Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 615
  • Last Modified:

NSLOOKUP does not return an response for a reverse zone request from a child domain

My environment has a parent domain (alpha.com) and a child domain (euorpe.alpha.com).  When I attempt an NSLOOKUP for a reverse zone while on a machine in the alpha.com domain, and the reverse lookup request is for a machine on the euorpe.alpha.com domain, I recieve an error: "dc01.alpha.com can't find 10.15.x.x: Non-existent domain".  It appears I cannot do a reverse lookup via nslookup for machines in child domains.  If I goto the europe.alpha.com domain, I can perform this reverse lookup with no problem.

What could cause this inability to query a pointer record in a child domains dns structure.
0
dgeile
Asked:
dgeile
  • 4
  • 3
  • 2
1 Solution
 
AmericomCommented:
make sure the DNS server of aplpha.com consiste the reverse zone of theeurope.alpha.com. If not, you may want to replicate(transfer) it there. There is a few options you can do this depending on how your DNS infrastructure is setup. One common one is secondary zone of europe.alpha.com in alpha.com.
0
 
Chris DentPowerShell DeveloperCommented:

For the Reverse Lookup Zone... it will only show you answers from that zone in one of two circumstances:

1. The server you ask is authoritative
2. A delegation, forwarder or other resolution path exists

The second simply means that you won't be able to resolve PTR records unless you can find the zone hosting the record from the server you ask. Remember that Reverse Lookup zones are not delegated simply because the Forward is.

Chris
0
 
dgeileAuthor Commented:
It does work if I transfer the reverse zone to alpha.com, but was not aware that that was a requirement.  I assumed since forward zones of child domains were not in the parent zone, the reverse zone could also remain separate.  Should I make all reverse zones available on all domains in the forest?  Is there another option?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
AmericomCommented:
Yes, if you want to be able to do reverse lookup from alpha.com.
0
 
Chris DentPowerShell DeveloperCommented:

> I assumed since forward zones of child domains were not in the parent zone, the reverse zone could
> also remain separate.

No, but the child is likely to be delegated for the Forward Lookup. Do you see a greyed out folder for the child domain in the parent?

Delegations on reverse lookup zones aren't automatically added, unlike delegations for the Foward which should have been added when the child domain was created.

For the Reverse you either need to create a delegation for the sub-domain or create a Secondary copy, or increase the scope so the reverse lookup zone replicates to the parent domain as well.

If you want to look more into the delegation please let me know the Reverse Lookup Zone name in the parent as well. The delegation will only work if you host the parent. e.g. 10.x.x.x or 10.in-addr.arpa.

Conditional Forwarders would work as well, except you cannot maintain those through the GUI unless you upgrade to Server 2008 (due to bad design in 2003), limits us a bit.

Chris
0
 
AmericomCommented:
Samething if you have multiple forest, and want to be ablet o do nslookup both forward and reverse, sure, you need to duplicate them.
0
 
AmericomCommented:
BTW, are you using ADIZ?
0
 
Chris DentPowerShell DeveloperCommented:

You don't necessarily need to duplicate them at all. It depends on the environment and configuration. Reverse Lookup Zones can be forwarded or delegated in the same way as Forward Lookup Zones.

Chris
0
 
dgeileAuthor Commented:
I will replicate the reverse zones to the other child domians to allow nslookups on reverse zones throughout the enterprise.  It is the simplest solution with little overhead.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now