Solved

A remote site having issues with reverse lookup against our domain

Posted on 2012-03-27
6
323 Views
Last Modified: 2012-04-08
Hi Experts,

I'm a part of a .mil organization with a group of users that are trying to reach a website that is part of another .mil domain not within our forest. They can access the website just fine, but the website performs a reverse lookup before giving a user access to a group of subsystems; if the user's public IP does not reverse back to a .mil host then you will be denied some of your access. This is the current problem this website is having. I called the DNS folks that the particular .mil website points to and I confirmed that they can not perform a reverse lookup using nslookup from their workstation as well. I should also note that they CAN perform a forward lookup on our records just fine.

My first step to make sure that the problem was not on our end was to run a reverse lookup of our namespace using public dns lookup tools, such as www.mxtoolbox.com. I can perform a forward and reverse lookup against our proxy hostname and a few other nodes as well without issue. I also confirmed with my directory service folks in charge of DNS that all of our records are in place.

Does anyone know what the potential problem may be? What things should I be looking for when a remote site can perform a forward lookup, but not a reverse lookup. No other known remote site is having this issue with hitting our PTR record... just this one site it seems.
0
Comment
Question by:kj_syence
  • 3
  • 2
6 Comments
 
LVL 16

Expert Comment

by:Shaik M. Sajid
ID: 37771107
create a new forward lookupzone in your forest with the name of other .mil and crate a and ptr record point that website to the remote address.

what i beleave if users try to resolve the site it'll resolve by local domain... name without any issue.

and hopefully the reverse.. too


try if it solves your issue...
0
 
LVL 1

Author Comment

by:kj_syence
ID: 37771666
Hi,

I hope I understood what you're saying, but it's not us having the issue resolving the website. We can perform successful forward and reverse lookups against them just fine. It's the website that is having the issue running rDNS against our namespace.
0
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
ID: 37790176
So if I'm understanding what you've described correctly, if you were to go to http://www.whatismyip.org, and it returned your IP as 100.200.300.400, what you need is a PTR record for 100.200.300.400 that points back at "something.whatever.mil".  If this is already the case and there's still a problem, then I would say it's a matter of where the other site is performing its reverse lookups (i.e. performing lookups against an internal server only that isn't recursively going out to the internet).
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 1

Author Comment

by:kj_syence
ID: 37797866
footech,

Thanks for the response. If the far site had issues recursively going out to the internet, would'nt that also affect them pulling our A Records? Forward lookup is working just fine.
0
 
LVL 39

Assisted Solution

by:footech
footech earned 500 total points
ID: 37803001
Assuming that their DNS has no knowledge of your domain, that is correct.

Are there other sites that do this same check, which work correctly?

If I were you I would ask to see the results of their nslookup on your IP.  The only other thing I can think of would be that they have a bad entry in their cache which isn't getting cleared out.  If they can run "nslookup <yourIP>" and get an error, but run "nslookup <yourIP> 8.8.8.8" and it returns fine, you know something is wrong with their DNS.
0
 
LVL 1

Author Closing Comment

by:kj_syence
ID: 37821082
Ultimately it was the far site creating a reverse lookup zone which interfered with recursion for our IP range.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This article explains how a domain name may be inadvertently appended to all DNS queries. This exhibits as described below. (CODE)And / Or: (CODE) Cause This issue can occur in either of these two scenarios. EITHER 1. A Primary DNS S…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now