A remote site having issues with reverse lookup against our domain

Hi Experts,

I'm a part of a .mil organization with a group of users that are trying to reach a website that is part of another .mil domain not within our forest. They can access the website just fine, but the website performs a reverse lookup before giving a user access to a group of subsystems; if the user's public IP does not reverse back to a .mil host then you will be denied some of your access. This is the current problem this website is having. I called the DNS folks that the particular .mil website points to and I confirmed that they can not perform a reverse lookup using nslookup from their workstation as well. I should also note that they CAN perform a forward lookup on our records just fine.

My first step to make sure that the problem was not on our end was to run a reverse lookup of our namespace using public dns lookup tools, such as www.mxtoolbox.com. I can perform a forward and reverse lookup against our proxy hostname and a few other nodes as well without issue. I also confirmed with my directory service folks in charge of DNS that all of our records are in place.

Does anyone know what the potential problem may be? What things should I be looking for when a remote site can perform a forward lookup, but not a reverse lookup. No other known remote site is having this issue with hitting our PTR record... just this one site it seems.
LVL 1
kj_syenceAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sajid Shaik MSr. System AdminCommented:
create a new forward lookupzone in your forest with the name of other .mil and crate a and ptr record point that website to the remote address.

what i beleave if users try to resolve the site it'll resolve by local domain... name without any issue.

and hopefully the reverse.. too


try if it solves your issue...
0
kj_syenceAuthor Commented:
Hi,

I hope I understood what you're saying, but it's not us having the issue resolving the website. We can perform successful forward and reverse lookups against them just fine. It's the website that is having the issue running rDNS against our namespace.
0
footechCommented:
So if I'm understanding what you've described correctly, if you were to go to http://www.whatismyip.org, and it returned your IP as 100.200.300.400, what you need is a PTR record for 100.200.300.400 that points back at "something.whatever.mil".  If this is already the case and there's still a problem, then I would say it's a matter of where the other site is performing its reverse lookups (i.e. performing lookups against an internal server only that isn't recursively going out to the internet).
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Discover the Answer to Productive IT

Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.

kj_syenceAuthor Commented:
footech,

Thanks for the response. If the far site had issues recursively going out to the internet, would'nt that also affect them pulling our A Records? Forward lookup is working just fine.
0
footechCommented:
Assuming that their DNS has no knowledge of your domain, that is correct.

Are there other sites that do this same check, which work correctly?

If I were you I would ask to see the results of their nslookup on your IP.  The only other thing I can think of would be that they have a bad entry in their cache which isn't getting cleared out.  If they can run "nslookup <yourIP>" and get an error, but run "nslookup <yourIP> 8.8.8.8" and it returns fine, you know something is wrong with their DNS.
0
kj_syenceAuthor Commented:
Ultimately it was the far site creating a reverse lookup zone which interfered with recursion for our IP range.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.