Re: [ActiveDir] Reverse DNS Lookup?
Have you tired : nslookup On 11/3/06, Michael B Allen [EMAIL PROTECTED] wrote: Can someone tell me how to do a reverse DNS lookup?The following:C:\ping -a 192.168.1.15returns only the first label of the name. Is there a way to return afully qualified DNS name?Mike--Michael B AllenPHP Active Directory SSO http://www.ioplex.com/List info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
Re: [ActiveDir] Reverse DNS Lookup?
nslookup ip.add.re.ss returnWhy? On 11/3/06, Michael B Allen [EMAIL PROTECTED] wrote: Can someone tell me how to do a reverse DNS lookup?The following: C:\ping -a 192.168.1.15returns only the first label of the name. Is there a way to return afully qualified DNS name?Mike--Michael B AllenPHP Active Directory SSO http://www.ioplex.com/List info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir] Reverse DNS Lookup?
nslookup set type=A 192.168.1.15 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B Allen Sent: Friday, November 03, 2006 3:15 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Reverse DNS Lookup? Can someone tell me how to do a reverse DNS lookup? The following: C:\ping -a 192.168.1.15 returns only the first label of the name. Is there a way to return a fully qualified DNS name? Mike -- Michael B Allen PHP Active Directory SSO http://www.ioplex.com/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
Re: [ActiveDir] Reverse DNS Lookup?
Yes, but I'm not aware of how exactly to do a reverse lookup with nslookup. On linux you can do 'nslookup ipaddress' (you can also do 'host ipaddress' but that doesn't appear to work with nslookup on Windows. On Fri, 3 Nov 2006 22:33:33 +0200 Boaz Galil [EMAIL PROTECTED] wrote: Have you tired : nslookup On 11/3/06, Michael B Allen [EMAIL PROTECTED] wrote: Can someone tell me how to do a reverse DNS lookup? The following: C:\ping -a 192.168.1.15 returns only the first label of the name. Is there a way to return a fully qualified DNS name? Mike -- Michael B Allen PHP Active Directory SSO http://www.ioplex.com/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ -- Michael B Allen PHP Active Directory SSO http://www.ioplex.com/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
Re: [ActiveDir] Reverse DNS Lookup?
Allan; In addition to nslookup. You can also use one of the web based sites if you need even more information though set type MX, SOA, NS are also viable: www.dnsstuff.com - or - http://whois.domaintools.com/ Either can give you more information than you wanted such as abuse administrators, IP ranges, subnet masks, et.al. Brent Eads Employee Technology Solutions, Inc. The contents contain privileged and/or confidential information intended for the named recipient of this email. ETSI (Employee Technology Solutions, Inc.) does not warrant that the contents of any electronically transmitted information will remain confidential. If the reader of this email is not the intended recipient you are hereby notified that any use, reproduction, disclosure or distribution of the information contained in the email in error, please reply to us immediately and delete the document. Viruses, Malware, Phishing and other known and unknown electronic threats: It is the recipient/client's duties to perform virus scans and otherwise test the information provided before loading onto any computer system. No warranty is made that this material is free from computer virus or any other defect. Any loss/damage incurred by using this material is not the sender's responsibility. Liability will be limited to resupplying the material. Michael B Allen [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 11/03/2006 02:15 PM Please respond to ActiveDir@mail.activedir.org To ActiveDir@mail.activedir.org cc Subject [ActiveDir] Reverse DNS Lookup? Can someone tell me how to do a reverse DNS lookup? The following: C:\ping -a 192.168.1.15 returns only the first label of the name. Is there a way to return a fully qualified DNS name? Mike -- Michael B Allen PHP Active Directory SSO http://www.ioplex.com/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ Message scanned by TrendMicro Message scanned by TrendMicro
RE: [ActiveDir] Reverse DNS Lookup?
It does work assuming the reverse zones are populated... G:\nslookup 192.168.0.10 Server: r2dc1.test.loc Address: 192.168.0.10 Name:r2dc1.test.loc Address: 192.168.0.10 -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B Allen Sent: Friday, November 03, 2006 3:48 PM To: ActiveDir@mail.activedir.org Cc: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Reverse DNS Lookup? Yes, but I'm not aware of how exactly to do a reverse lookup with nslookup. On linux you can do 'nslookup ipaddress' (you can also do 'host ipaddress' but that doesn't appear to work with nslookup on Windows. On Fri, 3 Nov 2006 22:33:33 +0200 Boaz Galil [EMAIL PROTECTED] wrote: Have you tired : nslookup On 11/3/06, Michael B Allen [EMAIL PROTECTED] wrote: Can someone tell me how to do a reverse DNS lookup? The following: C:\ping -a 192.168.1.15 returns only the first label of the name. Is there a way to return a fully qualified DNS name? Mike -- Michael B Allen PHP Active Directory SSO http://www.ioplex.com/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ -- Michael B Allen PHP Active Directory SSO http://www.ioplex.com/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
Re: [ActiveDir] Reverse DNS Lookup?
nslookup works the same on linux as it does on Windows. You can specify nslookup ip address and it'll do the reverse dns lookup for you. If you need to see more information, set query to any and set the debug information (set d2 enter and set q=any enter after nslookup) AlOn 11/3/06, Michael B Allen [EMAIL PROTECTED] wrote: Yes, but I'm not aware of how exactly to do a reverse lookup withnslookup. On linux you can do 'nslookup ipaddress' (you can also do'host ipaddress' but that doesn't appear to work with nslookup on Windows.On Fri, 3 Nov 2006 22:33:33 +0200Boaz Galil [EMAIL PROTECTED] wrote: Have you tired : nslookup On 11/3/06, Michael B Allen [EMAIL PROTECTED] wrote: Can someone tell me how to do a reverse DNS lookup? The following: C:\ping -a 192.168.1.15 returns only the first label of the name. Is there a way to return a fully qualified DNS name? Mike -- Michael B Allen PHP Active Directory SSO http://www.ioplex.com/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ --Michael B AllenPHP Active Directory SSOhttp://www.ioplex.com/List info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir] Reverse DNS Lookup?
Yeah, those are great for public IPs, but they don't have much useful info for private ranges, like 192.168.x.y ;-) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Friday, November 03, 2006 2:06 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Reverse DNS Lookup? Allan; In addition to nslookup. You can also use one of the web based sites if you need even more information though set type MX, SOA, NS are also viable: www.dnsstuff.com - or - http://whois.domaintools.com/ Either can give you more information than you wanted such as abuse administrators, IP ranges, subnet masks, et.al. Brent EadsEmployee Technology Solutions, Inc.The contents contain privileged and/or confidential information intended for the named recipient of this email. ETSI (Employee Technology Solutions, Inc.) does not warrant that the contents of any electronically transmitted information will remain confidential. If the reader of this email is not the intended recipient you are hereby notified that any use, reproduction, disclosure or distribution of the information contained in the email in error, please reply to us immediately and delete the document. Viruses, Malware, Phishing and other known and unknown electronic threats: It is the recipient/client's duties to perform virus scans and otherwise test the information provided before loading onto any computer system. No warranty is made that this material is free from computer virus or any other defect.Any loss/damage incurred by using this material is not the sender's responsibility. Liability will be limited to resupplying the material. Michael B Allen [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 11/03/2006 02:15 PM Please respond toActiveDir@mail.activedir.org To ActiveDir@mail.activedir.org cc Subject [ActiveDir] Reverse DNS Lookup? Can someone tell me how to do a reverse DNS lookup?The following:C:\ping -a 192.168.1.15returns only the first label of the name. Is there a way to return afully qualified DNS name?Mike-- Michael B AllenPHP Active Directory SSOhttp://www.ioplex.com/List info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir@mail.activedir.org/Message scanned by TrendMicro Message scanned by TrendMicro
Re: [ActiveDir] Reverse DNS Lookup?
On Fri, 3 Nov 2006 16:07:17 -0500 joe [EMAIL PROTECTED] wrote: It does work assuming the reverse zones are populated... G:\nslookup 192.168.0.10 Server: r2dc1.test.loc Address: 192.168.0.10 Name:r2dc1.test.loc Address: 192.168.0.10 Yeah, somethings wrong with doing this on my test DC. If I point nslookup at a slave running bind it works. Something's wrong with the reverse zone on my DC. Thanks, Mike -- Michael B Allen PHP Active Directory SSO http://www.ioplex.com/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir] Reverse DNS Lookup?
Works fine on my Windows machines. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B Allen Sent: Friday, November 03, 2006 3:48 PM To: ActiveDir@mail.activedir.org Cc: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Reverse DNS Lookup? Yes, but I'm not aware of how exactly to do a reverse lookup with nslookup. On linux you can do 'nslookup ipaddress' (you can also do 'host ipaddress' but that doesn't appear to work with nslookup on Windows. On Fri, 3 Nov 2006 22:33:33 +0200 Boaz Galil [EMAIL PROTECTED] wrote: Have you tired : nslookup On 11/3/06, Michael B Allen [EMAIL PROTECTED] wrote: Can someone tell me how to do a reverse DNS lookup? The following: C:\ping -a 192.168.1.15 returns only the first label of the name. Is there a way to return a fully qualified DNS name? Mike -- Michael B Allen PHP Active Directory SSO http://www.ioplex.com/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ -- Michael B Allen PHP Active Directory SSO http://www.ioplex.com/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir] Reverse DNS
Oooof. ROTFLMAO! Funny - very funny! Rick [msft] --Posting is provided "AS IS", and confers no rights or warranties ... From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Phil RenoufSent: Friday, October 14, 2005 11:20 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Reverse DNS Why lurk when you can participate so effectively? :) Phil On 10/15/05, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] [EMAIL PROTECTED] wrote: Or get a better ISP or DNS record keeper that will allow you to do whatyou need to do.okay okay I don't lurk well ... I know I know... Phil Renouf wrote: So you have a publicly accessible DNS server that you manage and is in your DMZ and an internally accessible DNS server that is on your internal network. Is that right? You have a domain on your publicly accessible DNS server for your public servers (web, email etc.) and currently you only have a forward lookup zone created on that DNS server. What you want is to be able to also host reverse DNS for the subnet that you were given by your ISP? If that is the case then the advice has been given; talk to your ISP and have them delegate that subnet to your DNS server and setup a reverse lookup zone on your publicly accessible DNS server. That or have your ISP host the reverse lookup zone, although that would require them to manage the entries as well. Phil On 10/13/05, *rubix cube* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: I have 2 internal DNS's, one on the DMZ zone which hosts the public IPs of the servers we publish (email, website, systems, etc... around 15 IPs) and the other DNS which resolves only the internal IPs, I wanted to setup the reverse DNS and publish my internal DNS (the one at the DMZ) because am not sure about my ISP. I went through some trouble trying to create an SPF record with him, and I don't have any control panel or tools for my records on his side On 10/13/05, *Ed Crowley [MVP]* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: I can't fathom why any organization would "have to". Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups! *From:* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]] *On Behalf Of *Derek Harris *Sent:* Wednesday, October 12, 2005 3:35 PM *To:* ActiveDir@mail.activedir.org mailto:ActiveDir@mail.activedir.org *Subject: *RE: [ActiveDir] Reverse DNS I agree with Aric's advice: don't expose your internal DNS server unless you "have to."Network Solutions hosts my DNS records, and I can manage them myself using their web-based tools.The only gripe I've got with them is that they won't host SPF records. *From:* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ] *On Behalf Of *Bernard, Aric *Sent:* Wednesday, October 12, 2005 3:08 PM *To:* ActiveDir@mail.activedir.org mailto: ActiveDir@mail.activedir.org *Subject:* RE: [ActiveDir] Reverse DNS You probably do not want to go out and expose your internal DNS server (presumably supporting your internal forest) to the Internet.Your internal DNS names and IP addresses should remain private, unless of course you are using public IP addresses internally and in such a case you would only want to expose those required externally. It is highly likely that your ISP already has some form of a reverse lookup zone in place for your subnet even if it only has generic records.If that is the case, I would probably go about just having them modify the existing zone altering the existing records with the proper names of your systems unless you cannot depend on them for timely changes (find another ISP) or you have a lot of PTR records that need to be published externally or the records you do publish will be fairly dynamic. Regards, Aric *From:* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED]] *On Behalf Of *rubix cube *Sent:* Wednesday, October 12, 2005 1:44 PM *To:* ActiveDir@mail.activedir.org mailto:ActiveDir@mail.activedir.org *Subject:* Re: [ActiveDir] Reverse DNS Thanks all, And when I configure the DNS reverse zone on my internal DSN server and ask my ISP to delegate my subnet (We pay monthly fees for the subnet and internet access), then anything else I should do? to my internal DNS, s
Re: [ActiveDir] Reverse DNS
So you have a publicly accessible DNS server that you manage and is in your DMZ and an internally accessible DNS server that is on your internal network. Is that right? You have a domain on your publicly accessible DNS server for your public servers (web, email etc.) and currently you only have a forward lookup zone created on that DNS server. What you want is to be able to also host reverse DNS for the subnet that you were given by your ISP? If that is the case then the advice has been given; talk to your ISP and have them delegate that subnet to your DNS server and setup a reverse lookup zone on your publicly accessible DNS server. That or have your ISP host the reverse lookup zone, although that would require them to manage the entries as well. Phil On 10/13/05, rubix cube [EMAIL PROTECTED] wrote: I have 2 internal DNS's, one on the DMZ zone which hosts the public IPs of the servers we publish (email, website, systems, etc... around 15 IPs) and the other DNS which resolves only the internal IPs, I wanted to setup the reverse DNS and publish my internal DNS (the one at the DMZ) because am not sure about my ISP. I went through some trouble trying to create an SPF record with him, and I don't have any control panel or tools for my records on his side On 10/13/05, Ed Crowley [MVP] [EMAIL PROTECTED] wrote: I can't fathom why any organization would have to. Ed Crowley MCSE+Internet MVPFreelance E-Mail PhilosopherProtecting the world from PSTs and Bricked Backups!™ From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Derek HarrisSent: Wednesday, October 12, 2005 3:35 PM To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Reverse DNS I agree with Aric's advice: don't expose your internal DNS server unless you have to. Network Solutions hosts my DNS records, and I can manage them myself using their web-based tools. The only gripe I've got with them is that they won't host SPF records. From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Bernard, AricSent: Wednesday, October 12, 2005 3:08 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Reverse DNS You probably do not want to go out and expose your internal DNS server (presumably supporting your internal forest) to the Internet. Your internal DNS names and IP addresses should remain private, unless of course you are using public IP addresses internally and in such a case you would only want to expose those required externally. It is highly likely that your ISP already has some form of a reverse lookup zone in place for your subnet even if it only has generic records. If that is the case, I would probably go about just having them modify the existing zone altering the existing records with the proper names of your systems unless you cannot depend on them for timely changes (find another ISP) or you have a lot of PTR records that need to be published externally or the records you do publish will be fairly dynamic. Regards, Aric From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of rubix cubeSent: Wednesday, October 12, 2005 1:44 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Reverse DNS Thanks all, And when I configure the DNS reverse zone on my internal DSN server and ask my ISP to delegate my subnet (We pay monthly fees for the subnet and internet access), then anything else I should do? to my internal DNS, should I publish my internal DNS? or is it enough to keep it hte same way? Also assuming that I want the ISP to configure the reverse dns for me, I just ask them to add a reverse DNS for my subnet? Thanks r.c. On 10/12/05, Brian Desmond [EMAIL PROTECTED] wrote: That's not entirely true. Your ISP will need to delegate your subnet(s) to your DNS servers if you want to run your own reverse DNS. If you own yoru subnet, you need to work with the registrar to get the delegation. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Ed Crowley [MVP]Sent: Wednesday, October 12, 2005 1:02 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Reverse DNS It's likely that your ISP will have to host your Internet reverse zone if they own your IP addresses. Really, you're going to have to ask them. Ed Crowley MCSE+Internet MVPFreelance E-Mail PhilosopherProtecting the world from PSTs and Bricked Backups!™ From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of rubix cubeSent: Wednesday, October 12, 2005 9:47 AM To: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Reverse DNS Hi list, How do you exactly configure a reverse DNS zone? which type should it be? (standard, primary, active directory integrated), should it allow for zone transfer, if I want to configure it on my internal DNS server (which doesn't do any zone transfers with any one else its only internal, but it can resolve external names), how should I do that? I need
Re: [ActiveDir] Reverse DNS
Or get a better ISP or DNS record keeper that will allow you to do what you need to do. okay okay I don't lurk well ... I know I know... Phil Renouf wrote: So you have a publicly accessible DNS server that you manage and is in your DMZ and an internally accessible DNS server that is on your internal network. Is that right? You have a domain on your publicly accessible DNS server for your public servers (web, email etc.) and currently you only have a forward lookup zone created on that DNS server. What you want is to be able to also host reverse DNS for the subnet that you were given by your ISP? If that is the case then the advice has been given; talk to your ISP and have them delegate that subnet to your DNS server and setup a reverse lookup zone on your publicly accessible DNS server. That or have your ISP host the reverse lookup zone, although that would require them to manage the entries as well. Phil On 10/13/05, *rubix cube* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: I have 2 internal DNS's, one on the DMZ zone which hosts the public IPs of the servers we publish (email, website, systems, etc... around 15 IPs) and the other DNS which resolves only the internal IPs, I wanted to setup the reverse DNS and publish my internal DNS (the one at the DMZ) because am not sure about my ISP. I went through some trouble trying to create an SPF record with him, and I don't have any control panel or tools for my records on his side On 10/13/05, *Ed Crowley [MVP]* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: I can't fathom why any organization would have to. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!™ *From:* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]] *On Behalf Of *Derek Harris *Sent:* Wednesday, October 12, 2005 3:35 PM *To:* ActiveDir@mail.activedir.org mailto:ActiveDir@mail.activedir.org *Subject: *RE: [ActiveDir] Reverse DNS I agree with Aric's advice: don't expose your internal DNS server unless you have to. Network Solutions hosts my DNS records, and I can manage them myself using their web-based tools. The only gripe I've got with them is that they won't host SPF records. *From:* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]] *On Behalf Of *Bernard, Aric *Sent:* Wednesday, October 12, 2005 3:08 PM *To:* ActiveDir@mail.activedir.org mailto:ActiveDir@mail.activedir.org *Subject:* RE: [ActiveDir] Reverse DNS You probably do not want to go out and expose your internal DNS server (presumably supporting your internal forest) to the Internet. Your internal DNS names and IP addresses should remain private, unless of course you are using public IP addresses internally and in such a case you would only want to expose those required externally. It is highly likely that your ISP already has some form of a reverse lookup zone in place for your subnet even if it only has generic records. If that is the case, I would probably go about just having them modify the existing zone altering the existing records with the proper names of your systems unless you cannot depend on them for timely changes (find another ISP) or you have a lot of PTR records that need to be published externally or the records you do publish will be fairly dynamic. Regards, Aric *From:* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED]] *On Behalf Of *rubix cube *Sent:* Wednesday, October 12, 2005 1:44 PM *To:* ActiveDir@mail.activedir.org mailto:ActiveDir@mail.activedir.org *Subject:* Re: [ActiveDir] Reverse DNS Thanks all, And when I configure the DNS reverse zone on my internal DSN server and ask my ISP to delegate my subnet (We pay monthly fees for the subnet and internet access), then anything else I should do? to my internal DNS, should I publish my internal DNS? or is it enough to keep it hte same way? Also assuming that I want the ISP to configure the reverse dns
Re: [ActiveDir] Reverse DNS
Why lurk when you can participate so effectively? :) Phil On 10/15/05, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] [EMAIL PROTECTED] wrote: Or get a better ISP or DNS record keeper that will allow you to do whatyou need to do.okay okay I don't lurk well ... I know I know... Phil Renouf wrote: So you have a publicly accessible DNS server that you manage and is in your DMZ and an internally accessible DNS server that is on your internal network. Is that right? You have a domain on your publicly accessible DNS server for your public servers (web, email etc.) and currently you only have a forward lookup zone created on that DNS server. What you want is to be able to also host reverse DNS for the subnet that you were given by your ISP? If that is the case then the advice has been given; talk to your ISP and have them delegate that subnet to your DNS server and setup a reverse lookup zone on your publicly accessible DNS server. That or have your ISP host the reverse lookup zone, although that would require them to manage the entries as well. Phil On 10/13/05, *rubix cube* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: I have 2 internal DNS's, one on the DMZ zone which hosts the public IPs of the servers we publish (email, website, systems, etc... around 15 IPs) and the other DNS which resolves only the internal IPs, I wanted to setup the reverse DNS and publish my internal DNS (the one at the DMZ) because am not sure about my ISP. I went through some trouble trying to create an SPF record with him, and I don't have any control panel or tools for my records on his side On 10/13/05, *Ed Crowley [MVP]* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: I can't fathom why any organization would have to. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!™ *From:* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]] *On Behalf Of *Derek Harris *Sent:* Wednesday, October 12, 2005 3:35 PM *To:* ActiveDir@mail.activedir.org mailto:ActiveDir@mail.activedir.org *Subject: *RE: [ActiveDir] Reverse DNS I agree with Aric's advice: don't expose your internal DNS server unless you have to.Network Solutions hosts my DNS records, and I can manage them myself using their web-based tools.The only gripe I've got with them is that they won't host SPF records. *From:* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ] *On Behalf Of *Bernard, Aric *Sent:* Wednesday, October 12, 2005 3:08 PM *To:* ActiveDir@mail.activedir.org mailto: ActiveDir@mail.activedir.org *Subject:* RE: [ActiveDir] Reverse DNS You probably do not want to go out and expose your internal DNS server (presumably supporting your internal forest) to the Internet.Your internal DNS names and IP addresses should remain private, unless of course you are using public IP addresses internally and in such a case you would only want to expose those required externally. It is highly likely that your ISP already has some form of a reverse lookup zone in place for your subnet even if it only has generic records.If that is the case, I would probably go about just having them modify the existing zone altering the existing records with the proper names of your systems unless you cannot depend on them for timely changes (find another ISP) or you have a lot of PTR records that need to be published externally or the records you do publish will be fairly dynamic. Regards, Aric *From:* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED]] *On Behalf Of *rubix cube *Sent:* Wednesday, October 12, 2005 1:44 PM *To:* ActiveDir@mail.activedir.org mailto:ActiveDir@mail.activedir.org *Subject:* Re: [ActiveDir] Reverse DNS Thanks all, And when I configure the DNS reverse zone on my internal DSN server and ask my ISP to delegate my subnet (We pay monthly fees for the subnet and internet access), then anything else I should do? to my internal DNS, should I publish my internal DNS? or is it enough to keep it hte same way? Also assuming that I want the ISP to configure the reverse dns for me, I just ask them to add a reverse DNS for my subnet? Thanks r.c. On 10/12/05, *Brian Desmond* [EMAIL PROTECTED] mailto: [EMAIL PROTECTED] wrote: *That's not entirely true. Your ISP will need to delegate your subnet(s) to your DNS servers if you want to run your own reverse DNS. If you own yoru subnet, you need to work with the registrar to get the delegation. * * * **Thanks,*** **Brian Desmond*** ** [EMAIL PROTECTED] mailto: [EMAIL PROTECTED] **c - 312.731.3132** *From:* [EMAIL PROTECTED] mailto
Re: [ActiveDir] Reverse DNS
I have 2 internal DNS's, one on the DMZ zone which hosts the public IPs of the servers we publish (email, website, systems, etc... around 15 IPs) and the other DNS which resolves only the internal IPs, I wanted to setup the reverse DNS and publish my internal DNS (the one at the DMZ) because am not sure about my ISP. I went through some trouble trying to create an SPF record with him, and I don't have any control panel or tools for my records on his side On 10/13/05, Ed Crowley [MVP] [EMAIL PROTECTED] wrote: I can't fathom why any organization would have to. Ed Crowley MCSE+Internet MVPFreelance E-Mail PhilosopherProtecting the world from PSTs and Bricked Backups!™ From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Derek HarrisSent: Wednesday, October 12, 2005 3:35 PM To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Reverse DNS I agree with Aric's advice: don't expose your internal DNS server unless you have to. Network Solutions hosts my DNS records, and I can manage them myself using their web-based tools. The only gripe I've got with them is that they won't host SPF records. From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Bernard, AricSent: Wednesday, October 12, 2005 3:08 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Reverse DNS You probably do not want to go out and expose your internal DNS server (presumably supporting your internal forest) to the Internet. Your internal DNS names and IP addresses should remain private, unless of course you are using public IP addresses internally and in such a case you would only want to expose those required externally. It is highly likely that your ISP already has some form of a reverse lookup zone in place for your subnet even if it only has generic records. If that is the case, I would probably go about just having them modify the existing zone altering the existing records with the proper names of your systems unless you cannot depend on them for timely changes (find another ISP) or you have a lot of PTR records that need to be published externally or the records you do publish will be fairly dynamic. Regards, Aric From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of rubix cubeSent: Wednesday, October 12, 2005 1:44 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Reverse DNS Thanks all, And when I configure the DNS reverse zone on my internal DSN server and ask my ISP to delegate my subnet (We pay monthly fees for the subnet and internet access), then anything else I should do? to my internal DNS, should I publish my internal DNS? or is it enough to keep it hte same way? Also assuming that I want the ISP to configure the reverse dns for me, I just ask them to add a reverse DNS for my subnet? Thanks r.c. On 10/12/05, Brian Desmond [EMAIL PROTECTED] wrote: That's not entirely true. Your ISP will need to delegate your subnet(s) to your DNS servers if you want to run your own reverse DNS. If you own yoru subnet, you need to work with the registrar to get the delegation. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Ed Crowley [MVP]Sent: Wednesday, October 12, 2005 1:02 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Reverse DNS It's likely that your ISP will have to host your Internet reverse zone if they own your IP addresses. Really, you're going to have to ask them. Ed Crowley MCSE+Internet MVPFreelance E-Mail PhilosopherProtecting the world from PSTs and Bricked Backups!™ From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of rubix cubeSent: Wednesday, October 12, 2005 9:47 AM To: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Reverse DNS Hi list, How do you exactly configure a reverse DNS zone? which type should it be? (standard, primary, active directory integrated), should it allow for zone transfer, if I want to configure it on my internal DNS server (which doesn't do any zone transfers with any one else its only internal, but it can resolve external names), how should I do that? I need it for my email that is being rejected for the lack of a reverse DNS setup. Also do I need to do anything with my ISP, ask him to do anything for my name records in his database? Thanks, r.c.
RE: [ActiveDir] Reverse DNS
Me neither -- that's why I put it in quotes. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ed Crowley [MVP]Sent: Wednesday, October 12, 2005 5:48 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Reverse DNS I can't fathom why any organization would "have to". Ed Crowley MCSE+Internet MVPFreelance E-Mail PhilosopherProtecting the world from PSTs and Bricked Backups! From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Derek HarrisSent: Wednesday, October 12, 2005 3:35 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Reverse DNS I agree with Aric's advice: don't expose your internal DNS server unless you "have to." Network Solutions hosts my DNS records, and I can manage them myself using their web-based tools. The only gripe I've got with them is that they won't host SPF records. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernard, AricSent: Wednesday, October 12, 2005 3:08 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Reverse DNS You probably do not want to go out and expose your internal DNS server (presumably supporting your internal forest) to the Internet. Your internal DNS names and IP addresses should remain private, unless of course you are using public IP addresses internally and in such a case you would only want to expose those required externally. It is highly likely that your ISP already has some form of a reverse lookup zone in place for your subnet even if it only has generic records. If that is the case, I would probably go about just having them modify the existing zone altering the existing records with the proper names of your systems unless you cannot depend on them for timely changes (find another ISP) or you have a lot of PTR records that need to be published externally or the records you do publish will be fairly dynamic. Regards, Aric From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of rubix cubeSent: Wednesday, October 12, 2005 1:44 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Reverse DNS Thanks all, And when I configure the DNS reverse zone on my internal DSN server and ask my ISP to delegate my subnet (We pay monthly fees for the subnet and internet access), then anything else I should do? to my internal DNS, should I publish my internal DNS? or is it enough to keep it hte same way? Also assuming that I want the ISP to configure the reverse dns for me, I just ask them to add a reverse DNS for my subnet? Thanks r.c. On 10/12/05, Brian Desmond [EMAIL PROTECTED] wrote: That's not entirely true. Your ISP will need to delegate your subnet(s) to your DNS servers if you want to run your own reverse DNS. If you own yoru subnet, you need to work with the registrar to get the delegation. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Ed Crowley [MVP]Sent: Wednesday, October 12, 2005 1:02 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Reverse DNS It's likely that your ISP will have to host your Internet reverse zone if they own your IP addresses. Really, you're going to have to ask them. Ed Crowley MCSE+Internet MVPFreelance E-Mail PhilosopherProtecting the world from PSTs and Bricked Backups! From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of rubix cubeSent: Wednesday, October 12, 2005 9:47 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Reverse DNS Hi list, How do you exactly configure a reverse DNS zone? which type should it be? (standard, primary, active directory integrated), should it allow for zone transfer, if I want to configure it on my internal DNS server (which doesn't do any zone transfers with any one else its only internal, but it can resolve external names), how should I do that? I need it for my email that is being rejected for the lack of a reverse DNS setup. Also do I need to do anything with my ISP, ask him to do anything for my name records in his database? Thanks, r.c.
RE: [ActiveDir] Reverse DNS
It's likely that your ISP will have to host your Internet reverse zone if they own your IP addresses. Really, you're going to have to ask them. Ed Crowley MCSE+Internet MVPFreelance E-Mail PhilosopherProtecting the world from PSTs and Bricked Backups! From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of rubix cubeSent: Wednesday, October 12, 2005 9:47 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Reverse DNS Hi list, How do you exactly configure a reverse DNS zone? which type should it be? (standard, primary, active directory integrated), should it allow for zone transfer, if I want to configure it on my internal DNS server (which doesn't do any zone transfers with any one else its only internal, but it can resolve external names), how should I do that? I need it for my email that is being rejected for the lack of a reverse DNS setup. Also do I need to do anything with my ISP, ask him to do anything for my name records in his database? Thanks, r.c.
RE: [ActiveDir] Reverse DNS
http://www.bookpool.com/sm/0596005628 And or: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/c1ef-8350-48bc-8b48-25f78681d2a0.mspx Jose -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of rubix cubeSent: Wednesday, October 12, 2005 9:47 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Reverse DNS Hi list, How do you exactly configure a reverse DNS zone? which type should it be? (standard, primary, active directory integrated), should it allow for zone transfer, if I want to configure it on my internal DNS server (which doesn't do any zone transfers with any one else its only internal, but it can resolve external names), how should I do that? I need it for my email that is being rejected for the lack of a reverse DNS setup. Also do I need to do anything with my ISP, ask him to do anything for my name records in his database? Thanks, r.c.
RE: [ActiveDir] Reverse DNS
Thats not entirely true. Your ISP will need to delegate your subnet(s) to your DNS servers if you want to run your own reverse DNS. If you own yoru subnet, you need to work with the registrar to get the delegation. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ed Crowley [MVP] Sent: Wednesday, October 12, 2005 1:02 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Reverse DNS It's likely that your ISP will have to host your Internet reverse zone if they own your IP addresses. Really, you're going to have to ask them. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups! From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of rubix cube Sent: Wednesday, October 12, 2005 9:47 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Reverse DNS Hi list, How do you exactly configure a reverse DNS zone? which type should it be? (standard, primary, active directory integrated), should it allow for zone transfer, if I want to configure it on my internal DNS server (which doesn't do any zone transfers with any one else its only internal, but it can resolve external names), how should I do that? I need it for my email that is being rejected for the lack of a reverse DNS setup. Also do I need to do anything with my ISP, ask him to do anything for my name records in his database? Thanks, r.c.
RE: [ActiveDir] Reverse DNS
Agreed. I said it was "likely". Ed Crowley MCSE+Internet MVPFreelance E-Mail PhilosopherProtecting the world from PSTs and Bricked Backups! From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian DesmondSent: Wednesday, October 12, 2005 10:33 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Reverse DNS Thats not entirely true. Your ISP will need to delegate your subnet(s) to your DNS servers if you want to run your own reverse DNS. If you own yoru subnet, you need to work with the registrar to get the delegation. Thanks,Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ed Crowley [MVP]Sent: Wednesday, October 12, 2005 1:02 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Reverse DNS It's likely that your ISP will have to host your Internet reverse zone if they own your IP addresses. Really, you're going to have to ask them. Ed Crowley MCSE+Internet MVPFreelance E-Mail PhilosopherProtecting the world from PSTs and Bricked Backups! From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of rubix cubeSent: Wednesday, October 12, 2005 9:47 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Reverse DNS Hi list, How do you exactly configure a reverse DNS zone? which type should it be? (standard, primary, active directory integrated), should it allow for zone transfer, if I want to configure it on my internal DNS server (which doesn't do any zone transfers with any one else its only internal, but it can resolve external names), how should I do that? I need it for my email that is being rejected for the lack of a reverse DNS setup. Also do I need to do anything with my ISP, ask him to do anything for my name records in his database? Thanks, r.c.
Re: [ActiveDir] Reverse DNS
Thanks all, And when I configure the DNS reverse zone on my internal DSN server and ask my ISP to delegate my subnet (We pay monthly fees for the subnet and internet access), then anything else I should do? to my internal DNS, should I publish my internal DNS? or is it enough to keep it hte same way? Also assuming that I want the ISP to configure the reverse dns for me, I just ask them to add a reverse DNS for my subnet? Thanks r.c. On 10/12/05, Brian Desmond [EMAIL PROTECTED] wrote: That's not entirely true. Your ISP will need to delegate your subnet(s) to your DNS servers if you want to run your own reverse DNS. If you own yoru subnet, you need to work with the registrar to get the delegation. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Ed Crowley [MVP]Sent: Wednesday, October 12, 2005 1:02 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Reverse DNS It's likely that your ISP will have to host your Internet reverse zone if they own your IP addresses. Really, you're going to have to ask them. Ed Crowley MCSE+Internet MVPFreelance E-Mail PhilosopherProtecting the world from PSTs and Bricked Backups!™ From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of rubix cubeSent: Wednesday, October 12, 2005 9:47 AM To: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Reverse DNS Hi list, How do you exactly configure a reverse DNS zone? which type should it be? (standard, primary, active directory integrated), should it allow for zone transfer, if I want to configure it on my internal DNS server (which doesn't do any zone transfers with any one else its only internal, but it can resolve external names), how should I do that? I need it for my email that is being rejected for the lack of a reverse DNS setup. Also do I need to do anything with my ISP, ask him to do anything for my name records in his database? Thanks, r.c.
RE: [ActiveDir] Reverse DNS
You probably do not want to go out and expose your internal DNS server (presumably supporting your internal forest) to the Internet. Your internal DNS names and IP addresses should remain private, unless of course you are using public IP addresses internally and in such a case you would only want to expose those required externally. It is highly likely that your ISP already has some form of a reverse lookup zone in place for your subnet even if it only has generic records. If that is the case, I would probably go about just having them modify the existing zone altering the existing records with the proper names of your systems unless you cannot depend on them for timely changes (find another ISP) or you have a lot of PTR records that need to be published externally or the records you do publish will be fairly dynamic. Regards, Aric From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of rubix cube Sent: Wednesday, October 12, 2005 1:44 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Reverse DNS Thanks all, And when I configure the DNS reverse zone on my internal DSN server and ask my ISP to delegate my subnet (We pay monthly fees for the subnet and internet access), then anything else I should do? to my internal DNS, should I publish my internal DNS? or is it enough to keep it hte same way? Also assuming that I want the ISP to configure the reverse dns for me, I just ask them to add a reverse DNS for my subnet? Thanks r.c. On 10/12/05, Brian Desmond [EMAIL PROTECTED] wrote: That's not entirely true. Your ISP will need to delegate your subnet(s) to your DNS servers if you want to run your own reverse DNS. If you own yoru subnet, you need to work with the registrar to get the delegation. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Ed Crowley [MVP] Sent: Wednesday, October 12, 2005 1:02 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Reverse DNS It's likely that your ISP will have to host your Internet reverse zone if they own your IP addresses. Really, you're going to have to ask them. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups! From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of rubix cube Sent: Wednesday, October 12, 2005 9:47 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Reverse DNS Hi list, How do you exactly configure a reverse DNS zone? which type should it be? (standard, primary, active directory integrated), should it allow for zone transfer, if I want to configure it on my internal DNS server (which doesn't do any zone transfers with any one else its only internal, but it can resolve external names), how should I do that? I need it for my email that is being rejected for the lack of a reverse DNS setup. Also do I need to do anything with my ISP, ask him to do anything for my name records in his database? Thanks, r.c.
RE: [ActiveDir] Reverse DNS
I agree with Aric's advice: don't expose your internal DNS server unless you "have to." Network Solutions hosts my DNS records, and I can manage them myself using their web-based tools. The only gripe I've got with them is that they won't host SPF records. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernard, AricSent: Wednesday, October 12, 2005 3:08 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Reverse DNS You probably do not want to go out and expose your internal DNS server (presumably supporting your internal forest) to the Internet. Your internal DNS names and IP addresses should remain private, unless of course you are using public IP addresses internally and in such a case you would only want to expose those required externally. It is highly likely that your ISP already has some form of a reverse lookup zone in place for your subnet even if it only has generic records. If that is the case, I would probably go about just having them modify the existing zone altering the existing records with the proper names of your systems unless you cannot depend on them for timely changes (find another ISP) or you have a lot of PTR records that need to be published externally or the records you do publish will be fairly dynamic. Regards, Aric From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of rubix cubeSent: Wednesday, October 12, 2005 1:44 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Reverse DNS Thanks all, And when I configure the DNS reverse zone on my internal DSN server and ask my ISP to delegate my subnet (We pay monthly fees for the subnet and internet access), then anything else I should do? to my internal DNS, should I publish my internal DNS? or is it enough to keep it hte same way? Also assuming that I want the ISP to configure the reverse dns for me, I just ask them to add a reverse DNS for my subnet? Thanks r.c. On 10/12/05, Brian Desmond [EMAIL PROTECTED] wrote: That's not entirely true. Your ISP will need to delegate your subnet(s) to your DNS servers if you want to run your own reverse DNS. If you own yoru subnet, you need to work with the registrar to get the delegation. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Ed Crowley [MVP]Sent: Wednesday, October 12, 2005 1:02 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Reverse DNS It's likely that your ISP will have to host your Internet reverse zone if they own your IP addresses. Really, you're going to have to ask them. Ed Crowley MCSE+Internet MVPFreelance E-Mail PhilosopherProtecting the world from PSTs and Bricked Backups! From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of rubix cubeSent: Wednesday, October 12, 2005 9:47 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Reverse DNS Hi list, How do you exactly configure a reverse DNS zone? which type should it be? (standard, primary, active directory integrated), should it allow for zone transfer, if I want to configure it on my internal DNS server (which doesn't do any zone transfers with any one else its only internal, but it can resolve external names), how should I do that? I need it for my email that is being rejected for the lack of a reverse DNS setup. Also do I need to do anything with my ISP, ask him to do anything for my name records in his database? Thanks, r.c.
RE: [ActiveDir] Reverse DNS
What is your objective? Ed Crowley MCSE+Internet MVPFreelance E-Mail PhilosopherProtecting the world from PSTs and Bricked Backups! From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of rubix cubeSent: Wednesday, October 12, 2005 1:44 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Reverse DNS Thanks all, And when I configure the DNS reverse zone on my internal DSN server and ask my ISP to delegate my subnet (We pay monthly fees for the subnet and internet access), then anything else I should do? to my internal DNS, should I publish my internal DNS? or is it enough to keep it hte same way? Also assuming that I want the ISP to configure the reverse dns for me, I just ask them to add a reverse DNS for my subnet? Thanks r.c. On 10/12/05, Brian Desmond [EMAIL PROTECTED] wrote: That's not entirely true. Your ISP will need to delegate your subnet(s) to your DNS servers if you want to run your own reverse DNS. If you own yoru subnet, you need to work with the registrar to get the delegation. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Ed Crowley [MVP]Sent: Wednesday, October 12, 2005 1:02 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Reverse DNS It's likely that your ISP will have to host your Internet reverse zone if they own your IP addresses. Really, you're going to have to ask them. Ed Crowley MCSE+Internet MVPFreelance E-Mail PhilosopherProtecting the world from PSTs and Bricked Backups! From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of rubix cubeSent: Wednesday, October 12, 2005 9:47 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Reverse DNS Hi list, How do you exactly configure a reverse DNS zone? which type should it be? (standard, primary, active directory integrated), should it allow for zone transfer, if I want to configure it on my internal DNS server (which doesn't do any zone transfers with any one else its only internal, but it can resolve external names), how should I do that? I need it for my email that is being rejected for the lack of a reverse DNS setup. Also do I need to do anything with my ISP, ask him to do anything for my name records in his database? Thanks, r.c.
RE: [ActiveDir] Reverse DNS
I can't fathom why any organization would "have to". Ed Crowley MCSE+Internet MVPFreelance E-Mail PhilosopherProtecting the world from PSTs and Bricked Backups! From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Derek HarrisSent: Wednesday, October 12, 2005 3:35 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Reverse DNS I agree with Aric's advice: don't expose your internal DNS server unless you "have to." Network Solutions hosts my DNS records, and I can manage them myself using their web-based tools. The only gripe I've got with them is that they won't host SPF records. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernard, AricSent: Wednesday, October 12, 2005 3:08 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Reverse DNS You probably do not want to go out and expose your internal DNS server (presumably supporting your internal forest) to the Internet. Your internal DNS names and IP addresses should remain private, unless of course you are using public IP addresses internally and in such a case you would only want to expose those required externally. It is highly likely that your ISP already has some form of a reverse lookup zone in place for your subnet even if it only has generic records. If that is the case, I would probably go about just having them modify the existing zone altering the existing records with the proper names of your systems unless you cannot depend on them for timely changes (find another ISP) or you have a lot of PTR records that need to be published externally or the records you do publish will be fairly dynamic. Regards, Aric From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of rubix cubeSent: Wednesday, October 12, 2005 1:44 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Reverse DNS Thanks all, And when I configure the DNS reverse zone on my internal DSN server and ask my ISP to delegate my subnet (We pay monthly fees for the subnet and internet access), then anything else I should do? to my internal DNS, should I publish my internal DNS? or is it enough to keep it hte same way? Also assuming that I want the ISP to configure the reverse dns for me, I just ask them to add a reverse DNS for my subnet? Thanks r.c. On 10/12/05, Brian Desmond [EMAIL PROTECTED] wrote: That's not entirely true. Your ISP will need to delegate your subnet(s) to your DNS servers if you want to run your own reverse DNS. If you own yoru subnet, you need to work with the registrar to get the delegation. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Ed Crowley [MVP]Sent: Wednesday, October 12, 2005 1:02 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Reverse DNS It's likely that your ISP will have to host your Internet reverse zone if they own your IP addresses. Really, you're going to have to ask them. Ed Crowley MCSE+Internet MVPFreelance E-Mail PhilosopherProtecting the world from PSTs and Bricked Backups! From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of rubix cubeSent: Wednesday, October 12, 2005 9:47 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Reverse DNS Hi list, How do you exactly configure a reverse DNS zone? which type should it be? (standard, primary, active directory integrated), should it allow for zone transfer, if I want to configure it on my internal DNS server (which doesn't do any zone transfers with any one else its only internal, but it can resolve external names), how should I do that? I need it for my email that is being rejected for the lack of a reverse DNS setup. Also do I need to do anything with my ISP, ask him to do anything for my name records in his database? Thanks, r.c.
