Hello,
Thanks in advance.

Current Setup:
2003AD Interim Mode
Server A: Win2K Primary Forward/Reverse Zone Lookups
Server B: Win2003 Secondary Zone Lookups
Zone Transfers work fine

Question:
Is best practice to configure a secondary 'reverse' lookup zone or am
I OK with only one?

-CB

> Current Setup:
> 2003AD Interim Mode
> Server A: Win2K Primary Forward/Reverse Zone Lookups
> Server B: Win2003 Secondary Zone Lookups
> Zone Transfers work fine
>
> Question:
> Is best practice to configure a secondary 'reverse' lookup zone or am
> I OK with only one?

You may optionally configure the reverse zones -- unless you have
some application which actually benefits from them. (unlikely but
possible.)

If you do configure them, it would seem you would want the same
fault tolerance and performance as you expect from the forward
lookups so you might as well configure the secondary too -- unless
you have a positive reason for not doing so.

Or not, since the reverse is likely doing very little for you anyway.
(Don't get me wrong, I have the Reverse zones on my own net.)

And you might want to make them "dynamic" if you want machines
to register automatically in them as well.

--
Herb Martin
"CB" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hello,
> Thanks in advance.
>
> Current Setup:
> 2003AD Interim Mode
> Server A: Win2K Primary Forward/Reverse Zone Lookups
> Server B: Win2003 Secondary Zone Lookups
> Zone Transfers work fine
>
> Question:
> Is best practice to configure a secondary 'reverse' lookup zone or am
> I OK with only one?
>
> -CB
>

I would disagree with the previous poster if you are hosting reverse zones
for public blocks. If you are doing reverse DNS for any public blocks from
this server then having a secondary for that reverse zone should be right up
there in importance as the forward zones. Reverse name space is becoming an
important tool in combating zombie systems that send spam. Please see:
RFC 2505
RFC 2317
RFC 1034
RFC 1035

Hope that helps.
Ed

"CB" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hello,
> Thanks in advance.
>
> Current Setup:
> 2003AD Interim Mode
> Server A: Win2K Primary Forward/Reverse Zone Lookups
> Server B: Win2003 Secondary Zone Lookups
> Zone Transfers work fine
>
> Question:
> Is best practice to configure a secondary 'reverse' lookup zone or am
> I OK with only one?
>
> -CB
>

"Ed Horley" <list-(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I would disagree with the previous poster if you are hosting reverse zones
> for public blocks. If you are doing reverse DNS for any public blocks
from
> this server then having a secondary for that reverse zone should be right
up
> there in importance as the forward zones. Reverse name space is becoming
an
> important tool in combating zombie systems that send spam. Please see:

You are not disagreeing with me on several counts:

1) I suggested that IF he has the zones, he should have secondaries
2) He almost certainly is not dealing with public blocks since it in
support of AD
3) IF he were dealing with public blocks they almost always belong to
the "ISP or NAP" (not the small company using them)

I agree with your comments as you posted them in fact.

--
Herb Martin

Herb/Ed,
Thank you for the suggestions.

I am using forwarders for external namespace.

-CB


On Mon, 19 Apr 2004 06:49:00 -0500, "Herb Martin"
<(E-Mail Removed)> wrote:

>"Ed Horley" <list-(E-Mail Removed)> wrote in message
>news:(E-Mail Removed)...
>> I would disagree with the previous poster if you are hosting reverse zones
>> for public blocks. If you are doing reverse DNS for any public blocks
>from
>> this server then having a secondary for that reverse zone should be right
>up
>> there in importance as the forward zones. Reverse name space is becoming
>an
>> important tool in combating zombie systems that send spam. Please see:
>
>You are not disagreeing with me on several counts:
>
> 1) I suggested that IF he has the zones, he should have secondaries
> 2) He almost certainly is not dealing with public blocks since it in
>support of AD
> 3) IF he were dealing with public blocks they almost always belong to
> the "ISP or NAP" (not the small company using them)
>
>I agree with your comments as you posted them in fact.

Forwarders have nothing to do with the zones that you hold
ON YOUR SERVERS.

It is extremely useful to separate the function of DNS -- at
least mentally -- into two different purposes:

1) Resolving names of YOUR resources
(or addresses in the case of reverse zones)

2) Helping your users resolve names/addresses (of ANY resource)

Forwarders are about completing the second item;
Zones you hold are about accomplishing the former.

And understand that many servers may do both, but in
DNS design, setup, and troubleshooting the two should
at least be considered separately.

--
Herb Martin
"CB" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Herb/Ed,
> Thank you for the suggestions.
>
> I am using forwarders for external namespace.
>
> -CB
>
>
> On Mon, 19 Apr 2004 06:49:00 -0500, "Herb Martin"
> <(E-Mail Removed)> wrote:
>
> >"Ed Horley" <list-(E-Mail Removed)> wrote in message
> >news:(E-Mail Removed)...
> >> I would disagree with the previous poster if you are hosting reverse
zones
> >> for public blocks. If you are doing reverse DNS for any public blocks
> >from
> >> this server then having a secondary for that reverse zone should be
right
> >up
> >> there in importance as the forward zones. Reverse name space is
becoming
> >an
> >> important tool in combating zombie systems that send spam. Please see:
> >
> >You are not disagreeing with me on several counts:
> >
> > 1) I suggested that IF he has the zones, he should have secondaries
> > 2) He almost certainly is not dealing with public blocks since it in
> >support of AD
> > 3) IF he were dealing with public blocks they almost always belong to
> > the "ISP or NAP" (not the small company using them)
> >
> >I agree with your comments as you posted them in fact.
>