We help IT Professionals succeed at work.

Question regarding adding a DNS zone and manually entering a PTR record for a key File Server.

high_sobo asked
Question regarding adding a DNS zone and manually entering a PTR record for a key File Server.

I just joined our 2 offices (PA Office where I work & NY Office) via a VPN tunnel using our SonicWalls.  Both locations have completely separate networks, but we can now see each other servers by IP only. Were are running Windows 2008 R2 Domain Controllers and File Servers.

I would like PA's staff to be able to "see" NY's File Server by host name versus IP, so I would like to add a PTR record for this server.  However, PA & NY's domain is different, so I'm thinking I can add a DNS zone in PA (non Active Directory integrated I would assume) for the NY domain for the purpose of adding a PTR record like:
NY-FS1.NY-domain.com =

Later, I am planning on setting up a trust between the domains, but I am not ready to do this yet.  So I was looking to solve this problem as soon as possible.  However I'm nervous about the implications of adding a DNS zone without knowing the implications.

Thank you
Watch Question

Principal Support Engineer
First, PTR records aren't relevant here. They're used in reverse lookup zones to resolve IP addresses to hostnames, and that's not what you're looking for.

If you're wanting the PA users to resolve the single fully qualified domain name NY-FS1.NY-domain.com to an IP address, you can do this by creating a forward lookup zone named NY-FS1.NY-domain.com on the PS DNS server, then creating a blank host (A) record within that zone. Give the host record the IP address of the server with that name ( in your example).

If there are multiple DNS servers in the PA environment which are also AD domain controllers, you'll probably want to make that zone AD-integrated, as this will simplify replication of the zone among those servers.

To create a blank host record on a Windows DNS server, you simply leave the Name field blank when creating the record and enter the IP address as you normally would. If your DNS servers aren't running Windows, the method for doing this may vary.

The effect of this will be that clients which query the PA DNS server(s) for the specific name NY-FS1.NY-domain.com will resolve that name to the IP address you specify. Resolution of other names won't be affected.
DrDave242Principal Support Engineer

Oh, and once a trust is created between the domains, this zone will be redundant and should be removed.
kevinhsiehNetwork Engineer

I would use conditional forwarder in DNS instead. You'll also need them for your trust, so might as well get started.


There is a potential for issue regarding email delivery, if the DNS zone overlaps with their public email domain. If that is the case, the AD zone would need to have valid MX records for mail delivery for email being sent by the other domain, with possible SMTP delivery over the VPN (depending on the email infrastructure).


@DrDave242 so then we can move forward with the forward zone for NY in PA without having domain trust for now with no issues? We most likely would move forward with the trust, but for right now we do not have time to proceed with the trust due to project constraints. Thank you for the reminder to delete the forward zone once the trust has been established down the road. I will delete it at that time to remove the repetitive forward lookups.
DrDave242Principal Support Engineer

Yeah, this won't cause any issues, since the zone is only for one specific name: NY-FS1.NY-domain.com. It won't affect the ability for PA users to resolve other names in the NY-domain.com domain (so mail delivery to NY-domain.com won't be affected, for example).