Microsoft DNS questions

Hey

I have some questions regarding Microsoft DNS Server

From DHCP log:

31,02/27/18,09:59:34,DNS Update Failed,10.27.11.13,MyPC1.mydomain.local,,,0,6,,,,,,,,,9002

The issue seems to be related to missing reverse lookup zone for the IP.

If I create the reverse lookup zone (or disable PTR update in DHCP) - it seems to be working.

We have 1000's of IP scopes (Networks) - Is it possible to create the reverse zones automatically?

Another question - why would you use reverse zones in an internal network?

Thanks in advance
LVL 1
mikeydkAsked:
Who is Participating?
 
MAS (MVE)Connect With a Mentor Technical Department HeadCommented:
HI mikeydk,
I hope you know the function of zones
Forward look up --> Resolve IP from names (FQDN) using A records (You can see A records in Forward lookup zone)
Reverse look up --> Resolve Domain name from IP with the help of ptr records ( Thats why ptr records in Reverse Lookup Zone)
Here is a best practice for your
https://www.xsanity.com/story/2006/best-practice-reverse-dns-zones#private
Reverse lookup is required for servers like Exchange server etc.
If you have multuple forward lookups zones. Just create the reverse lookup zones for the private IPs commonly used in your network.
Example if you have networks 192.168.1.x, 192.168.2.x and 192.168.3.x just create RLZ 192.168.x.x that will cover all the subnets/networks comes under 192.168.x.x.

Thanks
MAS
0
 
footechConnect With a Mentor Commented:
Reverse zones in an internal network are mostly for convenience, for when you have an IP but aren't sure what might be occupying it.  It doesn't break anything to not have them most of the time.

It certainly is possible to script the creation of zones.  You could use dnscmd or PowerShell (if your Windows server version is new enough), or a mix.
0
 
LearnctxConnect With a Mentor EngineerCommented:
It certainly is possible to script the creation of zones.  You could use dnscmd or PowerShell (if your Windows server version is new enough), or a mix.

Just create the zones to cover off all subnets below as MAS EE MVE says.

10.in-addr.arpa
168.192.in-addr.arpa
16.172.in-addr.arpa

This will cover off the 3 private IP ranges for internal networks. I don't really see any reason to create thousands of smaller PTR zones on the DNS server vs. 3 large PTR zones. Way more hassle than its worth I think.
1
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
mikeydkAuthor Commented:
How do I "move" the old DNS records to a new "big" zone?
0
 
LearnctxConnect With a Mentor EngineerCommented:
I won't re-invent the wheel, but Microsoft have a script to do this written by a PFE, see here. The big caveats of the script are that yo will move from dynamic to static PTR records. For some places this does not matter, for others it does. Personally I would just start over and let the clients rebuild any dynamic PTR records. If there are any particular static PTR records you need created, just bulk create them with the PowerShell DNS cmdlets or the dnscmd command.

One of the things discussed in the comments is preserving the ACL. I'm not sure if they ever got around to working that out, but that would certainly be doable as well which would allow clients that own the existing records to update them (such as DHCP, etc.).
0
 
MAS (MVE)Technical Department HeadCommented:
Re-assigning points
0
 
MAS (MVE)Technical Department HeadCommented:
Enough information to confirm answer.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.