Solved

windows 2008 reverse dns zone for whole subnet?

Posted on 2012-12-20
3
1,738 Views
Last Modified: 2012-12-22
Hi,
We have a domain that used to be a flat network (172.17.2.0 /24), but was recently changed to include other subnets too, including 172.17.3.0/23 and 172.17.5.0/24.

I created a single reverse DNS zone called:
0.17.172.in-addr.arpa
But when i try to go to a forward DNS Host (A) record and update its PTR (for a host that's now on the 172.17.3.0/24 subnet), i get the error: "Warning: The associated PTR record cannot be created, probably because the referenced reverse lookup zone cannot be found".

What am I doin wrong?
0
Comment
Question by:Mystical_Ice
3 Comments
 
LVL 11

Expert Comment

by:BillBondo
ID: 38710736
Can you ping all the other subnets from each direction? By IP and name? I dont think you would need a reverse look up zone.
0
 
LVL 25

Accepted Solution

by:
DrDave242 earned 500 total points
ID: 38710857
From what I've read, you'll be better off creating separate class-C reverse lookup zones for 172.17.2.x, 172.17.3.x, and whatever other ranges are encompassed in your network than trying to create a single classless reverse lookup zone.  Dynamic updates don't work in a classless reverse zone, for example.
0
 

Author Closing Comment

by:Mystical_Ice
ID: 38716481
This is correct - for future reference if someone is reading this question with the same problem, with reverse DNS in windows 2008 you can only specify /8, /16, or /24 subnets (or 255.0.0.0, 255.255.0.0, or 255.255.255.0 subnets respectively).

Thus even though our 172.17.2.150 /23 (255.255.254.0) contains addresses from 172.17.3.0 through 172.17.4.255, I had to create two seperate reverse lookup zones:

0.4.17.172.in-addr.arpa
and
0.3.17.172.in-addr.arpa

Did that, and right away PTR records started getting created.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now