Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Configuring Subnetted Reverse DNS

Posted on 2012-08-19
Medium Priority
Last Modified: 2012-08-24

I have a main headquarters (HO) and various branch sites with the following subnets:

HO -
Site1 –
Site2 –
Site3 –
Site4 –

Each branch site does not have a local DNS server.  All hosts at the branches use the DNS server (2008 R2) at HO for name resolution.  Ideally, I would like to create separate Reverse DNS Lookup Zones for each site taking into account the /26 instead of the default classful /24 boundary when a zone is created.  

I have read articles such as http://support.microsoft.com/kb/174419, however it goes into delegation with parent/child etc. which I don’t believe is applicable in my situation as the branches have no DNS servers of their own.   Any clarification and assistance would be greatly appreciated.

Thank you!
Question by:charman100
  • 2
  • 2
LVL 20

Expert Comment

by:Svet Paperov
ID: 38310031
Is there any reason to do that? There is NO any advantages of splitting the Reverse DNS lookup zone. The reverse dns lookup zone serves only to get the FQDN of a host from its IP address and only the IT support tools like ping -a could make use of that information. In AD domain the reverse dns lookup zone is optional.

Expert Comment

ID: 38310411
The reverse lookup zones can be classless for class a and class b addresses, but for class c address, you should just rely the single class C range. As long as all the networks can be supernet into a single class C network, there is no need for them to be divided. More information on planning the reverse lookup can be found on technet (http://technet.microsoft.com/en-us/library/cc961414.aspx)

In your case, you need a three reverse zones, one for each class C network.

Best of Luck!

Author Comment

ID: 38312466
Unfortunately, I inherited the subnets as they are.  My preference would have been for each site have a /24.  I currently do have 3 zones configured as suggested.  I understand that there is no need or technical benefit to splitting it further and that limiting the number of zones can simplify things and even be a best practice.  However for organizational purposes, having records from 2 different sites in one zone doesn't feel "clean".  If anyone can let me know if it can be done it would be greatly appreciated.  If not, I'll have to accept the current configuration of 3 zones.

LVL 20

Accepted Solution

Svet Paperov earned 1000 total points
ID: 38312620
Cannot be done and, as I know, it is not supported by IPv4 DNS. More on the subject: http://www.apnic.net/apnic-info/whois_search/about-whois/what-is-in-whois/reverse-dns (there is a User Guide in PDF in the bottom of the page).

Assisted Solution

SebastianAbbinanti earned 1000 total points
ID: 38312648
That absolutely right, IPv4 DNS is classful in this way. I think you'll have to settle for the three zone configuration. If it any conciliation, all the sites are in the same forward lookup zone anyway.


Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
A safe way to clean winsxs folder from your windows server 2008 R2 editions
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question