Solved

A remote site having issues with reverse lookup against our domain

Posted on 2012-03-27
6
328 Views
Last Modified: 2012-04-08
Hi Experts,

I'm a part of a .mil organization with a group of users that are trying to reach a website that is part of another .mil domain not within our forest. They can access the website just fine, but the website performs a reverse lookup before giving a user access to a group of subsystems; if the user's public IP does not reverse back to a .mil host then you will be denied some of your access. This is the current problem this website is having. I called the DNS folks that the particular .mil website points to and I confirmed that they can not perform a reverse lookup using nslookup from their workstation as well. I should also note that they CAN perform a forward lookup on our records just fine.

My first step to make sure that the problem was not on our end was to run a reverse lookup of our namespace using public dns lookup tools, such as www.mxtoolbox.com. I can perform a forward and reverse lookup against our proxy hostname and a few other nodes as well without issue. I also confirmed with my directory service folks in charge of DNS that all of our records are in place.

Does anyone know what the potential problem may be? What things should I be looking for when a remote site can perform a forward lookup, but not a reverse lookup. No other known remote site is having this issue with hitting our PTR record... just this one site it seems.
0
Comment
Question by:kj_syence
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 16

Expert Comment

by:Shaik M. Sajid
ID: 37771107
create a new forward lookupzone in your forest with the name of other .mil and crate a and ptr record point that website to the remote address.

what i beleave if users try to resolve the site it'll resolve by local domain... name without any issue.

and hopefully the reverse.. too


try if it solves your issue...
0
 
LVL 1

Author Comment

by:kj_syence
ID: 37771666
Hi,

I hope I understood what you're saying, but it's not us having the issue resolving the website. We can perform successful forward and reverse lookups against them just fine. It's the website that is having the issue running rDNS against our namespace.
0
 
LVL 40

Accepted Solution

by:
footech earned 500 total points
ID: 37790176
So if I'm understanding what you've described correctly, if you were to go to http://www.whatismyip.org, and it returned your IP as 100.200.300.400, what you need is a PTR record for 100.200.300.400 that points back at "something.whatever.mil".  If this is already the case and there's still a problem, then I would say it's a matter of where the other site is performing its reverse lookups (i.e. performing lookups against an internal server only that isn't recursively going out to the internet).
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 1

Author Comment

by:kj_syence
ID: 37797866
footech,

Thanks for the response. If the far site had issues recursively going out to the internet, would'nt that also affect them pulling our A Records? Forward lookup is working just fine.
0
 
LVL 40

Assisted Solution

by:footech
footech earned 500 total points
ID: 37803001
Assuming that their DNS has no knowledge of your domain, that is correct.

Are there other sites that do this same check, which work correctly?

If I were you I would ask to see the results of their nslookup on your IP.  The only other thing I can think of would be that they have a bad entry in their cache which isn't getting cleared out.  If they can run "nslookup <yourIP>" and get an error, but run "nslookup <yourIP> 8.8.8.8" and it returns fine, you know something is wrong with their DNS.
0
 
LVL 1

Author Closing Comment

by:kj_syence
ID: 37821082
Ultimately it was the far site creating a reverse lookup zone which interfered with recursion for our IP range.
0

Featured Post

Turn Insights into Action

Communication across every corner of your business is essential to increase the velocity of your application delivery and support pipeline. Automate, standardize, and contextualize your communication processes with xMatters.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have a multi-homed DNS setup in windows, you can have issues with connectivity to the server that hosts the DNS services (or even member servers of your domain if this same DNS server is a DC). This is because windows registers all of its IPs…
Resolve DNS query failed errors for Exchange
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question