?
Solved

A remote site having issues with reverse lookup against our domain

Posted on 2012-03-27
6
Medium Priority
?
332 Views
Last Modified: 2012-04-08
Hi Experts,

I'm a part of a .mil organization with a group of users that are trying to reach a website that is part of another .mil domain not within our forest. They can access the website just fine, but the website performs a reverse lookup before giving a user access to a group of subsystems; if the user's public IP does not reverse back to a .mil host then you will be denied some of your access. This is the current problem this website is having. I called the DNS folks that the particular .mil website points to and I confirmed that they can not perform a reverse lookup using nslookup from their workstation as well. I should also note that they CAN perform a forward lookup on our records just fine.

My first step to make sure that the problem was not on our end was to run a reverse lookup of our namespace using public dns lookup tools, such as www.mxtoolbox.com. I can perform a forward and reverse lookup against our proxy hostname and a few other nodes as well without issue. I also confirmed with my directory service folks in charge of DNS that all of our records are in place.

Does anyone know what the potential problem may be? What things should I be looking for when a remote site can perform a forward lookup, but not a reverse lookup. No other known remote site is having this issue with hitting our PTR record... just this one site it seems.
0
Comment
Question by:kj_syence
  • 3
  • 2
6 Comments
 
LVL 17

Expert Comment

by:Sajid Shaik M
ID: 37771107
create a new forward lookupzone in your forest with the name of other .mil and crate a and ptr record point that website to the remote address.

what i beleave if users try to resolve the site it'll resolve by local domain... name without any issue.

and hopefully the reverse.. too


try if it solves your issue...
0
 
LVL 1

Author Comment

by:kj_syence
ID: 37771666
Hi,

I hope I understood what you're saying, but it's not us having the issue resolving the website. We can perform successful forward and reverse lookups against them just fine. It's the website that is having the issue running rDNS against our namespace.
0
 
LVL 41

Accepted Solution

by:
footech earned 2000 total points
ID: 37790176
So if I'm understanding what you've described correctly, if you were to go to http://www.whatismyip.org, and it returned your IP as 100.200.300.400, what you need is a PTR record for 100.200.300.400 that points back at "something.whatever.mil".  If this is already the case and there's still a problem, then I would say it's a matter of where the other site is performing its reverse lookups (i.e. performing lookups against an internal server only that isn't recursively going out to the internet).
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:kj_syence
ID: 37797866
footech,

Thanks for the response. If the far site had issues recursively going out to the internet, would'nt that also affect them pulling our A Records? Forward lookup is working just fine.
0
 
LVL 41

Assisted Solution

by:footech
footech earned 2000 total points
ID: 37803001
Assuming that their DNS has no knowledge of your domain, that is correct.

Are there other sites that do this same check, which work correctly?

If I were you I would ask to see the results of their nslookup on your IP.  The only other thing I can think of would be that they have a bad entry in their cache which isn't getting cleared out.  If they can run "nslookup <yourIP>" and get an error, but run "nslookup <yourIP> 8.8.8.8" and it returns fine, you know something is wrong with their DNS.
0
 
LVL 1

Author Closing Comment

by:kj_syence
ID: 37821082
Ultimately it was the far site creating a reverse lookup zone which interfered with recursion for our IP range.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most DNS problems are VERY easily troubleshot and identifiable if you can follow the steps a DNS query takes. I would like to share the step-by-step a DNS query takes from the origin to the destination. _____________________________________________…
There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question