Solved

DNS server not showing reverse lookup as configured

Posted on 2007-11-30
18
610 Views
Last Modified: 2012-08-13
Have a DNS primary and secondary, which hold data for customers hosting domains and servers at my server farm. One customer has a Linux IIS server, which sends email too. I configured it's IP address at his domain for mail2 (A recored) and configured a reverse lookup for it too (xxx105, mail2.domain.com). If you check what is the mail2.domain.com you get the correct IP address, but the revers check return the same IP instead of the mail2...
Is it an improper configuration of the DNS server? a problem with it?
I disabled recursive updates as suggested by Microsoft to save load off the DNS server - could it be this?
I tried also running a test (from the DNS MMC on the server) and the basic and the second one failed - even though it seems that the DNS is functioning.
What else should I do in order for this mail server to be verified correctly at ISPs and emails from it be accepted??
Thanks
0
Comment
Question by:Mbodik
  • 9
  • 7
  • 2
18 Comments
 
LVL 40

Expert Comment

by:omarfarid
Comment Utility
Hi,

Two questions:

- Is your dns server is the authority for the reverse zone? Was the authority of the subnet being delegated to your dns server?

- Can you show the reverse lookup zone file?
0
 

Author Comment

by:Mbodik
Comment Utility
ok, I need a bit more information...
Regarding the first one:  where do I see what you are asking about? I created the reverse zone following the wizard without changing much. Type=Primary, Dynamic updates=none.
 Second: I can see the reverse zone, add or remove items from it, if that's what you asked.
0
 
LVL 28

Expert Comment

by:Jan Springer
Comment Utility
Did you change the serial number and restart DNS after the PTR record addition?

Are you authoritative for the inverse zone of the customer?

Recursion allows clients to lookup domains that you are not authoritative for.

Queries allow clients to lookup domains that you are authoritative for.
0
 
LVL 40

Expert Comment

by:omarfarid
Comment Utility
Hi,

Sorry I was away from my terminal for some time.

Normally the reverse lookup of an IP address is done by reverting the 4 numbers of the ip address under the special domain IN-ADDR.ARPA

e.g.

If I have an IP address 195.170.1.10 then it will be 10.1.170.195.in-addr.arpa

This will be under the zone 1.170.195.in-addr-arpa

These zones are normally managed by ISPs. So, you may need to talk to your ISP to add a reverse lookup record (PTR) to map your ip to your server name.

0
 

Author Comment

by:Mbodik
Comment Utility
Hi Omarfarid,

The problem is that I am the one holding the DNS... I have set up exactly as you mentioned - checked and saw it is the same. The forward zone lets say is 10.11.12.x and it holds few domains, and the reverse zone is 12.11.10.in-addr.arpa.dns (looking at the properties). The reverse zone holds pointers to all the domains (like mail.domain etc.). In there you have the pointer to the mail server I mentioned (mail2).
0
 

Author Comment

by:Mbodik
Comment Utility
Hi Jesper,

If you mean that the DNS (domain) is hosted at my DNS server that yes, I am the authoritative for the inverse zone of the customer. There is no other DNS server responsible to these domains.
I did not restart immedietly afterwards, but since then I restarted the server so I guess it is the same.
0
 
LVL 28

Expert Comment

by:Jan Springer
Comment Utility
Sorry -- have been out of commission for a couple of days.

If the problem still exists, could you identify the public IP so that I can check it?  Or, put a document with the info on a web page, I'll grab it, and you can delete it.
0
 

Author Comment

by:Mbodik
Comment Utility
Hi Jesper,
Do you have a junk yahoo or similiar email account that I can email the info to you? Than we could continue here. Just don't really want to post all the info here - only the question and the reply / solution...
0
 

Author Comment

by:Mbodik
Comment Utility
To Jesper again - If you want it on a web page I could do that too, it will take me a bit longer though...
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 28

Expert Comment

by:Jan Springer
Comment Utility
It would be easier.  I don't have a yahoo/gmail/msn account.  I'll get an email when you post the URL.  I'll grab the info and post a message.
0
 

Author Comment

by:Mbodik
Comment Utility
Hi Jesper,
www.itech.co.il
0
 
LVL 28

Expert Comment

by:Jan Springer
Comment Utility
got it thanks.
0
 
LVL 28

Expert Comment

by:Jan Springer
Comment Utility
Has your ISP delegated (via DNS) this in-addr network to you?   It does not appear as if that's been done.
0
 

Author Comment

by:Mbodik
Comment Utility
Don't understand - what should they do? If they give me say hundred IPs, do they have to release the in-addr too? does it not come with the "IP"? What should I ask them?
0
 
LVL 28

Accepted Solution

by:
Jan Springer earned 500 total points
Comment Utility
If they allocate or assign a netblock to you and you want to perform your own in-addr resolution, they must delegate those IPs within their in-addr DNS server.

Call them and ask them to delegate (via DNS) the network block(s) in question.
0
 

Author Comment

by:Mbodik
Comment Utility
I will, hope that this is the problem - how do you see that this is the issue?
Have any idea why is my DNS test (one of the tabs in the properties) not working - see above description.
0
 
LVL 28

Expert Comment

by:Jan Springer
Comment Utility
Without details of the internal network, I can't answer that question.

All I can tell you is that the allocation does not appear to h ave been delegated to  you.

So even if you can reach it internally, the rest of us won't be able to resolve those IP addresses.
0
 

Author Comment

by:Mbodik
Comment Utility
There is no "internal network" since it is a server farm of the ISP, and each customer (me for example) are given an IP chunk according to their needs and than I give each server a spacific IP. That's pretty much all there is. I setup each server with the IP I choose, and the ISP DNS and Router in the IP configuration.
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

Suggested Solutions

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now