Creating reverse lookup zone with wider subnet mask

My Active Directory server is also a DNS server. Right now there is a reverse lookup zone of 192.16.172.in-addr.arpa which is fine for anything in the IP range of 172.16.192.0/24. However, I need a reverse lookup zone that can handle 172.16.192.0/21. How do I set this up?
LVL 22
Russ SuterAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
When you are working with your Reverse Zones they are not slash notation specific (/24) by default, when you are using the NetworkID. You need to modify the Reverse Zone Name. So rather than using the NetworkID you need to use the Reverse Lookup Zone Name.

So for /21 Reverse notation should look like below...
2048/21.100.168.192.in-addr.arpa

You can also reference the MS KB below for additional details.
https://support.microsoft.com/en-us/kb/174419

Will.
0
matrix8086Commented:
If your range it will be from 172.16.192.0 to 172.16.199.255 (21 bits range) the reverse IP notation must be

192/21.16.172.in-addr.arpa

Best regards
0
Will SzymkowskiSenior Solution ArchitectCommented:
Matrix i do not believe you are correct. Based on the article it is

#ofhost/subnet.reverse ip
2048/21.192.16.172.in-addr.arpa

Will.
0
Redefine Your Security with AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Check out our on-demand webinar to learn more about how AI can help your organization!

matrix8086Commented:
@Will: Where did you see that in the article??? Copy/paste from your article:

The syntax

Delegated subnetted reverse lookup zones can be used to transfer administrative control between any parent and child IN-ADDR.ARPA zone in the DNS. Common configurations involve an ISP (Parent) delegating to a Customer Site (Child) or a Corporate Headquarters (Parent) delegating to a Corporate Remote Site (Child). Because the ISP scenario is most typical, it will be used in the following example.

When creating classless reverse lookup zones, you may use notation such as the following:
<subnet>-<subnet mask bit count>.100.168.192.in-addr.arpa or

<subnet>/<subnet mask bit count>.100.168.192.in-addr.arpa or

<subnet>.<subnet mask bit count>.100.168.192.in-addr.arpa or

SubnetX<subnet>.100.168.192.in-addr.arpa (where X is the subnet number assigned by parent) or

<subnet>.100.168.192.in-addr.arpa
For example:
64-26.100.168.192.in-addr.arpa or

64/26.100.168.192.in-addr.arpa or

64.26.100.168.192.in-addr.arpa or

Subnet3.100.168.192.in-addr.arpa or

64.100.168.192.in-addr.arpa
This indicates that the subnetted reverse lookup zone is the 64 subnetwork that is using 26 bits for its subnet mask.
0
Will SzymkowskiSenior Solution ArchitectCommented:
Take a look at the link below.  in a /26 configuration 64 is the available addresses that this network can support (its actually 62 available addresses because you do not use NetworkID and Broadcast address)
http://www.aelius.com/njh/subnet_sheet.html

Or am i reading this wrong?

Will.
0
matrix8086Commented:
Will:

In a /26 configuration there are 64 IP addresses. You are right!

In a /21 configuration there are 2048 IP addresses. You are also right!

But you are making a confusion: 64 from 64/26 does not means the number of IP addresses, but the "network address" (starting address) and it is referring at the first address, which it cannot be allocated to a host (network address and broadcast address - the last one - which cannot be used neither on hosts, as you said, only 62 can be used).

So, 64/26 is referring to 192.168.100.64 - network address from the pool 192.168.100.64 to 192.168.100.127 which can be noted as 192.168.100.64/26 an has the notation of PTR 64/26.100.168.192.in-addr.arpa for reverse DNS record.

Best regards!
0
Russ SuterAuthor Commented:
So this debate now has me confused. I'd like to restate my original question which is:

How do I create a Reverse Lookup Zone for the IP range 172.16.192.0/21?
0
Russ SuterAuthor Commented:
Ultimately, none of these suggestions worked for me. I just created a separate reverse lookup zone for each IP range. It's not the prettiest but it did work and since my subnet only contains 8 different octets it's still manageable. I'd hate to do it on a class A subnet with a low bitmask though.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Russ SuterAuthor Commented:
The bickering on this question got confusing. Ultimately I just gave up and figured a way around it.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.