RE: [ActiveDir] Reverse DNS

[Derek Harris]

I agree with Aric's advice: don't expose your internal DNS server unless you "have to."  Network Solutions hosts my DNS records, and I can manage them myself using their web-based tools.  The only gripe I've got with them is that they won't host SPF records. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric Sent: Wednesday, October 12, 2005 3:08 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Reverse DNS You probably do not want to go out and expose your internal DNS server (presumably supporting your internal forest) to the Internet.  Your internal DNS names and IP addresses should remain private, unless of course you are using public IP addresses internally and in such a case you would only want to expose those required externally.    It is highly likely that your ISP already has some form of a reverse lookup zone in place for your subnet even if it only has generic records.  If that is the case, I would probably go about just having them modify the existing zone altering the existing records with the proper names of your systems unless you cannot depend on them for timely changes (find another ISP) or you have a lot of PTR records that need to be published externally or the records you do publish will be fairly dynamic.     Regards,   Aric   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of rubix cube Sent: Wednesday, October 12, 2005 1:44 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Reverse DNS   Thanks all,   And when I configure the DNS reverse zone on my internal DSN server and ask my ISP to delegate my subnet (We pay monthly fees for the subnet and internet access), then anything else I should do? to my internal DNS, should I publish my internal DNS? or is it enough to keep it hte same way?   Also assuming that I want the ISP to configure the reverse dns for me, I just ask them to add a reverse DNS for my subnet?   Thanks r.c.   On 10/12/05, Brian Desmond <[EMAIL PROTECTED]> wrote: That's not entirely true. Your ISP will need to delegate your subnet(s) to your DNS servers if you want to run your own reverse DNS. If you own yoru subnet, you need to work with the registrar to get the delegation.   Thanks, Brian Desmond [EMAIL PROTECTED]   c - 312.731.3132     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Ed Crowley [MVP] Sent: Wednesday, October 12, 2005 1:02 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Reverse DNS   It's likely that your ISP will have to host your Internet reverse zone if they own your IP addresses.  Really, you're going to have to ask them. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!™     From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of rubix cube Sent: Wednesday, October 12, 2005 9:47 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Reverse DNS Hi list, How do you exactly configure a reverse DNS zone? which type should it be? (standard, primary, active directory integrated), should it allow for zone transfer, if I want to configure it on my internal DNS server (which doesn't do any zone transfers with any one else its only internal, but it can resolve external names), how should I do that? I need it for my email that is being rejected for the lack of a reverse DNS setup. Also do I need to do anything with my ISP, ask him to do anything for my name records in his database? Thanks, r.c.