I have 2 internal DNS's, one on the DMZ zone which hosts the public IPs of the servers we publish (email, website, systems, etc... around 15 IPs) and the other DNS which resolves only the internal IPs, I wanted to setup the reverse DNS and publish my internal DNS (the one at the DMZ) because am not sure about my ISP. I went through some trouble trying to create an SPF record with him, and I don't have any control panel or tools for my records on his side
On 10/13/05, Ed Crowley [MVP] <[EMAIL PROTECTED] > wrote:I can't fathom why any organization would "have to".Ed Crowley MCSE+Internet MVP
Freelance E-Mail Philosopher
Protecting the world from PSTs and Bricked Backups!™
From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Derek Harris
Sent: Wednesday, October 12, 2005 3:35 PM
To: [email protected]
Subject: RE: [ActiveDir] Reverse DNS
I agree with Aric's advice: don't expose your internal DNS server unless you "have to." Network Solutions hosts my DNS records, and I can manage them myself using their web-based tools. The only gripe I've got with them is that they won't host SPF records.
From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Bernard, Aric
Sent: Wednesday, October 12, 2005 3:08 PM
To: [email protected]
Subject: RE: [ActiveDir] Reverse DNS
You probably do not want to go out and expose your internal DNS server (presumably supporting your internal forest) to the Internet. Your internal DNS names and IP addresses should remain private, unless of course you are using public IP addresses internally and in such a case you would only want to expose those required externally.
It is highly likely that your ISP already has some form of a reverse lookup zone in place for your subnet even if it only has generic records. If that is the case, I would probably go about just having them modify the existing zone altering the existing records with the proper names of your systems unless you cannot depend on them for timely changes (find another ISP) or you have a lot of PTR records that need to be published externally or the records you do publish will be fairly dynamic.
Regards,
Aric
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of rubix cube
Sent: Wednesday, October 12, 2005 1:44 PM
To: [email protected]
Subject: Re: [ActiveDir] Reverse DNS
Thanks all,
And when I configure the DNS reverse zone on my internal DSN server and ask my ISP to delegate my subnet (We pay monthly fees for the subnet and internet access), then anything else I should do? to my internal DNS, should I publish my internal DNS? or is it enough to keep it hte same way?
Also assuming that I want the ISP to configure the reverse dns for me, I just ask them to add a reverse DNS for my subnet?
Thanks
r.c.
On 10/12/05, Brian Desmond < [EMAIL PROTECTED]> wrote:
That's not entirely true. Your ISP will need to delegate your subnet(s) to your DNS servers if you want to run your own reverse DNS. If you own yoru subnet, you need to work with the registrar to get the delegation.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Ed Crowley [MVP]
Sent: Wednesday, October 12, 2005 1:02 PM
To: [email protected]
Subject: RE: [ActiveDir] Reverse DNS
It's likely that your ISP will have to host your Internet reverse zone if they own your IP addresses. Really, you're going to have to ask them.
Ed Crowley MCSE+Internet MVP
Freelance E-Mail Philosopher
Protecting the world from PSTs and Bricked Backups!™
From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of rubix cube
Sent: Wednesday, October 12, 2005 9:47 AM
To: [email protected]
Subject: [ActiveDir] Reverse DNSHi list,
How do you exactly configure a reverse DNS zone? which type should it be? (standard, primary, active directory integrated), should it allow for zone transfer, if I want to configure it on my internal DNS server (which doesn't do any zone transfers with any one else its only internal, but it can resolve external names), how should I do that? I need it for my email that is being rejected for the lack of a reverse DNS setup. Also do I need to do anything with my ISP, ask him to do anything for my name records in his database?
Thanks,
r.c.
So you have a publicly accessible DNS server that you manage and is in your DMZ and an internally accessible DNS server that is on your internal network. Is that right?
You have a domain on your publicly accessible DNS server for your public servers (web, email etc.) and currently you only have a forward lookup zone created on that DNS server. What you want is to be able to also host reverse DNS for the subnet that you were given by your ISP?
If that is the case then the advice has been given; talk to your ISP and have them delegate that subnet to your DNS server and setup a reverse lookup zone on your publicly accessible DNS server. That or have your ISP host the reverse lookup zone, although that would require them to manage the entries as well.
Phil
On 10/13/05, rubix cube <[EMAIL PROTECTED]> wrote:
- Re: [ActiveDir] Reverse DNS Phil Renouf
- Re: [ActiveDir] Revers... Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
- Re: [ActiveDir] Re... Phil Renouf
- RE: [ActiveDir... Rick Kingslan
