ROBERTO PAREJA
asked on
PTR Record
I have a Windows 2008 R2 DNS server and need to create a PTR in my reverse zone. My ISP has already delegated the reverse zone for me to manage it.
The IP block assigned from my ISP is:
1.2.3.128/25
I have found on some websites that when creating the reverse zone, instead of the "/" I should use "-", in others say I should use "_". I have tried both and it is not working.
I have tried public tests from dnsstuff.com and mxtoolbox.com and both report that I have no PTR records.
Please if I can get some step by step information on how to create the zone name correctly, so then I can add the PTR records. I am attaching 2 screenshots for some of you guys to confirm the information I am writing. I am guessing that the error is on the screenshot # 2 (2.jpg) is where is my mistake is made.
If so, how should I correctly write the zone name?
3.2.1.in-addr.arpa.dns
128-25.3.2.1.in-addr.arpa. dns
25-128.3.2.1.in-addr.arpa. dns
128_25.3.2.1.in-addr.arpa. dns
25_128.3.2.1.in-addr.arpa. dns
128/25.3.2.1.in-addr.arpa. dns
25/128.3.2.1.in-addr.arpa. dns
A lot of outgoing emails are being rejected because there is no PTR defined.
Thanks,
1.jpg
2.jpg
The IP block assigned from my ISP is:
1.2.3.128/25
I have found on some websites that when creating the reverse zone, instead of the "/" I should use "-", in others say I should use "_". I have tried both and it is not working.
I have tried public tests from dnsstuff.com and mxtoolbox.com and both report that I have no PTR records.
Please if I can get some step by step information on how to create the zone name correctly, so then I can add the PTR records. I am attaching 2 screenshots for some of you guys to confirm the information I am writing. I am guessing that the error is on the screenshot # 2 (2.jpg) is where is my mistake is made.
If so, how should I correctly write the zone name?
3.2.1.in-addr.arpa.dns
128-25.3.2.1.in-addr.arpa.
25-128.3.2.1.in-addr.arpa.
128_25.3.2.1.in-addr.arpa.
25_128.3.2.1.in-addr.arpa.
128/25.3.2.1.in-addr.arpa.
25/128.3.2.1.in-addr.arpa.
A lot of outgoing emails are being rejected because there is no PTR defined.
Thanks,
1.jpg
2.jpg
Does this assist at all? https://www.youtube.com/watch?v=YxMpZVE7g_A
Your PTR record is to set by your ISP not the internal DNS. Your ISP should be configuring the PTR record at their end to point back to your external static IP address.
For example, the PTR for your MX record will point to the external IP address of your email server and when you send an email then the recipient will be able to verify that the IP address the email is coming from is mapped to your domain name.
For example, the PTR for your MX record will point to the external IP address of your email server and when you send an email then the recipient will be able to verify that the IP address the email is coming from is mapped to your domain name.
ASKER
Thanks K B, but it does not help me because that seems to be a tutorial on how to create a full reverse zone.
I need to know where and how I configure a partial block of IP's in the format 1.2.3.128/25 that was assigned to me. That is the problem I am having.
I need to know where and how I configure a partial block of IP's in the format 1.2.3.128/25 that was assigned to me. That is the problem I am having.
"If you are in control of the authoritative nameserver, the first step is to create a reverse DNS zone. The hostname for the zone has to be in a very specific format. It starts with a portion of your IP address written backward followed by .in-addr.arpa."
I other words, your PTR record should be set on the "authorative nameserver" for your domain name.
I other words, your PTR record should be set on the "authorative nameserver" for your domain name.
Check my second post
the rDNS record is something your ISP manages for you unless you have a portal access where they let you set it.
I would go back to the ISP and ask them to set it up.
I would go back to the ISP and ask them to set it up.
ASKER
Please find attached the results from mxtoolbox.
Also let me tell you that I have a 2003 DNS server remotely that right now I have if turned off (for the purpose of this test). But if I turn that on and shut down mine here, the results from mxtoolbox and dnsstuff are fine. That 2003 reverse zone is shown as picture 2003.jpg attached.
That is the problem I am having. How to configure on a 2008 R2 that IP block.
12.228.41. 128/25
And my ISP (AT&T) has delegated the administration of the reverse zone to us for sure.
Everything was working perfect until my server here collapsed and was replaced by a 2008 R2.
Thanks,
mxtoolbox.jpg
2003.jpg
Also let me tell you that I have a 2003 DNS server remotely that right now I have if turned off (for the purpose of this test). But if I turn that on and shut down mine here, the results from mxtoolbox and dnsstuff are fine. That 2003 reverse zone is shown as picture 2003.jpg attached.
That is the problem I am having. How to configure on a 2008 R2 that IP block.
12.228.41. 128/25
And my ISP (AT&T) has delegated the administration of the reverse zone to us for sure.
Everything was working perfect until my server here collapsed and was replaced by a 2008 R2.
Thanks,
mxtoolbox.jpg
2003.jpg
AT&T has those reverse zones.. any changes you are making on your servers are not changing anything.
"I need to know where and how I configure a partial block of IP's in the format 1.2.3.128/25 that was assigned to me. That is the problem I am having."
Technicard, you're trying to make an internal dns configuration change not external. It's two different things. Your PTR require an external dns configuration not internal.
Technicard, you're trying to make an internal dns configuration change not external. It's two different things. Your PTR require an external dns configuration not internal.
ASKER
Again,
If I shut down the 2008R2 which is the one having problems, and I allow the 2003 server, everything works fine.
AT&T delegated the reverse zone to us long ago with the format 12.228.41.128/25
Any changes I made in the reverse zone in my servers, worked every time. Until now that the main DNS changed from 2003 to 2008R2 and I don't know how to create the partial block for the reverse zone.
If I shut down the 2008R2 which is the one having problems, and I allow the 2003 server, everything works fine.
AT&T delegated the reverse zone to us long ago with the format 12.228.41.128/25
Any changes I made in the reverse zone in my servers, worked every time. Until now that the main DNS changed from 2003 to 2008R2 and I don't know how to create the partial block for the reverse zone.
DNS bulk PTR records creation: http://kpytko.pl/dns/dns-bulk-ptr-records-creation/
ASKER
I need to know how to configure a partial reverse dns block to look like the picture attached.
2003.jpg
2003.jpg
Have a look at at this
https://www.experts-exchange.com/questions/27834250/Configuring-Subnetted-Reverse-DNS.html
https://www.experts-exchange.com/questions/27834250/Configuring-Subnetted-Reverse-DNS.html
Here's a good guide to follow.
http://blogs.msmvps.com/acefekay/2013/11/10/how-to-create-a-delegated-subnet-reverse-zone/
Your zone name will be 128-25.41.228.12.in-addr.a rpa
I don't host my own reverse DNS for the internet, but I have tested this internally and it works.
http://blogs.msmvps.com/acefekay/2013/11/10/how-to-create-a-delegated-subnet-reverse-zone/
Your zone name will be 128-25.41.228.12.in-addr.a
I don't host my own reverse DNS for the internet, but I have tested this internally and it works.
ASKER
thanks footech.
please take a look at the attached screenshot.
i followed the link, but after the zone is created without erros, the FQDN shows "???".
any record I try to add, it gives me errors.
1.jpg
please take a look at the attached screenshot.
i followed the link, but after the zone is created without erros, the FQDN shows "???".
any record I try to add, it gives me errors.
1.jpg
When creating the new PTR record you would enter the host as 12.228.41.130 (for example). After creating it, if you open up the record to look at the properties the host will look like 12.228.41.128-25.130.41.22 8.12
ASKER
Sorry footech, for not being able to follow your instructions. Here I am attaching 4 screenshots of the steps I took, and at the end you will see that the FQDN shows "???" at the beginning. At that point I can't create any records inside that zone.
Thanks for your help and patience.
1.png
2.jpg
3.jpg
4.jpg
Thanks for your help and patience.
1.png
2.jpg
3.jpg
4.jpg
ASKER
Am I understanding correctly that Footech is creating a PTR record and specifying (thus creating) the reverse zone in the FQDN field? While tecnicard is trying to create the zone from scratch?
Is that a correct observation?
Is that a correct observation?
After creating the record here are the results from nslookup.
C:\Users\AEinstein>nslookup
Default Server: dc01.mydomain.com
Address: 10.10.10.10
> set type=ptr
> 12.228.41.130
Server: dc01.mydomain.com
Address: 10.10.10.10
Non-authoritative answer:
130.41.228.12.in-addr.arpa canonical name = 130.128/25.41.228.12.in-addr.arpa
Also footech is using the range of IP addresses as opposed to CIDR / notation?
Is that correct?
Is that correct?
ASKER
At least on my part, the zone is created from scratch.
If you take a look at the screenshots, I can't get rid of the "???" that are added automatically at the FQDN.
At this moment, my backup server (win2003) is the one working. If you run the reverse dns for 12.228.41.144 you will see the server responds: mailgate.tecnicard.com (which is correct and expected). If i turn on the main dns server (win2008r2) the responses are wrong, thus seems that i have no PTR records defined.
If you take a look at the screenshots, I can't get rid of the "???" that are added automatically at the FQDN.
At this moment, my backup server (win2003) is the one working. If you run the reverse dns for 12.228.41.144 you will see the server responds: mailgate.tecnicard.com (which is correct and expected). If i turn on the main dns server (win2008r2) the responses are wrong, thus seems that i have no PTR records defined.
@K B - nope. I created the zone first, seeing each of the windows that technicard showed in #a40879976.
but his says 128- at the beginning as opposed to a full IP address?
ASKER
this is the response i get now from the win2003 server (201.204.200.145).
And this is the result I expect.
1.jpg
And this is the result I expect.
1.jpg
I thought you said that your post showing results from MXToolbox was from the 2003 server and was correct.
I took another tack and used a "/" instead of "-" in the name. So the name becomes "128/25.41.228.12.in-addr. arpa" (you might notice that the zone file name changes the "/" to a "_". Then when creating the new PTR record, just enter the last octet, like "133". This gives results in nslookup like
I took another tack and used a "/" instead of "-" in the name. So the name becomes "128/25.41.228.12.in-addr.
> 12.228.41.133
Server: dc01.mydomain.com
Address: 10.10.10.10
Non-authoritative answer:
133.41.228.12.in-addr.arpa canonical name = 133.128/25.41.228.12.in-addr.arpa
133.128/25.41.228.12.in-addr.arpa name = mail.something.com
ASKER
I just followed your instructions, and the "/" does change to "_" in the name. But when trying to add the PTR, the FQDN shows as "???.in-addr.arpa" again.
Still unable to create the PTR record.
Rebooted the server, start from scratch, same result.
Is it possible that security restrictions (due to PCI hardening) on the server could affect the behavior on my environment when creating the reverse zone? This the last thing I can think is happening.
Still unable to create the PTR record.
Rebooted the server, start from scratch, same result.
Is it possible that security restrictions (due to PCI hardening) on the server could affect the behavior on my environment when creating the reverse zone? This the last thing I can think is happening.
I've never heard of anything like it. I don't think there's any more troubleshooting I can do on my end - it all appears to be working.
So is there a chance that your FQDN has question marks in it because it doesn't have the referencing forward lookup zone to reference? You can't even google "???.in-addr.arpa" and get a single result.
Is the machine fully patched? is this in an active directory integrated zone? how is this separated from the correct 2003 servers zones?
Did you notice any of the links I sent?
Isn't there supposed to be a period at the end of all your entries???
Is the machine fully patched? is this in an active directory integrated zone? how is this separated from the correct 2003 servers zones?
Did you notice any of the links I sent?
Isn't there supposed to be a period at the end of all your entries???
interesting .. check out this article:
https://www.experts-exchange.com/questions/23826536/External-DNS-PTR-Record-Issue.html
https://www.experts-exchange.com/questions/23826536/External-DNS-PTR-Record-Issue.html
I can answer from my perspective.
None of PTR records I created had a corresponding FLZ on the server.
It's a standard primary zone - technicard's screenshots showed the same thing. The guide I followed mentioned there's a need to edit the zone file for public DNS, hence this requirement.
No period at the end of the zone name - I had actually tested with including one and the records I created in it never worked. Also if you look at standard classful reverse zones that are created by entering the IP, and not by manually naming the zone, they don't end with a dot.
None of PTR records I created had a corresponding FLZ on the server.
It's a standard primary zone - technicard's screenshots showed the same thing. The guide I followed mentioned there's a need to edit the zone file for public DNS, hence this requirement.
No period at the end of the zone name - I had actually tested with including one and the records I created in it never worked. Also if you look at standard classful reverse zones that are created by entering the IP, and not by manually naming the zone, they don't end with a dot.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks K B... your solution totally worked!
You rock!!
You rock!!