none
How to setup a Reverse lookup zone on windows 2008 server with IP address 65.19.134.173 and subnetmask 255.255.255.224.

    Question

  • Hi,

    I have a windows 2008 dedicated server with IP 65.19.134.173 and subnetmask 255.255.255.224. I have setup forward lookup zone successfully and now want to setup Reverse lookup zone , i am unable to find out what should be the network id. As well i want to setup the PTR records for my mail.domainname which is running on IIS with smartermail on the same server.

    Can someone guide me step by step or give me some link so i can check.

    I appreciate your help

    Thanks $ Regards

    Aksh

    Saturday, August 6, 2011 3:00 PM

Answers

  • First, this appears to be a public IP address range. Has the ISP delegated this range to YOUR DNS server? If not, it will work internally, but it will NOT work for the public side. 

    DNS delegation for a public range is the very first step to be accomplished. The registrar also requires that you ahve two DNS servers for anything that you are hosting publicly. Your two name servers must also be registered with your registrar as "hostname servers."

    Have you performed all these steps above?

    If not, it may be eaiser to request the PTR entries for your ISP to do it for you instead of having to support and administer this on your own server.

    As to how to create a subnetted reverse zone, please read my notes and the thread where this was specifically discussed with step by steps:

    As discussed in:

    Thread title: "Reverse DNS smaller than /24 (v4)"
    http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/4147e8fe-43d8-4eff-a890-a0e1e31a96ea/#bd664835-05b3-4d53-9b08-d845b177d9d2


    Creating a subnetted reverse zone:

    ====
    The key thing is setting the NS records in your zone file to the nameserver that is authorative for the zone based on ARIN and remove all iterations of your own nameserver.

    Follow the syntax to create the subnetted, delegated zone by using the syntax for "Child subnetted reverse lookup zone file" in the following article.
    Keep in mind, this MUST be done using a Primary zone, so if it's an AD Integrated zone, you must revert it to a Primary zone so you can work on the zone files. Once you're done you can change it back to AD Integrated, if you so desire.

    How to configure a subnetted reverse lookup zone on Windows NT, Windows 2000, or Windows Server 2003
    http://support.microsoft.com/kb/174419

    Ask the ISP to delegate the subnetted zone to your nameserverC
    create the 168_29.159.164.185.in-addr.arpa.dns zone
    Save it as a Standard Primary Zone (not an AD Integrated zone)
    Then go into the file (system32\dns folder), and change all NS iterations from your server to ns.ISP's authorativeServer.com.
    Save the file
    Then go into DNS, right click NS, choose restart.
    Then right-click the zone, choose Reload
    Then right-click the zone, properties, Nameserver tab, remove your own server as an NS record only keeping the authorative server.
    Create a PTR such as 171 under the zone, and call it whatever you want, such as ace.domain.com
    Run nslookup or DIG to test a query to 185.164.159.171 using a an external public nameserver.
    If it doesn't work, go through the above steps again. Follow the syntax EXACTLY.
    If it does work, pour yourself a cold one.
    ====

     

    Smarteremail:

    I'm not sure what "smarteremail" is, but I assume it's some sort of mail server such as Exchange or Lotus Notes? Whichever it is, I assume that your server is not a domain controller. If it is, and the mail server uses LDAP lookups for its own directory service database that stores the mailbox and user directory database, there will be a contention in the LDAP port.

     

    mail.domainname:

    Is your domain name actually in the form of "mail.domainname" or is it in the form of "mail.domain.com?" The format of mail.domainname will not work on the public side.

     


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Saturday, August 6, 2011 6:12 PM
  • Sorry, those numbers were from my notes when I helped someone else out.

    If you take a look at that KB article I posted, it shows the exact steps needed to create it. That's how I did it!

    Let's see if I can do it for your subnet range. I am not guaranteeing it will work, because it's also reliant on how your ISP has it delegated.

     

    Your IP subnet,  65.19.134.173 /255.255.255.224, indicates it is part of a range starting with 65.19.134.160 to 65.19.134.191, which give you 32 addresses in the range, 30 usable, assuming one is of course the router (gateway), whh makes it 29 usable IPs.

    Therefore, if this range was delegated to you, then the key IP to look at, which actually "Describes" the network IP block, is 65.19.134.160/27 or 65.19.134.160/255.255.255.224.

    Let's try this based on the above:

    Ask the ISP to delegate the subnetted zone to your nameserver hostname server
    To create the zone name, we have to based it on your subnet starting IP and the bit count.

    Your IP subnet is  65.19.134.160/27
              The starting IP of this subnet = 65.19.134.160
              The bit count of this subnet = 27
    Therefore the syntax will be:
              <SubnetStartIP>-<SubnetBits>.134.19.65-in-addr.arpa
               OR
              160-27.134.19.65.in-addr.arpa.dns zone              

    Based on that, create a zone called 160-27.134.19.65.in-addr.arpa.dns zone
    Save it as a Standard Primary Zone (not an AD Integrated zone)
    Stop the DNS Server Service.
    Then go into the file (system32\dns folder), and change all NS iterations from your server.InternalDomainName.com to ns.ISP'sAuthorativeServer.com.
    (Please read the KB article for more information on how the zone file should be configured.)
    Save the file
    Then go into DNS, right click the server name, choose Start.
    Then right-click the zone, choose Reload
    Then right-click the zone, properties, Nameserver tab, remove your own server as an NS record only keeping the authorative server.
    Create a PTR such as 173 under the zone, and call it whatever you want, such as ace.WhateveYourZoneNameIs.com
    Run nslookup or DIG to test a query to 65.19.134.173 internally and trying it using an external public nameserver.
    If it doesn't work, go through the above steps again. Follow the syntax EXACTLY.
    If it does work, pour yourself a cold one.

     

     


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Sunday, August 7, 2011 7:48 PM

All replies

  • First, this appears to be a public IP address range. Has the ISP delegated this range to YOUR DNS server? If not, it will work internally, but it will NOT work for the public side. 

    DNS delegation for a public range is the very first step to be accomplished. The registrar also requires that you ahve two DNS servers for anything that you are hosting publicly. Your two name servers must also be registered with your registrar as "hostname servers."

    Have you performed all these steps above?

    If not, it may be eaiser to request the PTR entries for your ISP to do it for you instead of having to support and administer this on your own server.

    As to how to create a subnetted reverse zone, please read my notes and the thread where this was specifically discussed with step by steps:

    As discussed in:

    Thread title: "Reverse DNS smaller than /24 (v4)"
    http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/4147e8fe-43d8-4eff-a890-a0e1e31a96ea/#bd664835-05b3-4d53-9b08-d845b177d9d2


    Creating a subnetted reverse zone:

    ====
    The key thing is setting the NS records in your zone file to the nameserver that is authorative for the zone based on ARIN and remove all iterations of your own nameserver.

    Follow the syntax to create the subnetted, delegated zone by using the syntax for "Child subnetted reverse lookup zone file" in the following article.
    Keep in mind, this MUST be done using a Primary zone, so if it's an AD Integrated zone, you must revert it to a Primary zone so you can work on the zone files. Once you're done you can change it back to AD Integrated, if you so desire.

    How to configure a subnetted reverse lookup zone on Windows NT, Windows 2000, or Windows Server 2003
    http://support.microsoft.com/kb/174419

    Ask the ISP to delegate the subnetted zone to your nameserverC
    create the 168_29.159.164.185.in-addr.arpa.dns zone
    Save it as a Standard Primary Zone (not an AD Integrated zone)
    Then go into the file (system32\dns folder), and change all NS iterations from your server to ns.ISP's authorativeServer.com.
    Save the file
    Then go into DNS, right click NS, choose restart.
    Then right-click the zone, choose Reload
    Then right-click the zone, properties, Nameserver tab, remove your own server as an NS record only keeping the authorative server.
    Create a PTR such as 171 under the zone, and call it whatever you want, such as ace.domain.com
    Run nslookup or DIG to test a query to 185.164.159.171 using a an external public nameserver.
    If it doesn't work, go through the above steps again. Follow the syntax EXACTLY.
    If it does work, pour yourself a cold one.
    ====

     

    Smarteremail:

    I'm not sure what "smarteremail" is, but I assume it's some sort of mail server such as Exchange or Lotus Notes? Whichever it is, I assume that your server is not a domain controller. If it is, and the mail server uses LDAP lookups for its own directory service database that stores the mailbox and user directory database, there will be a contention in the LDAP port.

     

    mail.domainname:

    Is your domain name actually in the form of "mail.domainname" or is it in the form of "mail.domain.com?" The format of mail.domainname will not work on the public side.

     


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Saturday, August 6, 2011 6:12 PM
  • Hello Ace,

    i am really grateful for your kind help but i want to ask one more thing.

    Yes, The ISP delegated this range to our dns server. I already created forward lookup zone and its working perfectly fine publically.

    I am using own nameservers which are  ns1.travelsmantra.info and ns2.travelsmantra.info, which are working great and these are already registered with registrar.

    As i already mentioned , i am using windows 2008 server , now where i am stuck is below:

    when i create the reverse lookup zone it asks for network id but i dont have that much idea about subnetting so i am not able to figure out about network id ?

    can you help me please what would be the network id for my IP and subnetmask : 65.19.134.173 /255.255.255.224.

    As you expalined  (168_29.159.164.185.in-addr.arpa.dns zone) , can you explain me what would be this entry for me.

     

    I will really appreciate your help

     

    Thanks $ Regards

    Aksh


    Admin_Aksh
    Sunday, August 7, 2011 1:20 PM
  • Sorry, those numbers were from my notes when I helped someone else out.

    If you take a look at that KB article I posted, it shows the exact steps needed to create it. That's how I did it!

    Let's see if I can do it for your subnet range. I am not guaranteeing it will work, because it's also reliant on how your ISP has it delegated.

     

    Your IP subnet,  65.19.134.173 /255.255.255.224, indicates it is part of a range starting with 65.19.134.160 to 65.19.134.191, which give you 32 addresses in the range, 30 usable, assuming one is of course the router (gateway), whh makes it 29 usable IPs.

    Therefore, if this range was delegated to you, then the key IP to look at, which actually "Describes" the network IP block, is 65.19.134.160/27 or 65.19.134.160/255.255.255.224.

    Let's try this based on the above:

    Ask the ISP to delegate the subnetted zone to your nameserver hostname server
    To create the zone name, we have to based it on your subnet starting IP and the bit count.

    Your IP subnet is  65.19.134.160/27
              The starting IP of this subnet = 65.19.134.160
              The bit count of this subnet = 27
    Therefore the syntax will be:
              <SubnetStartIP>-<SubnetBits>.134.19.65-in-addr.arpa
               OR
              160-27.134.19.65.in-addr.arpa.dns zone              

    Based on that, create a zone called 160-27.134.19.65.in-addr.arpa.dns zone
    Save it as a Standard Primary Zone (not an AD Integrated zone)
    Stop the DNS Server Service.
    Then go into the file (system32\dns folder), and change all NS iterations from your server.InternalDomainName.com to ns.ISP'sAuthorativeServer.com.
    (Please read the KB article for more information on how the zone file should be configured.)
    Save the file
    Then go into DNS, right click the server name, choose Start.
    Then right-click the zone, choose Reload
    Then right-click the zone, properties, Nameserver tab, remove your own server as an NS record only keeping the authorative server.
    Create a PTR such as 173 under the zone, and call it whatever you want, such as ace.WhateveYourZoneNameIs.com
    Run nslookup or DIG to test a query to 65.19.134.173 internally and trying it using an external public nameserver.
    If it doesn't work, go through the above steps again. Follow the syntax EXACTLY.
    If it does work, pour yourself a cold one.

     

     


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Sunday, August 7, 2011 7:48 PM