Solved

NSLOOKUP does not return an response for a reverse zone request from a child domain

Posted on 2008-10-06
9
604 Views
Last Modified: 2012-05-05
My environment has a parent domain (alpha.com) and a child domain (euorpe.alpha.com).  When I attempt an NSLOOKUP for a reverse zone while on a machine in the alpha.com domain, and the reverse lookup request is for a machine on the euorpe.alpha.com domain, I recieve an error: "dc01.alpha.com can't find 10.15.x.x: Non-existent domain".  It appears I cannot do a reverse lookup via nslookup for machines in child domains.  If I goto the europe.alpha.com domain, I can perform this reverse lookup with no problem.

What could cause this inability to query a pointer record in a child domains dns structure.
0
Comment
Question by:dgeile
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 18

Expert Comment

by:Americom
ID: 22652887
make sure the DNS server of aplpha.com consiste the reverse zone of theeurope.alpha.com. If not, you may want to replicate(transfer) it there. There is a few options you can do this depending on how your DNS infrastructure is setup. One common one is secondary zone of europe.alpha.com in alpha.com.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 22652928

For the Reverse Lookup Zone... it will only show you answers from that zone in one of two circumstances:

1. The server you ask is authoritative
2. A delegation, forwarder or other resolution path exists

The second simply means that you won't be able to resolve PTR records unless you can find the zone hosting the record from the server you ask. Remember that Reverse Lookup zones are not delegated simply because the Forward is.

Chris
0
 

Author Comment

by:dgeile
ID: 22652946
It does work if I transfer the reverse zone to alpha.com, but was not aware that that was a requirement.  I assumed since forward zones of child domains were not in the parent zone, the reverse zone could also remain separate.  Should I make all reverse zones available on all domains in the forest?  Is there another option?
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 18

Accepted Solution

by:
Americom earned 125 total points
ID: 22652979
Yes, if you want to be able to do reverse lookup from alpha.com.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 22652991

> I assumed since forward zones of child domains were not in the parent zone, the reverse zone could
> also remain separate.

No, but the child is likely to be delegated for the Forward Lookup. Do you see a greyed out folder for the child domain in the parent?

Delegations on reverse lookup zones aren't automatically added, unlike delegations for the Foward which should have been added when the child domain was created.

For the Reverse you either need to create a delegation for the sub-domain or create a Secondary copy, or increase the scope so the reverse lookup zone replicates to the parent domain as well.

If you want to look more into the delegation please let me know the Reverse Lookup Zone name in the parent as well. The delegation will only work if you host the parent. e.g. 10.x.x.x or 10.in-addr.arpa.

Conditional Forwarders would work as well, except you cannot maintain those through the GUI unless you upgrade to Server 2008 (due to bad design in 2003), limits us a bit.

Chris
0
 
LVL 18

Expert Comment

by:Americom
ID: 22652998
Samething if you have multiple forest, and want to be ablet o do nslookup both forward and reverse, sure, you need to duplicate them.
0
 
LVL 18

Expert Comment

by:Americom
ID: 22653011
BTW, are you using ADIZ?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 22653013

You don't necessarily need to duplicate them at all. It depends on the environment and configuration. Reverse Lookup Zones can be forwarded or delegated in the same way as Forward Lookup Zones.

Chris
0
 

Author Closing Comment

by:dgeile
ID: 31503536
I will replicate the reverse zones to the other child domians to allow nslookups on reverse zones throughout the enterprise.  It is the simplest solution with little overhead.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article runs through the process of deploying a single EXE application selectively to a group of user.
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question