Oooof..... ROTFLMAO!
Funny - very funny!
Rick [msft]
--
Posting is provided "AS IS", and confers no rights or
warranties ...
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Phil Renouf
Sent: Friday, October 14, 2005 11:20 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Reverse DNS
Why lurk when you can participate so effectively? :)
Phil
On 10/15/05, Susan
Bradley, CPA aka Ebitz - SBS Rocks [MVP] <[EMAIL PROTECTED]> wrote:
Or get a better ISP or DNS record keeper that will allow you to do what
you need to do.
<okay okay I don't lurk well ... I know .... I know...>
Phil Renouf wrote:
> So you have a publicly accessible DNS server that you manage and is in
> your DMZ and an internally accessible DNS server that is on your
> internal network. Is that right?
>
> You have a domain on your publicly accessible DNS server for your
> public servers (web, email etc.) and currently you only have a forward
> lookup zone created on that DNS server. What you want is to be able to
> also host reverse DNS for the subnet that you were given by your ISP?
>
> If that is the case then the advice has been given; talk to your ISP
> and have them delegate that subnet to your DNS server and setup a
> reverse lookup zone on your publicly accessible DNS server. That or
> have your ISP host the reverse lookup zone, although that would
> require them to manage the entries as well.
>
> Phil
>
>
> On 10/13/05, *rubix cube* <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>
> wrote:
>
> I have 2 internal DNS's, one on the DMZ zone which hosts the
> public IPs of the servers we publish (email, website, systems,
> etc... around 15 IPs) and the other DNS which resolves only the
> internal IPs, I wanted to setup the reverse DNS and publish my
> internal DNS (the one at the DMZ) because am not sure about my
> ISP. I went through some trouble trying to create an SPF record
> with him, and I don't have any control panel or tools for my
> records on his side
>
>
> On 10/13/05, *Ed Crowley [MVP]* <[EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED] >> wrote:
>
> I can't fathom why any organization would "have to".
>
> Ed Crowley MCSE+Internet MVP
> Freelance E-Mail Philosopher
> Protecting the world from PSTs and Bricked Backups!™
>
>
> ------------------------------------------------------------------------
> *From:* [EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]> [mailto:
> [EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]>] *On Behalf Of
> *Derek Harris
> *Sent:* Wednesday, October 12, 2005 3:35 PM
>
> *To:* ActiveDir@mail.activedir.org
> <mailto:ActiveDir@mail.activedir.org>
> *Subject: *RE: [ActiveDir] Reverse DNS
>
>
> I agree with Aric's advice: don't expose your internal DNS
> server unless you "have to." Network Solutions hosts my DNS
> records, and I can manage them myself using their web-based
> tools. The only gripe I've got with them is that they won't
> host SPF records.
>
> ------------------------------------------------------------------------
> *From:* [EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED] > [mailto:
> [EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED] >] *On Behalf Of
> *Bernard, Aric
> *Sent:* Wednesday, October 12, 2005 3:08 PM
> *To:* ActiveDir@mail.activedir.org
> <mailto: ActiveDir@mail.activedir.org>
> *Subject:* RE: [ActiveDir] Reverse DNS
>
>
>
> You probably do not want to go out and expose your internal
> DNS server (presumably supporting your internal forest) to the
> Internet. Your internal DNS names and IP addresses should
> remain private, unless of course you are using public IP
> addresses internally and in such a case you would only want to
> expose those required externally.
>
>
>
> It is highly likely that your ISP already has some form of a
> reverse lookup zone in place for your subnet even if it only
> has generic records. If that is the case, I would probably go
> about just having them modify the existing zone altering the
> existing records with the proper names of your systems unless
> you cannot depend on them for timely changes (find another
> ISP) or you have a lot of PTR records that need to be
> published externally or the records you do publish will be
> fairly dynamic.
>
>
>
>
>
> Regards,
>
>
>
> Aric
>
>
>
> ------------------------------------------------------------------------
>
> *From:* [EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]>
> [mailto:[EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]>] *On Behalf Of
> *rubix cube
> *Sent:* Wednesday, October 12, 2005 1:44 PM
> *To:* ActiveDir@mail.activedir.org
> <mailto:ActiveDir@mail.activedir.org>
> *Subject:* Re: [ActiveDir] Reverse DNS
>
>
>
> Thanks all,
>
>
>
> And when I configure the DNS reverse zone on my internal DSN
> server and ask my ISP to delegate my subnet (We pay monthly
> fees for the subnet and internet access), then anything else I
> should do? to my internal DNS, should I publish my internal
> DNS? or is it enough to keep it hte same way?
>
>
>
> Also assuming that I want the ISP to configure the reverse dns
> for me, I just ask them to add a reverse DNS for my subnet?
>
>
>
> Thanks
>
> r.c.
>
>
>
>
>
> On 10/12/05, *Brian Desmond* < [EMAIL PROTECTED]
> <mailto: [EMAIL PROTECTED]>> wrote:
>
> *That's not entirely true. Your ISP will need to delegate your
> subnet(s) to your DNS servers if you want to run your own
> reverse DNS. If you own yoru subnet, you need to work with the
> registrar to get the delegation. *
>
> * *
>
> **Thanks,***
> **Brian Desmond***
>
> ** [EMAIL PROTECTED] <mailto: [EMAIL PROTECTED]>
>
>
>
> **c - 312.731.3132**
>
>
>
>
>
> ------------------------------------------------------------------------
>
> *From:* [EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED] >
> [mailto:[EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED] >] *On Behalf Of *Ed
> Crowley [MVP]
> *Sent:* Wednesday, October 12, 2005 1:02 PM
> *To:* ActiveDir@mail.activedir.org
> <mailto:ActiveDir@mail.activedir.org>
> *Subject:* RE: [ActiveDir] Reverse DNS
>
>
>
> It's likely that your ISP will have to host your Internet
> reverse zone if they own your IP addresses. Really, you're
> going to have to ask them.
>
> Ed Crowley MCSE+Internet MVP
> Freelance E-Mail Philosopher
> Protecting the world from PSTs and Bricked Backups!™
>
>
>
>
>
> ------------------------------------------------------------------------
>
> *From:* [EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]> [mailto:
> [EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED] >] *On Behalf Of
> *rubix cube
> *Sent:* Wednesday, October 12, 2005 9:47 AM
> *To:* ActiveDir@mail.activedir.org
> <mailto: ActiveDir@mail.activedir.org>
> *Subject:* [ActiveDir] Reverse DNS
>
> Hi list,
>
> How do you exactly configure a reverse DNS zone? which type
> should it be? (standard, primary, active directory
> integrated), should it allow for zone transfer, if I want to
> configure it on my internal DNS server (which doesn't do any
> zone transfers with any one else its only internal, but it can
> resolve external names), how should I do that? I need it for
> my email that is being rejected for the lack of a reverse DNS
> setup. Also do I need to do anything with my ISP, ask him to
> do anything for my name records in his database?
>
> Thanks,
>
> r.c.
>
>
>
>
>
>
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
