Adding Reverse Lookup Zones

[dave Admin]

Network is Server2003, SP1. Three DNS servers, ActiveDirectory-Integrated.
One in each location, each being a different subnet. Only the first DNS
server established has the reverse lookup zones for the three subnets,
192.168.151.0, 192.168.189.0, and 192.168.160.0. Every time I try to
manually add these to the Reverse Lookup Zones on the DNS servers using the
wizard it does not come out right. On the first DNS server I have
192.in-addr.arpa. Under that I have a folder for 168 and under that the
folders for each of the three subnets.

How do I get these Reverse lookup zones setup correctly.?????

dave Admin (but not DNS smart)

 

[Kurt]

Every time I try to manually add these to the Reverse Lookup Zones

What are "these"? PTR records? Are you selecting new -> pointer?

....kurt

 

[Ace Fekay [MVP]]

In

Network is Server2003, SP1. Three DNS servers,
ActiveDirectory-Integrated. One in each location, each being a
different subnet. Only the first DNS server established has the
reverse lookup zones for the three subnets, 192.168.151.0,
192.168.189.0, and 192.168.160.0. Every time I try to manually add
these to the Reverse Lookup Zones on the DNS servers using the wizard
it does not come out right. On the first DNS server I have
192.in-addr.arpa. Under that I have a folder for 168 and under that
the folders for each of the three subnets.
How do I get these Reverse lookup zones setup correctly.?????

dave Admin (but not DNS smart)

Right-click Reverse Lookup Zones, New, for each, type in:
192.168.151
192.168.160
192.168.189

next next, choose zone type (Primary or AD Integrated), finish. If these are
DCs, I would choose AD Integrated.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.

Not sure how? It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Windows Server Directory Services
Microsoft Certified Trainer
Assimilation Imminent. Resistance is Futile.
Infinite Diversities in Infinite Combinations.

The only thing in life is change. Anything more is a blackhole consuming
unnecessary energy.
===========================

 

[dave Admin]

Kurt
I am selectin NEW, ZONE

There are no other options.

dave

 

[dave Admin]

This makes no sense to me. When I follow this guidance I end up with
different Reverse zones on the servers than exist on the PDC which was the
first DNS server. The DNS system is Active Directory Integrated.

I end up with a separate zone for each of the subnets, not the same folder
and subfolder structure as the Reverse zones in the PDC.

I am totally confused here.

dave


"Ace Fekay [MVP]"

 

[Ace Fekay [MVP]]

In

This makes no sense to me. When I follow this guidance I end up with
different Reverse zones on the servers than exist on the PDC which
was the first DNS server. The DNS system is Active Directory
Integrated.
I end up with a separate zone for each of the subnets, not the same
folder and subfolder structure as the Reverse zones in the PDC.

I am totally confused here.

dave

I am assuming the DCs are all in the same domain and that you are having NO
problems with AD replication. If you have Sites configured, youwill need to
wait for the site schedule to run for replication happen before you see it
on the other servers. If you are trying to add a zone on one machine, and
the zone exists elsewhere, it will look at it as a conflict and not show up
or just see the old one. The rule with AD Integrated zones is create them on
ONE domain controller, make sure DNS is installed on the other DCs, and the
zone will magically appear (with due patience) after replication happens. If
you are trying to beat the system, that can cause issues.

The method I described will give you the separate zones you want. You may
need to delete all of them and wait for replication to occur so the deletion
is seen by all DCs, then try again. If you are still having problems, I
would use ADSI Edit to check the DomainNC container to see if there is a
conflicting zone signified by a CNF_ prefix. Delete them if they exist and
start from scratch.

Ace

 

[dave Admin]

Ace,

Thanks for the help, I opened ADSIEDIT but was totally unable to locate
anything like a "DomainNC" container??

Please advise where this might be.

Are you suggesting I delete the reverse lookup zones on the PDC and then
recreate them??

dave Admin


"Ace Fekay [MVP]"

 

[Ace Fekay [MVP]]

In

Ace,

Thanks for the help, I opened ADSIEDIT but was totally unable to
locate anything like a "DomainNC" container??

Please advise where this might be.

Are you suggesting I delete the reverse lookup zones on the PDC and
then recreate them??

dave Admin

Since this is 2003, you have to add the context for each partition you want
to see. This will explain it:

kbAlertz- (867464) - Explains how to use ADSI Edit to resolve a replication
scope conflict.:
http://www.kbalertz.com/kb_867464.aspx

Ace

 

[dave Admin]

Ace.

This is interesting. The article relates to an event ID in the DNS server
log. The DNS server log on the server with this issue is empty, there are
no entries. I double-checked the properties and DNS is setup to record a
log for ALL events. There are also no error events in the DNS Event Viewer.

dave


"Ace Fekay [MVP]"

 

[Ace Fekay [MVP]]

In

Ace.

This is interesting. The article relates to an event ID in the DNS
server log. The DNS server log on the server with this issue is
empty, there are no entries. I double-checked the properties and DNS
is setup to record a log for ALL events. There are also no error
events in the DNS Event Viewer.
dave

Hmm, I wouldn't necessarily go with whether a log entry is recorded or not
if there are dupes in the zone. Matter of fact, one time I saw the error
popup on the screen when I attempted to change the replication scope of a
zone for a person who needed hel with this. The error showed up as "Name you
are attempting on the network interface it too long". (Close if not exact).
I just stared at that trying to make heads or tails out of it. I looked in
the Event viewer and it showed nothing regarding this thing. I then looked
into ADSIEdit for the DomainNC, DomainDnsZones and ForestDnsZones
application partition, and that's when I saw there were dupes and a bunch of
CNFs. I simply change the zone to non-AD integrated, forced all DCs to
replicate, then deleted ALL the CNFs I found, then reset it to AD integrated
and set the scope I wanted and it worked.

I thought this may be the issue you are seeing and is why I suggested to use
ADSI Edit to at least double check it.

Ace

 

[dave Admin]

Ace,

That is interesting and apparently not the issue I had. Finally solved the
ID ten T ( idiot) award. On a tech support site I posted the same issue and
it was suggested that while I had setup the forward zones as AD Integrated
perhaps I had not setup the reverse zones as AD Integrated. I had not, I
had assumed (that's where the idiot comes in) that DNS was either AD
Integrated or not, I now know that is not true. Once I changed the Reverse
zone to AD Integrated and waited overnight for replication, both my problems
disappeared, the Reverse Zones are properly replicating to all DNS servers
and the dynamic updates are no longer "pending" in the DNS tab of DHCP for
the DNS servers that had no reverse zones.

Thanks for all the input, I've learned much

dave Admin


"Ace Fekay [MVP]"

 

[Ace Fekay [MVP]]

In

Ace,

That is interesting and apparently not the issue I had. Finally
solved the ID ten T ( idiot) award. On a tech support site I posted
the same issue and it was suggested that while I had setup the
forward zones as AD Integrated perhaps I had not setup the reverse
zones as AD Integrated. I had not, I had assumed (that's where the
idiot comes in) that DNS was either AD Integrated or not, I now know
that is not true. Once I changed the Reverse zone to AD Integrated
and waited overnight for replication, both my problems disappeared,
the Reverse Zones are properly replicating to all DNS servers and the
dynamic updates are no longer "pending" in the DNS tab of DHCP for
the DNS servers that had no reverse zones.
Thanks for all the input, I've learned much

dave Admin

Hmm, well at least I'm glad you posted that. I wouldn't have realized you
didn't make it AD Integrated, and has assumed so. That was one of the steps
I mentioned as an option way back in the thread.

Glad you figured it out. Curious, what tech site did you post in?

Ace