Depends on your applications. We do a lot of work on Unix machines, and they generally require reverse DNS lookups for some of their processes. I also find it useful for tracking back to users and their machines when we're seeing strange traffic on the network. Personally, I think it is necessary.
------------------------------------------------------ Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -----Original Message----- > From: Rittenhouse, Cindy [mailto:[EMAIL PROTECTED]] > Sent: Friday, February 21, 2003 9:38 AM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] DNS Inconsistency > > > This may be a little simplistic and naive, but if you didn't maintain > reverse lookup zones, the problem would be eliminated. What would the > repercussions be to maintaining only forward lookup zones on > a internally > used DNS? > > -----Original Message----- > From: Roger Seielstad [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, February 18, 2003 15:19 > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] DNS Inconsistency > > > We run with Secure Updates only on all our zones. If you > either don't want > Win9x and NT clients listed, or if you don't have any of > those clients, then > you're all set. > > Altnerately, you can set the DHCP server to register on behalf of the > downlevel clients, which also doesn't cause any issues. In > either case, > there is no need for the DNS Proxy group membership to be modified. > > ------------------------------------------------------ > Roger D. Seielstad - MCSE > Sr. Systems Administrator > Inovis - Formerly Harbinger and Extricity > Atlanta, GA > > > > -----Original Message----- > > From: Todd Povilaitis > [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, February 18, 2003 1:22 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] DNS Inconsistency > > > > > > Is this also true where only secure updates are allowed for > > the server or zone? One of the immediate effects of allowing > > only secure updates (in addition to scavenging) was the > > removal of all non-member (9x, NT) machine's A records from > > the zone. This is what we wanted. > > > > -----Original Message----- > > From: Roger Seielstad [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, February 18, 2003 10:07 > > To: '[EMAIL PROTECTED]' > > Subject: RE: [ActiveDir] DNS Inconsistency > > > > > > Your second statement, about the DNS proxy group, is only true for > > supporting downlevel clients. In addition, it opens up some new and > > interesting security issues, because now your DHCP servers > > can injecy ANY > > record they want into DNS, including bogus DC and GC records. > > > > ------------------------------------------------------ > > Roger D. Seielstad - MCSE > > Sr. Systems Administrator > > Inovis - Formerly Harbinger and Extricity > > Atlanta, GA > > > > > > > -----Original Message----- > > > From: Todd Povilaitis > > [mailto:[EMAIL PROTECTED]] > > > Sent: Monday, February 17, 2003 11:57 AM > > > To: [EMAIL PROTECTED] > > > Subject: RE: [ActiveDir] DNS Inconsistency > > > > > > > > > I had the very same problem. It was affecting my scripts > > > because I wasn't connecting to the machines I thought I was. > > > > > > * You need to enable DNS scavenging. Don't set anything > > > below 48 hours. > > > * If you are using DHCP, add your DHCP servers to the > > > DnsUpdateProxy group. > > > > > > -Todd > > > > > > -----Original Message----- > > > From: Oluwaseyi Owoeye [mailto:[EMAIL PROTECTED]] > > > Sent: Monday, February 17, 2003 05:32 > > > To: [EMAIL PROTECTED] > > > Subject: [ActiveDir] DNS Inconsistency > > > > > > > > > Hi Guys, > > > > > > I am having a major problem in my organization over here. I > > > have set up active directory for about 800 users and about > > > 500 workstations. But for some reasons or the other my DNS > > > seems to be misbehaving. > > > When I ping a host I get a reply from a particular IP > > > address, but when I do a ping -a of the same IP address I get > > > an entirely different host. For some reason or the other the > > > record I have in my forward lookup zones and my reverse > > > lookup zones are not synchronized. > > > Is there any way I can resolve this inconsistency because it > > > gets worse and worse everyday. Is there any tool I can use to > > > correct this. > > > > > > Thanks > > > Seyi > > > > > > > > > List info : http://www.activedir.org/mail_list.htm > > > List FAQ : http://www.activedir.org/list_faq.htm > > > List archive: > > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > > List info : > > > http://www.activedir.org/mail_list.htm > > > List FAQ : http://www.activedir.org/list_faq.htm > > > List archive: > > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > List info : > > http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
