Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 621
  • Last Modified:

DNS server not showing reverse lookup as configured

Have a DNS primary and secondary, which hold data for customers hosting domains and servers at my server farm. One customer has a Linux IIS server, which sends email too. I configured it's IP address at his domain for mail2 (A recored) and configured a reverse lookup for it too (xxx105, mail2.domain.com). If you check what is the mail2.domain.com you get the correct IP address, but the revers check return the same IP instead of the mail2...
Is it an improper configuration of the DNS server? a problem with it?
I disabled recursive updates as suggested by Microsoft to save load off the DNS server - could it be this?
I tried also running a test (from the DNS MMC on the server) and the basic and the second one failed - even though it seems that the DNS is functioning.
What else should I do in order for this mail server to be verified correctly at ISPs and emails from it be accepted??
Thanks
0
Mbodik
Asked:
Mbodik
  • 9
  • 7
  • 2
1 Solution
 
omarfaridCommented:
Hi,

Two questions:

- Is your dns server is the authority for the reverse zone? Was the authority of the subnet being delegated to your dns server?

- Can you show the reverse lookup zone file?
0
 
MbodikAuthor Commented:
ok, I need a bit more information...
Regarding the first one:  where do I see what you are asking about? I created the reverse zone following the wizard without changing much. Type=Primary, Dynamic updates=none.
 Second: I can see the reverse zone, add or remove items from it, if that's what you asked.
0
 
Jan SpringerCommented:
Did you change the serial number and restart DNS after the PTR record addition?

Are you authoritative for the inverse zone of the customer?

Recursion allows clients to lookup domains that you are not authoritative for.

Queries allow clients to lookup domains that you are authoritative for.
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
omarfaridCommented:
Hi,

Sorry I was away from my terminal for some time.

Normally the reverse lookup of an IP address is done by reverting the 4 numbers of the ip address under the special domain IN-ADDR.ARPA

e.g.

If I have an IP address 195.170.1.10 then it will be 10.1.170.195.in-addr.arpa

This will be under the zone 1.170.195.in-addr-arpa

These zones are normally managed by ISPs. So, you may need to talk to your ISP to add a reverse lookup record (PTR) to map your ip to your server name.

0
 
MbodikAuthor Commented:
Hi Omarfarid,

The problem is that I am the one holding the DNS... I have set up exactly as you mentioned - checked and saw it is the same. The forward zone lets say is 10.11.12.x and it holds few domains, and the reverse zone is 12.11.10.in-addr.arpa.dns (looking at the properties). The reverse zone holds pointers to all the domains (like mail.domain etc.). In there you have the pointer to the mail server I mentioned (mail2).
0
 
MbodikAuthor Commented:
Hi Jesper,

If you mean that the DNS (domain) is hosted at my DNS server that yes, I am the authoritative for the inverse zone of the customer. There is no other DNS server responsible to these domains.
I did not restart immedietly afterwards, but since then I restarted the server so I guess it is the same.
0
 
Jan SpringerCommented:
Sorry -- have been out of commission for a couple of days.

If the problem still exists, could you identify the public IP so that I can check it?  Or, put a document with the info on a web page, I'll grab it, and you can delete it.
0
 
MbodikAuthor Commented:
Hi Jesper,
Do you have a junk yahoo or similiar email account that I can email the info to you? Than we could continue here. Just don't really want to post all the info here - only the question and the reply / solution...
0
 
MbodikAuthor Commented:
To Jesper again - If you want it on a web page I could do that too, it will take me a bit longer though...
0
 
Jan SpringerCommented:
It would be easier.  I don't have a yahoo/gmail/msn account.  I'll get an email when you post the URL.  I'll grab the info and post a message.
0
 
MbodikAuthor Commented:
Hi Jesper,
www.itech.co.il
0
 
Jan SpringerCommented:
got it thanks.
0
 
Jan SpringerCommented:
Has your ISP delegated (via DNS) this in-addr network to you?   It does not appear as if that's been done.
0
 
MbodikAuthor Commented:
Don't understand - what should they do? If they give me say hundred IPs, do they have to release the in-addr too? does it not come with the "IP"? What should I ask them?
0
 
Jan SpringerCommented:
If they allocate or assign a netblock to you and you want to perform your own in-addr resolution, they must delegate those IPs within their in-addr DNS server.

Call them and ask them to delegate (via DNS) the network block(s) in question.
0
 
MbodikAuthor Commented:
I will, hope that this is the problem - how do you see that this is the issue?
Have any idea why is my DNS test (one of the tabs in the properties) not working - see above description.
0
 
Jan SpringerCommented:
Without details of the internal network, I can't answer that question.

All I can tell you is that the allocation does not appear to h ave been delegated to  you.

So even if you can reach it internally, the rest of us won't be able to resolve those IP addresses.
0
 
MbodikAuthor Commented:
There is no "internal network" since it is a server farm of the ISP, and each customer (me for example) are given an IP chunk according to their needs and than I give each server a spacific IP. That's pretty much all there is. I setup each server with the IP I choose, and the ISP DNS and Router in the IP configuration.
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

  • 9
  • 7
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now