PTR Record

I have a Windows 2008 R2 DNS server and need to create a PTR in my reverse zone. My ISP has already delegated the reverse zone for me to manage it.
The IP block assigned from my ISP is:
1.2.3.128/25

I have found on some websites that when creating the reverse zone, instead of the "/" I should use "-", in others say I should use "_". I have tried both and it is not working.

I have tried public tests from dnsstuff.com and mxtoolbox.com and both report that I have no PTR records.

Please if I can get some step by step information on how to create the zone name correctly, so then I can add the PTR records. I am attaching 2 screenshots for some of you guys to confirm the information I am writing. I am guessing that the error is on the screenshot # 2 (2.jpg) is where is my mistake is made.
If so, how should I correctly write the zone name?
3.2.1.in-addr.arpa.dns
128-25.3.2.1.in-addr.arpa.dns
25-128.3.2.1.in-addr.arpa.dns
128_25.3.2.1.in-addr.arpa.dns
25_128.3.2.1.in-addr.arpa.dns
128/25.3.2.1.in-addr.arpa.dns
25/128.3.2.1.in-addr.arpa.dns

A lot of outgoing emails are being rejected because there is no PTR defined.

Thanks,
1.jpg
2.jpg
ROBERTO PAREJAIT ManagerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

K BCommented:
Does this assist at all?  https://www.youtube.com/watch?v=YxMpZVE7g_A
0
Wayne88Commented:
Your PTR record is to set by your ISP not the internal DNS.  Your ISP should be configuring the PTR record at their end to point back to your external static IP address.

For example, the PTR for your MX record will point to the external IP address of your email server and when you send an email then the recipient will be able to verify that the IP address the email is coming from is mapped to your domain name.
0
K BCommented:
Agreed.  When you look at MXToolbox.com and enter PTR:yourIPaddress.  What server reports back the answer (pictured)?

2015-07-13-1219.png
0
Top Threats of Q1 & How to Defend Against Them

WEBINAR: Join WatchGuard CTO and our Threat Research Team on Aug. 2nd to hear the findings from our Q1 Internet Security Report! Learn more about the top threats detected in the first quarter and how you can defend your business against them!

ROBERTO PAREJAIT ManagerAuthor Commented:
Thanks K B, but it does not help me because that seems to be a tutorial on how to create a full reverse zone.
I need to know where and how I configure a partial block of IP's in the format 1.2.3.128/25 that was assigned to me. That is the problem I am having.
0
K BCommented:
Check my second post
0
Kash2nd Line EngineerCommented:
the rDNS record is something your ISP manages for you unless you have a portal access where they let you set it.

I would go back to the ISP and ask them to set it up.
0
ROBERTO PAREJAIT ManagerAuthor Commented:
Please find attached the results from mxtoolbox.

Also let me tell you that I have a 2003 DNS server remotely that right now I have if turned off (for the purpose of this test). But if I turn that on and shut down mine here, the results from mxtoolbox and dnsstuff are fine. That 2003 reverse zone is shown as picture 2003.jpg attached.

That is the problem I am having. How to configure on a 2008 R2 that IP block.
12.228.41. 128/25

And my ISP (AT&T) has delegated the administration of the reverse zone to us for sure.
Everything was working perfect until my server here collapsed and was replaced by a 2008 R2.

Thanks,
mxtoolbox.jpg
2003.jpg
0
K BCommented:
AT&T has those reverse zones.. any changes you are making on your servers are not changing anything.
0
Wayne88Commented:
"I need to know where and how I configure a partial block of IP's in the format 1.2.3.128/25 that was assigned to me. That is the problem I am having."

Technicard, you're trying to make an internal dns configuration change not external.  It's two different things.  Your PTR require an external dns configuration not internal.
0
ROBERTO PAREJAIT ManagerAuthor Commented:
Again,

If I shut down the 2008R2 which is the one having problems, and I allow the 2003 server, everything works fine.
AT&T delegated the reverse zone to us long ago with the format 12.228.41.128/25

Any changes I made in the reverse zone in my servers, worked every time. Until now that the main DNS changed from 2003 to 2008R2 and I don't know how to create the partial block for the reverse zone.
0
Wayne88Commented:
0
ROBERTO PAREJAIT ManagerAuthor Commented:
I need to know how to configure a partial reverse dns block to look like the picture attached.
2003.jpg
0
footechCommented:
Here's a good guide to follow.
http://blogs.msmvps.com/acefekay/2013/11/10/how-to-create-a-delegated-subnet-reverse-zone/

Your zone name will be 128-25.41.228.12.in-addr.arpa
I don't host my own reverse DNS for the internet, but I have tested this internally and it works.
0
ROBERTO PAREJAIT ManagerAuthor Commented:
thanks footech.
please take a look at the attached screenshot.

i followed the link, but after the zone is created without erros, the FQDN shows "???".
any record I try to add, it gives me errors.
1.jpg
0
footechCommented:
When creating the new PTR record you would enter the host as 12.228.41.130 (for example).  After creating it, if you open up the record to look at the properties the host will look like 12.228.41.128-25.130.41.228.12
0
ROBERTO PAREJAIT ManagerAuthor Commented:
Sorry footech, for not being able to follow your instructions. Here I am attaching 4 screenshots of the steps I took, and at the end you will see that the FQDN shows "???" at the beginning. At that point I can't create any records inside that zone.

Thanks for your help and patience.
1.png
2.jpg
3.jpg
4.jpg
0
ROBERTO PAREJAIT ManagerAuthor Commented:
This is the way it looks in the 2003 server where is working fine. Look at how the FQDN looks in screenshot # 2.

This is the problem I am having:
How to correctly configure this setup in a 2008R2 environment.
1.jpg
2.jpg
0
footechCommented:
Hmmm...  I don't see why that is for you.  Everything looks correct till the last one.
new PTR recordI've done this both on 2008 R2 and Win7 w/ RSAT.
0
K BCommented:
Am I understanding correctly that Footech is creating a PTR record and specifying (thus creating) the reverse zone in the FQDN field?  While tecnicard is trying to create the zone from scratch?

Is that a correct observation?
0
footechCommented:
After creating the record here are the results from nslookup.
C:\Users\AEinstein>nslookup
Default Server:  dc01.mydomain.com
Address:  10.10.10.10

> set type=ptr
> 12.228.41.130
Server:  dc01.mydomain.com
Address:  10.10.10.10

Non-authoritative answer:
130.41.228.12.in-addr.arpa      canonical name = 130.128/25.41.228.12.in-addr.arpa

Open in new window

0
K BCommented:
Also footech is using the range of IP addresses as opposed to CIDR / notation?  

Is that correct?
0
ROBERTO PAREJAIT ManagerAuthor Commented:
At least on my part, the zone is created from scratch.
If you take a look at the screenshots, I can't get rid of the "???" that are added automatically at the FQDN.

At this moment, my backup server (win2003) is the one working. If you run the reverse dns for 12.228.41.144 you will see the server responds: mailgate.tecnicard.com (which is correct and expected). If i turn on the main dns server (win2008r2) the responses are wrong, thus seems that i have no PTR records defined.
0
footechCommented:
@K B - nope.  I created the zone first, seeing each of the windows that technicard showed in #a40879976.
0
K BCommented:
but his says 128- at the beginning as opposed to a full IP address?
0
ROBERTO PAREJAIT ManagerAuthor Commented:
this is the response i get now from the win2003 server (201.204.200.145).
And this is the result I expect.
1.jpg
0
footechCommented:
I thought you said that your post showing results from MXToolbox was from the 2003 server and was correct.

I took another tack and used a "/" instead of "-" in the name.  So the name becomes "128/25.41.228.12.in-addr.arpa" (you might notice that the zone file name changes the "/" to a "_".  Then when creating the new PTR record, just enter the last octet, like "133".  This gives results in nslookup like
> 12.228.41.133
Server:  dc01.mydomain.com
Address:  10.10.10.10

Non-authoritative answer:
133.41.228.12.in-addr.arpa      canonical name = 133.128/25.41.228.12.in-addr.arpa
133.128/25.41.228.12.in-addr.arpa       name = mail.something.com

Open in new window

0
ROBERTO PAREJAIT ManagerAuthor Commented:
I just followed your instructions, and the "/" does change to "_" in the name. But when trying to add the PTR, the FQDN shows as "???.in-addr.arpa" again.
Still unable to create the PTR record.
Rebooted the server, start from scratch, same result.

Is it possible that security restrictions (due to PCI hardening) on the server could affect the behavior on my environment when creating the reverse zone? This the last thing I can think is happening.
0
footechCommented:
I've never heard of anything like it.  I don't think there's any more troubleshooting I can do on my end - it all appears to be working.
0
K BCommented:
So is there a chance that your FQDN has question marks in it because it doesn't have the referencing forward lookup zone to reference?   You can't even google "???.in-addr.arpa" and get a single result.
Is the machine fully patched?  is this in an active directory integrated zone?  how is this separated from the correct 2003 servers zones?
Did you notice any of the links I sent?

Isn't there supposed to be a period at the end of all your entries???
0
K BCommented:
0
footechCommented:
I can answer from my perspective.
None of PTR records I created had a corresponding FLZ on the server.
It's a standard primary zone - technicard's screenshots showed the same thing.  The guide I followed mentioned there's a need to edit the zone file for public DNS, hence this requirement.
No period at the end of the zone name - I had actually tested with including one and the records I created in it never worked.  Also if you look at standard classful reverse zones that are created by entering the IP, and not by manually naming the zone, they don't end with a dot.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ROBERTO PAREJAIT ManagerAuthor Commented:
Thanks K B... your solution totally worked!
You rock!!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.