DNS PTR Records confusion
If there is no DHCP server on network then who will give PTR records to DNS server ?
For workstations, no. For some servers such as a mail server, perhaps but not critical. They're more important for public IPs, some email servers won't accept mail from your server if they can't properly perform a reverse lookup on the IP address.
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
SWC Unified Communications
Similar Messages
-
DHCP Reservation Sync and DNS Host record sync etc shown in IPAM GUI
Hello all,
I am aware of the scripts in the TechNet script center to sync DHCP leases etc to IPAM, however my question is about something else -
If you highlight an IP address (IP address inventory->select an IP), You can see fields that say: "DHCP reservation sync", "DNS PTR record sync" and "DNS host record sync" as below:
I was curious as to what these are for. Is there some built-in sync functionality for these that I perhaps have not enabled? (Don't see such options any where..)
thanks,
-RaviHi Ravi ,
The three columns tell us the information of the synchronization between IPAM server and DNS server (or DHCP server) .
Here is the detailed guide for using IPAM :
Using the IPAM Client Console :
https://technet.microsoft.com/en-us/library/jj878351.aspx#inventory
IPAM can sync DNS and DHCP records .
The IPAM database is separate from DHCP and DNS servers on our network ,and full synchronization of hosts and IP addresses between IPAM and managed DNS or DHCP servers does not occur automatically
unless we have configured automated tasks to perform this synchronization .
For detailed information ,see
DNS and DHCP record synchronization chapter in the following link :
Multi-server Management :
https://technet.microsoft.com/en-us/library/jj878329.aspx
Best Regards,
Leo
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
PTR Record not Automatically Created in dns server
how to config when client joint to domian PTR Record Automatically Created in dns server
Hi Farzad_en,
Based on my knowledge , you need to allow Dynamic Updates .
"Open DNS Manager. To open DNS Manager, click Start, point to
Administrative Tools, and then click DNS.
In the console tree, right-click the applicable zone, and then click
Properties.
On the General tab, verify that the zone type is either
Primary or Active Directory-integrated.
In Dynamic Updates, click Nonsecure and secure."
For details please refer to following link:
http://technet.microsoft.com/en-us/library/cc794806(v=ws.10).aspx
Hope this helps
Best Regards
Elton Ji
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Child DNS Zone changing PTR record of OD Master
Grretings,
I am setting up a new OD master server for our school that will also host our DNS. Home folders will be on another server. I am using the DNS GUI for now. Setup master DNS zone of ourschool.lan. OD master has FQDN of admin.ourschool.lan with an IP address of 172.16.2.254. Forward and reverse lookups of OD master are great.
#host admin.ourschool.lan returns 172.16.2.254
#host 172.16.2.254 returns admin.ourschool.lan
When I go to set up a child zone, highschool.ourschool.lan, on this server I set the nameserver to ns1.highschool.ourschool.lan and IP address of 172.16.2.254, I have had the following happen:
#host admin.ourschool.lan returns 172.16.2.254
#host 172.16.2.254 returns ns1.highschool.ourschool.lan (not what I want!)
I understand forward and reverse lookups to OD master need to be rock solid. The changing of the PTR record is going to ruin this. Has anyone else seen this behavior. Should I just do the DNS through terminal and forget the GUI?
Thank you for any feedback. I searched this discussion list and didn't find anything similar to this in the postings.
Best Regards,
Steve
OS X Server and Client Mac OS X (10.4.6)Your problem stems from the fact you're trying to create two separate A records for the same IP address.
The GUI will automatically create a reverse DNS entry for each a record. Since you have two A records that point to 172.16.2.254 that's where your problem lies.
Your solution is either to use a CNAME (or alias) for the second hostname (e.g. ns1.highschool.ourschool.lan CNAME admin.ourschool.lan), or manage the DNS by hand and don't use the GUI tools. -
DNS server's PTR record wrong?
I have a server I frequent that has an IP address of 10.1.1.2. It acts as an OD and AD server, DNS server, IM server and a few other things.
As of now, the DNS server only has 1 entry in it, for the DNS server itself. I got a request to add a second A record for a new accounting server. Easy enough right? I added an A record under my primary zone and made sure it was FQDN. I went to ping it by name and by IP and no luck - no resolution.
Whats odd is when I look at my records, I have 2 groupings of PTR records. One is my new one which makes sense : 1.1.10.in-addr.arpa. The other is the one that the DNS server originally had: 2.1.1.10.in-addr.arpa.
I'm thinking this is why I can't get my new A record to work.
I really REALLY don't want to kill OD or AD here. I know they lean on DNS to live. I have to get this fixed though. Can I delete both those records our of my primary zone, readd them, and all will work OK as long as I don't poke the primary zone? I'm assuming I can't rename a PTR record directly, right?
Any help would be super-duper appreciated! I have to fix this ASAP (obviously, right?).
Thanks!Your DNS server isn't really serving out much in the way of DNS, it's running the self-hosted configuration that's the default when no DNS services were established during the Mac OS X Server installation and configuration.
And if DNS services aren't right, then yes, the rest of the stack tends to be spotty. Including OD.
Here is how to set up DNS on Mac OS X Server and then you should be able to migrate to correct DNS services without wrecking OD. This if your existing domain choice and set-up for the self-hosted DNS was correct.
Basically, you get to nuke the existing forward and reverse zone (the default install creates one of each), and establish a forward zone for your domain name (and not the host's FQDN), and add your host name (which doesn't need to be an FQDN in this context) into the forward zone. This will then apply the zone name to create the FQDN. Server Admin should then establish one or more reverse zones, and as needed. -
Hi , I need to set up an Xserve as a gateway for our office LAN The Xserve connects to a locked ISP provided router on the WAN side (public IP) and on the LAN side to a switch and on to our clients.
I need to know exactly what my ISP needs to have set up in their DNS records, as I understand it they must have a "A" record and MX but my ISP Tech tells me that I need WWW * etc etc but when he puts all of these in my xserve picks up the incorrect FQDN.
I expect "server.mydomain.com" but I get "mydomain.com" which i assume will the cause problems with my local realm ?
Any help with the correct terms etc so I can explain to them what I require.
Many ThanxYour phrasing of the question raises all kinds of red flags for me…
First off, you can have only one PTR record. If this server is running as a mail server for your domain then that PTR record should match whatever name you choose for your mail server/MX record (e.g. 'server.mydomain.com' is fine as long as your MX record points to 'server.mydomain.com' and your mail server is configured to identify itself as 'server.mydomain.com'.
If your ISP is also managing DNS for your domain then you should then have ONE 'A' record for your nominated hostname (e.g. server.mydomain.com with the associated IP address).
Any other hostnames that map to your site (either services such as web that are running on this machine, or services that are NATted at this server to an internal machine) should be setup as CNAME records to the above A record.
For example:
Forward DNS:
mydomain.com MX 10 server.mydomain.com.
server.mydomain.com A 123.45.67.89
www.mydomain.com CNAME server.mydomain.com.
foo.mydomain.com CNAME server.mydomain.com.
Reverse DNS:
89.67.45.123.in-addr.arpa PTR server.mydomain.com.
What worries me about this all, though, is that it sounds like you have a single server, and that server is publicly-facing.
If this server is also running services such as Open Directory (maintaining the list of user accounts), DNS (for your internal clients), file sharing, etc. then these services by default will all be publicly exposed and you will leak your internal domain data to the outside world. You will be targeted to dictionary and brute force attacks and you risk compromising your network as a result.
In other words I do not recommend running a single server for all services as well as a NAT gateway. It takes too much time and effort to secure the server. Do yourself a favor and get a $50 NAT router to act as your network edge device (connected to your ISP's router) and sleep easier at night. -
Removing DHCP failover removes DNS A records
We are running a windows 2012 r2 domain with 4 DCs all configured as DNS servers. One of the DCs is also our DHCP server. We configured a second dhcp server in January and joined it in failover mode. It was fine for a couple weeks, but then we got spammed
with 20291 and 20292 errors. We decided to remove the failover relationship and unauthorize the second dhcp server which we did without any errors. However when we rebooted the original dhcp server, we immediately lost over 30 A records in dns, mostly printers,
and we found that the dns server ip addresses on the nics of the dhcp server were changed to invalid addresses. Is there anything known that could explain this behavior? Otherwise the server seems to be working fine, and diagnostics (dcdiag, repadmin, event
log) are not showing any errors.Hi,
Was the second DHCP server also a DC? Which kind of DHCP Failover Modes did you used?
Based on my experience, a DHCP server can register and update DNS PTR and address A resource records on behalf of its DHCP-enabled clients. I assume the lost A
records may be due to the IP address of the DNS server was changed. Did you configure a static DNS server in the DNS settings on the DHCP server? I assume that you select "Obtain DNS server address automatically" as if you define a DNS
server, it won't be changed after reboot.
In general, it would be better to point the preferred/secondary DNS server to the DC instead of obtaining the DNS server address automatically.
Besides, for event ID 20291, you can refer to the KB below:
http://support.microsoft.com/kb/2955135
Best regards,
Susie
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
PTR Record Registration Failure
We have 2008 R2 Dc-DNSs.
Some times (not always!) when I create an A record manually and the "Create associated pointer (PTR) record" is checked although the reverse lookup zone exists, I get this error:
"Warning: The associated pointer (PTR) record cannot be created, probably because the referenced reverse lookup zone cannot be found."
Why?!Hello,
please see for starting:
A zone name entered without a period between the address and the in-addr.arpa section of the name, or with a period instead of a hyphen between 'in' and 'addr':
Incorrect: 6.10.10in-addr.arpa
Incorrect: 6.10.10.in.addr.arpa
Correct: 6.10.10.in-addr.arpa
The network number is not correctly entered, such as (assuming an IP address of 10.10.6.x):
Incorrect: 10.10.6.in-addr.arpa
Correct: 6.10.10.in-addr.arpa
A domain name is entered instead of in-addr.arpa.
Incorrect: 6.10.10.test.domain.com
Correct: 6.10.10.in-addr.arpa
An incorrectly subnetted reverse-lookup zone is entered.
Also see
http://social.technet.microsoft.com/Forums/windowsserver/en-US/55962799-94f8-4462-9a69-b3a0fcb66a0b/reverse-dns-fails-configuration-issue
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights. -
A and PTR records update under zone's folder..
Hi Friends
I have below power shell script which is working fine if I have single zone But I have domain folder in single zone.
I am using below script to add A records and PTR records in zone but This script is not updating A and PTR records on domain folder under the Zone..
$CSVFile = Import-Csv "D:\DNS update script\DNSentries.csv"
$CSVFile | foreach {dnscmd $_.dnsserver /RecordAdd $_.Zone $_.name /CreatePTR $_.type $_.IP}
It giving me below error:
Command failed: DNS_ERROR_ZONE_DOES_NOT_EXIST 9601 0x2581Try this:
$csvfile | foreach {
If ($_.zone -match "\.") {
$Domain = $_.zone
dnscmd $_.dnsserver /RecordAdd $_.Zone $_.name /CreatePTR $_.type $_.IP
} Else {
dnscmd $_.dnsserver /RecordAdd $Domain "$($_.name).$($_Zone)" /CreatePTR $_.type $_.IP
Please note the format of the child domain and host name in this command, and that the root domain is collected from the first record that has a . in it. If your file isn't organized correctly, this won't work. You could add a command to get
the server's root domain, there are a lot of ways to do that but I didn't spend time on that. You could also just hard code that since I'm guessing you're working within one DNS hierarchy.
I did test this and it worked - the key is in the 2nd command, it needs to be in the form of
dnscmd DNSServer /RecordAdd RootDomain HostName.ChildDomain /CreatePTR A 1.2.3.4
Good luck, hope this helps! -
Unable to run the application via DNS CName record.
I have Windows Server 2008R2 running an application that connects to a database via a DNS CNAME record. The application was working fine until after yesterday when it could no longer
connect to the database. The database server is up and running without any issues. You have verified remote connectivity to the database server from your workstation.
How would you troubleshoot the issue and what are the steps to resolve it?It might be that the application does not support using aliases for DNS resolution. You will need to contact your application developer/vendor for assistance.
To make sure that DNS resolution works properly from the infrastructure level, you can simply use
nslookup and make sure that the resolution is done properly.
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Get Active Directory User Last Logon
Create an Active Directory test domain similar to the production one
Management of test accounts in an Active Directory production domain - Part I
Management of test accounts in an Active Directory production domain - Part II
Management of test accounts in an Active Directory production domain - Part III
Reset Active Directory user password -
DNS "A" Record Preventing Networked Users from Seeing Own Website
I just set up a DNS "a" record in Server Admin to point "mail.xyz.com" to my server's internal ip (10.0.1.1).
I did this so users could stay on the network with sending and receiving mail, as opposing to going out onto the web to do so. (I have MX records on Network Solutions point "mail.xyz.com" to my server's external ip.) All of their mail clients list "mail.xyz.com" as the mail server, instead of the server's internal ip.
Trouble is, when users on the network try to access our website, "xyz.com," their browsers now return an error, saying they cannot find the server.
Any idea?
Lost count Mac OS X (10.4.9)Steve and David --
This works. I am using Server Admin. To reiterate, I
added a zone "mysite.com" and a primary server "mail"
and pointed it at my server's internal ip so my users
can stay "inside" while checking mail.
Then, to follow your suggestion, I added a machine
named "www" to zone "mysite.com" pointed to my
server's external ip.
Some questions: How can I be sure the client's
machines are going interally to the server for mail?
(When I dig it in terminal, "mail.mysite.com" returns
an "a" record for the server's internal ip -- I
suppose that is sufficient.)
Yep!
Should the primary name server for the zone be "mail"
with "www" as an added machine, or vice versa?
The primary name server just identifies the machine which is responsible for holding records for that zone (domain). Add www as a 'machine' - think of each 'machine' as a specific IP address which identifies a host, hence IP / Name partnership. Any other hostname on same IP is an 'alias' (which becomes a CNAME record in the dns file).
You say I have to do this with "any record hosted in
my public dns as a mirror." I am running three
websites from my server, all with public dns pointed
at my server. (I use the same mail
server--mail.mysite.com--for all three.) Do I need to
set up a "www" record for each website? I have no
problem accessing the sites from internal client
machines.
the basic issue is that any zone (domain) defined in your own dns becomes 'authoritative' for that domain. So when clients ask your internal dns about any zone (domain) which is defined in it, and your server does not have that record, it will respond with "no such record" and your clients must take that on face value.
Therefore, you only need to mirror records for domains which you have defined in your own dns. If you have external www.domain1.com and www.domain2.com but only have domain1.com established on your internal dns, then you only need that domain's www record mirrored. Your server will therefore not be authoritative for domain2.com and will pass all requests out to whichever external dns is authoritative for it.
-david -
We are having an issue with one domain bellsouth.net we are basically getting this back from them.
12:18:29 928 MSG 10801 Recipient: [email protected]
12:18:30 888 DMN: MSG 10802 Send Failure: 521 Error - Blocked for abuse. Contact [email protected]
12:18:30 888 DMN: MSG 10802 Send Failure: 521 Error - Blocked for abuse. Contact [email protected]
12:18:59 480 MSG 10803 Analyzing result file: /media/nss/MAIL/ndhdom/wpgate/gwia/result/rae59395.645
12:18:59 480 MSG 10803 Detected error on SMTP command
12:18:59 480 MSG 10803 Command: bellsouth.net
12:18:59 480 MSG 10803 Response: 521 Error - Blocked for abuse. Contact [email protected]
When I looked up the Detected error on SMTP command, I found some information about the Hostname, currently on our server it is setup as Hostname/DNS "A Record" name: ndhc.org (according to the internet domain holder (godaddy) the host name is ndhc.org and the "A" record name is mail. What should we have in the Hostname/DNS "A Record" name field? I believe that we have tried the servername.domain name (liberxx.ndhc.org) and that failed and I think that we also tried (mail.ndhc.org) I cannot confirm that we actually have it has been awhile since we did this project, but I am just wondering if someone can help clear this up for me. Thank you. This issue only started happen with Bellsouth.net when we switched from the NetWare GWIA to the Linux GWIA is there something else that might have been missed.Originally Posted by mrosen
Hi,
dschaldedfg wrote:
>
> We are having an issue with one domain bellsouth.net we are basically
> getting this back from them.
>
> 12:18:29 928 MSG 10801 Recipient: [email protected]
> 12:18:30 888 DMN: MSG 10802 Send Failure: 521 Error - Blocked for
> abuse. Contact [email protected].
> 12:18:30 888 DMN: MSG 10802 Send Failure: 521 Error - Blocked for
> abuse. Contact [email protected].
> 12:18:59 480 MSG 10803 Analyzing result file:
> /media/nss/MAIL/ndhdom/wpgate/gwia/result/rae59395.645
> 12:18:59 480 MSG 10803 Detected error on SMTP command
> 12:18:59 480 MSG 10803 Command: bellsouth.net
> 12:18:59 480 MSG 10803 Response: 521 Error - Blocked for abuse.
> Contact [email protected].
>
> When I looked up the Detected error on SMTP command, I found some
> information about the Hostname, currently on our server it is setup as
> Hostname/DNS "A Record" name: ndhc.org (according to the internet domain
> holder (godaddy) the host name is ndhc.org and the "A" record name is
> mail. What should we have in the Hostname/DNS "A Record" name field?
mail.ndhc.org
Okay, so you think we should try putting "mail.ndhc.org" into that section (Hostname/DNS "A Record" name field) instead of what we currently have "ndhc.org"
But that error doesn't sound like it's related to DNS. It much more
sounds like you're really blacklisted for sending spam. If it's really
the hostname, then their system is giving out extremely stupid result
messages. Have you tried to contact the given email address in the
message?
I know when we first setup the system we were having an issue with the GWIA relaying, but that has since been rectified, they are the only ones that are blacklisting us, because I have checked on other sites (blacklisting websites that is) and there is nothing about our site being blacklisted. I think basically the people that are trying to receive the messages respond back saying that they never received emails from the people here at ndhc. If memory serves they have been emailed from other accounts and those go through because Bellsouth.net is not blocking those accounts, like yahoo, gmail, etc.
CU,
Massimo Rosen
Novell Product Support Forum Sysop
No emails please!
Untitled Document -
Windows 2012 adds an incorrect name when creating a PTR Record in a /56 reverse zone using MMC
Hello,
I have created a reverse lookup zone for 2001:bc8:3f83:0200::/56, when I add a PTR record for 2001:bc8:3f83:0200::200:99, the MMC snap-in adds a zero group in my address and adds a record for 2001:bc8:3f83:0200:0000:0000:0000:200:99.
Zone creation :
http://imageshack.com/a/img673/4018/JFf7BX.jpg
PTR creation :
http://imageshack.com/a/img538/9239/bZqaQl.jpg
Result :
a PTR with address 2001:bc8:3f83:0200:0000:0000:0000:200:99 :
http://imageshack.com/a/img673/8793/3EcxOW.jpg
(Sorry for the image links, the forum would not allow me to post images...)Hi,
According to your description, my understanding is that the name of PTR record(IPv6) displayed as 2001:bc8:3f83:0200:0000:0000:0000:200:99, but when open its Properties, the Host IP address option displayed as 2001:bc8:3f83:0200:0000:0000:200:99.
I have the similar problem on my test device Windows Server 2012, but this problem do not occurred on Windows Server 2012 R2. They have different ways to type the Host IP address. And it is may be related to the prefix digit number – not the integer multiple
of 16.
You may try to update your server to the latest version. Or a work around way to manually add the PTR record of IPv6 by command line:
dnscmd <ServerName> /RecordAdd <ZoneName> <NodeName> [/Aging] [/OpenAcl] [<Ttl>] PTR <HostName>|<DomainName>
Detailed information reference link:
https://technet.microsoft.com/en-us/library/cc844045(v=ws.10).aspx
Best Regards,
Eve Wang
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
SPA 5xx and 9xx phones registering to all proxies with DNS SRV records
A weird situation -- I use DNS SRV records to prioritize the two Asterisk servers to register to (east coast vs west coast). However it seems that phones are often registering to BOTH servers and show as live on both at the same time. There seems to be little rhyme or reason as to when it occurs, but it's weird. Fortunately the phone does seem to be preferring the higher priority SRV record but I can't figure out why it is registering to both.
This happens with SPA-942s (6.1.5a) and SPA504Gs (7.4.9c).
Any ideas what makes this happen? On the surface it seems like a good thing, but functionally the phones are registering the same port numbers and only the priority server can get through firewalls with traffic for the phones. This screws up my "presence" indicators within the system.
DNS SRV RECORDS:
_sip._udp.west.server.net (for west coast customers)
Priority 10: west coast machine
Priority 20: east coast machine
_sip._udp.east.server.net (for east coast customers)
Priority 10: east coast machine
Priority 20: west coast machineWe determined this was not actually happening. There was a syncing taking place in the background that was giving the impression this was happening but it really was not.
-
hi,
We have a KMS server with srv record KMSSERVER01.CONTOSO.COM pointing to 192.168.1.1
We created DNS A record KMS.CONTOSO.COM also pointing to 192.168.1.1
If we use the sethst parameter in KMS client and use KMS.CONTOSO.COM, will it work?
ThanksHi,
According to the parameter I guess you used the tool ospp.vbs. It should work without issue.
http://technet.microsoft.com/en-us/library/ee624350(v=office.15).aspx
Maybe you are looking for
-
How do I copy an app from my iPhone to my desktop iTunes?
iTunes tells me there's an update for my iPhone. I click on update. It tell me that there are apps on my iPhone that are not on my computer, and that I should copy them to the computer before updating. I sync the iPhone, and then get the same messag
-
I purchased Photoshop cs5 a while back in disk form for my old imac. Now my new laptop doesnt have a disc drive... can I get the program onto my new computer? I don't have the box, but have the old computer it's on... also had a friend place inD and
-
In Mail, my message preview used to be shown to the right side of the messages. Now it is showing below the messages. How can I move it back to the right?
-
How will get the source code of all the tables in a given schema using SQL?
Hi All, How can we get the source code of all the tables in a given schema using SQL? Thanks in Adv. Junu
-
ODI Error when Loading data from a .csv file to Planning
Hello, I am trying to load data from a csv file to planning using ODI 10.1.3.6 and I am facing this particular error. I am using staging area as Sunopsis memory engine. 7000 : null : java.sql.SQLException: Invalid COL ALIAS "DEFAULT C12_ALIAS__DEFAUL