No reverse dynamic zones in W2K AD forest.

[Bill MT]

[Note: Initially posted this message to the DNS group,
however, after further reflection I thought maybe this
group actually was the correct group to answer this
question. - bill]

-----Original Message-----

A year ago I build a new W2K forest (root domain) and
then "upgraded" an NT4.0 domain into a second domain in
the forest. Prior to that we had a standard public DNS
structure for mostly non-MS (i.e Unix) devices and a few
WindowOS hosted services.

At the time of the migration (upgrade) to W2K we created
new internal-only forward zones for the W2K-AD on a couple
of the W2K DCs (we tied these to the traditional DNS
structure via glue records and forwards).

Because I didn't want to break the existing in-arpa
reverse zones at that time I elected not to change my
reverse zones to dynamic zones. Thus, my AD zones have
been running for a year without being able to do any
reverse lookups, but nothing appears to be broken. All
services (servers/clients) appear to work fine.

Does any MS OSs use/do reverse zone lookups?

What are the consequences of not having any in-addr.arpa
entries (no dynamic in-addr.arpa zones) for my AD forest,
domains, DCs, Clients. I'm even running E2K successfully
(having recently migrated from Exch5.5), at least as far
as I can tell.

Does AD (or the MS operating systems themeselves) require
or use reverse DNS lookups for any critical network
functionality.

If I had the reverse zones set dynamic (instead of the
current/original static zones) what AD records would be
populated into them, thus what am I missing (or breaking)
by not having reverse dynamic zones for my AD
infrastructure.

 

[ptwilliams]

Reverse zones are not needed by AD.

They are simply a nicety for administrators and troubleshooting.

I've heard people say that *some* apps needed reverse lookup zones, but I've
not yet come across any.


--

Paul Williams

http://www.msresource.net
http://forums.msresource.net
______________________________________
[Note: Initially posted this message to the DNS group,
however, after further reflection I thought maybe this
group actually was the correct group to answer this
question. - bill]

-----Original Message-----

A year ago I build a new W2K forest (root domain) and
then "upgraded" an NT4.0 domain into a second domain in
the forest. Prior to that we had a standard public DNS
structure for mostly non-MS (i.e Unix) devices and a few
WindowOS hosted services.

At the time of the migration (upgrade) to W2K we created
new internal-only forward zones for the W2K-AD on a couple
of the W2K DCs (we tied these to the traditional DNS
structure via glue records and forwards).

Because I didn't want to break the existing in-arpa
reverse zones at that time I elected not to change my
reverse zones to dynamic zones. Thus, my AD zones have
been running for a year without being able to do any
reverse lookups, but nothing appears to be broken. All
services (servers/clients) appear to work fine.

Does any MS OSs use/do reverse zone lookups?

What are the consequences of not having any in-addr.arpa
entries (no dynamic in-addr.arpa zones) for my AD forest,
domains, DCs, Clients. I'm even running E2K successfully
(having recently migrated from Exch5.5), at least as far
as I can tell.

Does AD (or the MS operating systems themeselves) require
or use reverse DNS lookups for any critical network
functionality.

If I had the reverse zones set dynamic (instead of the
current/original static zones) what AD records would be
populated into them, thus what am I missing (or breaking)
by not having reverse dynamic zones for my AD
infrastructure.

 

[Andrew Mitchell]

Reverse zones are not needed by AD.

They are simply a nicety for administrators and troubleshooting.

I've heard people say that *some* apps needed reverse lookup zones, but
I've not yet come across any.

If you are running a public DNS they are almost a necessity. A lot of mail
servers won't deliver mail unless they can confirm the identity of the host
sending the mail.