.

    Using nslookup, I was able to retrieve SOA info as well as other responses that indicated the zone on Niklas' nameserver is responding. Only thing I didn't find was any A records, however website access without the www worked.

    Ace

     


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Wednesday, November 10, 2010 3:07 PM
  • I added a and aaaa record to www now.

    Wednesday, November 10, 2010 3:45 PM
  • Summary after remoting in and creating the subnetted reverse zone:

    The key thing is setting the NS records to the nameserver that is authorative for the zone based on ARIN and remove all iterations of your own nameserver.


    Follow the syntax to create the subnetted, delegated zone by using the syntax for "Child subnetted reverse lookup zone file" in the following article. Keep in mind, this MUST be done using a Primary zone, so if it's an AD Integrated zone, you must revert it to a Primary zone so you can work on the zone files. Once you're done you can change it back to AD Integrated, if you so desire.

    How to configure a subnetted reverse lookup zone on Windows NT, Windows 2000, or Windows Server 2003
    http://support.microsoft.com/kb/174419

    • Ask ISP to delegate the subnetted zone to your nameserver
    • First create the 168_29.159.164.185.in-addr.arpa.dns zone
    • Then go into the file and change all NS iterations from your server to ns.ISP'sauthorativeServer.com.
    • Save the file
    • Then go into DNS, right click NS, choose restart.
    • Then right-click the zone, choose Reload
    • Then right-click the zone, properties, Nameserver tab, remove your own server as an NS record only keeping the authorative server.
    • Create a PTR such as 171 under the zone, and call it whatever you want, such as ace.domain.com
    • Run nslookup or DIG to test a query to 185.164.159.171 using a an external public nameserver
    • If it doesn't work, re-do your steps above. Follow the syntax EXACTLY.
    • If it does work, pour yourself a cold one.

    All is good now!

    Ace


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    • Marked as answer by Niklas M Thursday, November 18, 2010 9:37 PM
    Thursday, November 18, 2010 9:32 PM
  • Hello,

     I know this is an old thread, but Im facing the same issue(my dns experience is limited), we had our own hosted dns servers, with delegated public ip's from ATT, and somehow when I upgraded my DC's to server 2012 from 2008, the dns reverse zone for my public ip's became messed up, they were showing ???.in-addr.arpa instead of the fqdn for it reverse zone and I couldn't add anymore entries in it as I get the invalid ip error.

    I followed the instructions above but the fqdn box when adding an entry shows ???, Has anyone on 2012 r2 got this working for partial classless ip's, thanks in advanced.

    ps- wanted to add my ip block has a /27 mask bit

    carlo


    • Edited by carlod-it Saturday, February 13, 2016 5:52 PM
    Saturday, February 13, 2016 5:46 PM
  • You can't use the MMC to add PTRs to a classless zone.  The MMC won't understand the format.

    You can use PowerShell, however.

    Add-DnsServerResourceRecordPtr -Name 105 -ZoneName 104-111.172.191.10.in-addr.arpa -PtrDomainName bar.com

    Wednesday, September 5, 2018 10:47 PM
  • So, just to recap what's needed here to get classless delegation working:

    On the server that is primary for the class C:

    1. Create a delegation inside the class C for the classless zone. Use whatever format you decide to use for the classless zone. I recommend using dashes instead of underscores or slashes, but it's up to you.  It actually doesn't matter what you name it. You could call it 12345 if you want, but this wouldn't be very easy to use for tracking purposes.

    Let's say that server1 is the primary for the class C and server2 is where I want to delegate a /29 out of that class C. Let's say it's the first /29 in the class C so that's IP addresses ending in 0-7. I would just name this child zone "0-7." The delegation would be:

    0-7 NS server2

    You can use the MMC to create this, or PowerShell. The FQDN for 0-7 will be 0-7 plus the FQDN of the /24 reverse zone.

    2. Create the individual CNAMEs inside the /24 for each of the IP addresses that are delegated.  In this case you'd create eight CNAMEs: 0, 1, 2, 3, 4, 5, 6, and 7. The CNAME you create must precisely match the classless zone name you are creating on the remote DNS server. Let's assume the class C is 10.20.30.0/24

    0 CNAME 0.0-7.30.20.10.in-addr.arpa.

    1 CNAME 1.0-7.30.20.10.in-addr.arpa.

    2 CNAME 2.0-7.30.20.10.in-addr.arpa.

    ...and so on. You are all done on the primary DNS server (server1).  This is the stuff that an ISP will have to do for you if they are delegating to you.  They might have a standard naming format for the reverse zone, in which case you'll need to get that name from them.

    -------

    On the other server to which you've delegated the /29 (server2):

    1. Create a primary reverse DNS zone with the name you've chosen (or been given). In this example the name is 0-7.30.20.10.in-addr.arpa.

    2. Add individual PTRs inside the zone. You can't use the MMC for this, but you can use PowerShell.

    Add-DnsServerResoureRecordPtr -Name 0 -ZoneName 0-7.30.20.10.in-addr.arpa -PtrDomainName foo.com

    Add-DnsServerResoureRecordPtr -Name 1 -ZoneName 0-7.30.20.10.in-addr.arpa -PtrDomainName bar.com

    Add-DnsServerResoureRecordPtr -Name 2 -ZoneName 0-7.30.20.10.in-addr.arpa -PtrDomainName foobar.com

    ...and so on.

    That's it!





    Wednesday, September 5, 2018 11:03 PM