Reverse Lookups

[Simon]

Hi,
Can you please clarify how I should best approach the
folowing.

I have two physical sites, a root(clean)and two child
domains with user accounts(one for each site) there is a
root DC at each site and a DC for each child domain at
each site.

Forward lookups are no problems they are AD intergrated.
Delegated from the root.

Site 1 - one.y.com
10.205.65.x
10.205.66.x

Site 2 - two.y.com
10.205.128.x
10.205.131.x
10.205.132.x

The reverse lookups are the problem. How do I allow the
DNS server in two.y.com when queried to resolve the
reverse lookup pointer on a DNS server in one.y.com.

I know I can create a secondary zone to do this but I
really want it AD intergrated ie dynamic.

The problem has been hignlighted by the fact I am adding
servers into the two.y.com domain that have 10.205.65.x
address as they are physicaly on site1.

 

[Ace Fekay [MVP]]

In

Hi,
Can you please clarify how I should best approach the
folowing.

I have two physical sites, a root(clean)and two child
domains with user accounts(one for each site) there is a
root DC at each site and a DC for each child domain at
each site.

Forward lookups are no problems they are AD intergrated.
Delegated from the root.

Site 1 - one.y.com
10.205.65.x
10.205.66.x

Site 2 - two.y.com
10.205.128.x
10.205.131.x
10.205.132.x

The reverse lookups are the problem. How do I allow the
DNS server in two.y.com when queried to resolve the
reverse lookup pointer on a DNS server in one.y.com.

I know I can create a secondary zone to do this but I
really want it AD intergrated ie dynamic.

The problem has been hignlighted by the fact I am adding
servers into the two.y.com domain that have 10.205.65.x
address as they are physicaly on site1.

From the child DNS servers, you would forward back to the Parent Domain's
DNS servers. From the PArent domain DNS servers, forward to your ISP. This
way it will resolve the whole infrastructure and Internet names.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Simon]

Thanks for your reply. I don't want to go to the internet
so I won't forward the root.

Forwarding is working from an AD perspective as I can
resolve FQDN of server in teh other domain.

However I am still confused how when I add a new server to
the two.y.com domain but it is the 10.205.65.x subnet
becuase it is on Site1 pouinting to DNS servers in its own
domain which are in Site2 the reverse can get created
automatically as the DNS server it is talking to does not
know about the reverse lookup.



Are you also saying if I have forwarding on to the root
from the domain I would be

 

[Ace Fekay [MVP]]

In

Thanks for your reply. I don't want to go to the internet
so I won't forward the root.

Forwarding is working from an AD perspective as I can
resolve FQDN of server in teh other domain.

However I am still confused how when I add a new server to
the two.y.com domain but it is the 10.205.65.x subnet
becuase it is on Site1 pouinting to DNS servers in its own
domain which are in Site2 the reverse can get created
automatically as the DNS server it is talking to does not
know about the reverse lookup.

Now I understand what you're trying to do, so it would be better for you to
create that reverse zone on whatever child DNS server is handling those
specific subnets for your child domain. Then allow zone transfers and create
a secondary on the other DNS servers (the one in the other child and the one
in the parent domain).

Delegation is for child zone control to another DNS server from the DNS
server handlong the parent domain zone. Does that make sense?

Are you also saying if I have forwarding on to the root
from the domain I would be

Yes, forward from the child to the parent only in that direction. This will
help resolve names, not reverse. With reverse, you'll need the secondary
zones.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[J.C. Hornbeck [MSFT]]

Typically you would delegate the child level zones to the respective child
DNS's from the DNS's at the parent. Then make sure the child DNS's forward
to the parent level DNS. If you do that then any server should be able to
resolve any A record or PTR record at all levels, regardless of which DNS
they query. If you need Internet access then simply configure a forwarder at
the parent level.

--
J.C. Hornbeck, MCSE
Microsoft Product Support

NOTE: Please reply to the newsgroup and not directly to me. This allows
others to add to and benefit from these threads and also helps to ensure a
more timely response. Thank you!

This posting is provided "AS IS" without warranty either expressed or
implied, including, but not limited to, the implied warranties of
merchantability or fitness for a particular purpose.

 

[Guest]

But that doesn't work still.

The server is on the site1 but is a member of the other
domain talking to the DNS server in the other site. If
those DNS Server just have a Secondary reverse lookup it
won't be able to dynamically add to it ?

 

[Ace Fekay [MVP]]

In

But that doesn't work still.

The server is on the site1 but is a member of the other
domain talking to the DNS server in the other site. If
those DNS Server just have a Secondary reverse lookup it
won't be able to dynamically add to it ?

Not sure what you mean by it doesn't work? If you create a Reverse Primary
Zone on any DNS server, preferably the DNS server that is handling that
subnet or site, then allow zone transfers, then go to another DNS server
that you want a copy of that zone, just *manually* create a Reverse
Secondary Zone stating the Master IP is the DNS server that you created the
Reverse Primary Zone on it.

Now if the DNS servers are all DCs, and they are in the same Domain, then
you can make that AD Integrated and they auto populate. But if they are not
in the same domain, they will not auto populate. Since you have mutliple
domains, my suggestions to make a Primary at whatever DNS is handling that
site/subnet and allow zone transfers and *manually* create Secondaries on
the other server will work. I've implemented this in numerous occasions for
my clients. One client has 6 sites and growing with 4 different domains, and
that;s what I had to do to make it work.

If it were W2k3, then I would have done it differently since that will allow
me to replicate the DNS application partitions to other domains so I can use
AD Integrated throughout the infrastructure.



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory