So you have a publicly accessible DNS server that you manage and is in
your DMZ and an internally accessible DNS server that is on your
internal network. Is that right?
You have a domain on your publicly accessible DNS server for your
public servers (web, email etc.) and currently you only have a forward
lookup zone created on that DNS server. What you want is to be able to
also host reverse DNS for the subnet that you were given by your ISP?
If that is the case then the advice has been given; talk to your ISP
and have them delegate that subnet to your DNS server and setup a
reverse lookup zone on your publicly accessible DNS server. That or
have your ISP host the reverse lookup zone, although that would
require them to manage the entries as well.
Phil
On 10/13/05, *rubix cube* <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>
wrote:
I have 2 internal DNS's, one on the DMZ zone which hosts the
public IPs of the servers we publish (email, website, systems,
etc... around 15 IPs) and the other DNS which resolves only the
internal IPs, I wanted to setup the reverse DNS and publish my
internal DNS (the one at the DMZ) because am not sure about my
ISP. I went through some trouble trying to create an SPF record
with him, and I don't have any control panel or tools for my
records on his side
On 10/13/05, *Ed Crowley [MVP]* <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
I can't fathom why any organization would "have to".
Ed Crowley MCSE+Internet MVP
Freelance E-Mail Philosopher
Protecting the world from PSTs and Bricked Backups!™
------------------------------------------------------------------------
*From:* [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> [mailto:
[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>] *On Behalf Of
*Derek Harris
*Sent:* Wednesday, October 12, 2005 3:35 PM
*To:* [email protected]
<mailto:[email protected]>
*Subject: *RE: [ActiveDir] Reverse DNS
I agree with Aric's advice: don't expose your internal DNS
server unless you "have to." Network Solutions hosts my DNS
records, and I can manage them myself using their web-based
tools. The only gripe I've got with them is that they won't
host SPF records.
------------------------------------------------------------------------
*From:* [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> [mailto:
[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>] *On Behalf Of
*Bernard, Aric
*Sent:* Wednesday, October 12, 2005 3:08 PM
*To:* [email protected]
<mailto:[email protected]>
*Subject:* RE: [ActiveDir] Reverse DNS
You probably do not want to go out and expose your internal
DNS server (presumably supporting your internal forest) to the
Internet. Your internal DNS names and IP addresses should
remain private, unless of course you are using public IP
addresses internally and in such a case you would only want to
expose those required externally.
It is highly likely that your ISP already has some form of a
reverse lookup zone in place for your subnet even if it only
has generic records. If that is the case, I would probably go
about just having them modify the existing zone altering the
existing records with the proper names of your systems unless
you cannot depend on them for timely changes (find another
ISP) or you have a lot of PTR records that need to be
published externally or the records you do publish will be
fairly dynamic.
Regards,
Aric
------------------------------------------------------------------------
*From:* [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
[mailto:[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>] *On Behalf Of
*rubix cube
*Sent:* Wednesday, October 12, 2005 1:44 PM
*To:* [email protected]
<mailto:[email protected]>
*Subject:* Re: [ActiveDir] Reverse DNS
Thanks all,
And when I configure the DNS reverse zone on my internal DSN
server and ask my ISP to delegate my subnet (We pay monthly
fees for the subnet and internet access), then anything else I
should do? to my internal DNS, should I publish my internal
DNS? or is it enough to keep it hte same way?
Also assuming that I want the ISP to configure the reverse dns
for me, I just ask them to add a reverse DNS for my subnet?
Thanks
r.c.
On 10/12/05, *Brian Desmond* < [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
*That's not entirely true. Your ISP will need to delegate your
subnet(s) to your DNS servers if you want to run your own
reverse DNS. If you own yoru subnet, you need to work with the
registrar to get the delegation. *
* *
**Thanks,***
**Brian Desmond***
** [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
**c - 312.731.3132**
------------------------------------------------------------------------
*From:* [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
[mailto:[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>] *On Behalf Of *Ed
Crowley [MVP]
*Sent:* Wednesday, October 12, 2005 1:02 PM
*To:* [email protected]
<mailto:[email protected]>
*Subject:* RE: [ActiveDir] Reverse DNS
It's likely that your ISP will have to host your Internet
reverse zone if they own your IP addresses. Really, you're
going to have to ask them.
Ed Crowley MCSE+Internet MVP
Freelance E-Mail Philosopher
Protecting the world from PSTs and Bricked Backups!™
------------------------------------------------------------------------
*From:* [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> [mailto:
[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>] *On Behalf Of
*rubix cube
*Sent:* Wednesday, October 12, 2005 9:47 AM
*To:* [email protected]
<mailto:[email protected]>
*Subject:* [ActiveDir] Reverse DNS
Hi list,
How do you exactly configure a reverse DNS zone? which type
should it be? (standard, primary, active directory
integrated), should it allow for zone transfer, if I want to
configure it on my internal DNS server (which doesn't do any
zone transfers with any one else its only internal, but it can
resolve external names), how should I do that? I need it for
my email that is being rejected for the lack of a reverse DNS
setup. Also do I need to do anything with my ISP, ask him to
do anything for my name records in his database?
Thanks,
r.c.
