DNS Server doesn't return PTR

We have a Server 2012 R2 DNS Server in our network.
The problem is I did a DNS test at intodns.com and it returned an error:
ERROR: No reverse DNS (PTR) entries.
While I've configured PTR for the domain name in DNS server.
ping -a command return domain address if I'm connected to internal network.
This is a serious problem since our users can't send e-mail from our mail server.

ZoneType=primary
isautocreated= false
isdsintegrated= false
isreverselookupzone= false
issigned= false
For reverse zone
ZoneType=primary
isautocreated= false
isdsintegrated= false
isreverselookupzone= true
issigned= false
Sorry for changing format.

Similar Messages

  • How to configure DNS server to redirect all web traffic to one external website?

    I'd like to use the DNS service on my OS X Server as a way to force all all web traffic to one specific, external website. Not quite sure how to go about configuring it, though - any recommendations?
    (BTW, this is, obviously, not our primary DNS server; I intend to silently update the preferred DNS server for users who fail to complete their timesheets in order to force the issue)

    Web clients don't generate uniquely-identifiable DNS queries; there's no SRV request or related traffic that you could select on and spoof.  So if you do implement this, everything querying the spoofing DNS server will get the spoofed host, or you'll have to spot specific queries that are likely web queries; Facebook, Google, Bing, etc. 
    If you still want to implement this, then I'd probably replace the DNS server with a runt DNS server (maybe hack dnsmasq or maraDNS, or create yourself a trivial DNS server) and have that always return the specified IP address.  This avoids having to hack BIND to be universally authoritative, which is probably on par with hacking a simpler DNS server to always return a fixed IP address, and the latter is probably easier to undo.
    A firewall can spot TCP port 80 and port 443 traffic, unlike a DNS server.   Firewalling outbound port 80 traffic is more typical of these requests, and either trap that traffic to a specific web page based on the capabilities of the firewall, or the web proxy approach that Camelot suggests.  There are folks that tie access into the web proxies into external authentication and related; that'd be able to do what you want.   Web proxies are usually combined with firewall blocks, as most sites want only the web proxy to have external access, too.  But this is also rather more pieces than a DNS redirect, too.

  • DNS server (BIND) VPS requirements.

    I am looking into renting a VPS (or 2) and I have actually found some pretty good deals. 
    I can save a good bit of money per yer if I sacrifice storage space. 
    My question is, does anyone have a DNS server that they can check out or possibly know off hand about how much disk space it is actually using?
    I know that a DNS server doesn't use a ton of resources, but I am just trying to get a general idea.
    Thanks in advance,
    Daniel

    I did end up getting a vps for this, with 1gb of disk space. Using for just a resolving dns it is plenty.
    I am just concerned if i wanted to do a caching dns server, that the space might add up quickly.

  • DNS Server not working. Start Time "Not Available"

    I lost power to my server last night in a power outage.
    Today the DNS Server doesn't seem to be working. I verified that my server's IP is the primary name server on the clients, however all lookups are going to the secondary (public) name server and therefore giving the public IP address for LAN services.
    To test it, I typed in Terminal (both on a client machine and on the server itself) "nslookup [myinternaldomain.com] [mydnsserverip]" and get ";; connection timed out; no servers could be reached"
    When I load up Server Admin, I see that the DNS service is running but for Start Time it says "Not Available".
    Tried stopping and starting the service.

    Thanks for that link. It looks about at my level so I'll have a read tonight. I am on 10.6.8
    Here's what I got back from the command you suggested (looks like all of these are just ports starting with "53" - confirming that DNS is not running?)
    mDNSRespo    36 _mdnsresponder    8u  IPv4 0xffffff800fe25980      0t0    UDP *:5353
    mDNSRespo    36 _mdnsresponder    9u  IPv6 0xffffff800fe25840      0t0    UDP *:5353
    mDNSRespo    36 _mdnsresponder   50u  IPv4 0xffffff8012030c00      0t0    UDP *:53697
    mDNSRespo    36 _mdnsresponder   51u  IPv6 0xffffff8012030340      0t0    UDP *:53697
    Python       50        _jabber    4u  IPv4 0xffffff8012cc4da8      0t0    TCP localhost:49277->localhost:5347 (ESTABLISHED)
    Python       75        _jabber    3u  IPv4 0xffffff8010120a08      0t0    TCP localhost:49177->localhost:5347 (ESTABLISHED)
    resolver    406        _jabber    4u  IPv4 0xffffff8012970418      0t0    TCP localhost:49172->localhost:5347 (ESTABLISHED)
    sm          407        _jabber    5u  IPv4 0xffffff80129727b8      0t0    TCP localhost:49170->localhost:5347 (ESTABLISHED)
    router      408        _jabber    4u  IPv4 0xffffff80127621c8      0t0    TCP localhost:5347 (LISTEN)
    router      408        _jabber    5u  IPv4 0xffffff80127615e8      0t0    TCP localhost:5347->localhost:49166 (ESTABLISHED)
    router      408        _jabber    6u  IPv4 0xffffff8012760a08      0t0    TCP localhost:5347->localhost:49167 (ESTABLISHED)
    router      408        _jabber    7u  IPv4 0xffffff80127627b8      0t0    TCP localhost:5347->localhost:49168 (ESTABLISHED)
    router      408        _jabber    8u  IPv4 0xffffff80129721c8      0t0    TCP localhost:5347->localhost:49170 (ESTABLISHED)
    router      408        _jabber    9u  IPv4 0xffffff8012abfda8      0t0    TCP localhost:5347->localhost:49172 (ESTABLISHED)
    router      408        _jabber   10u  IPv4 0xffffff8012abe5e8      0t0    TCP localhost:5347->localhost:49177 (ESTABLISHED)
    router      408        _jabber   11u  IPv4 0xffffff8012cc47b8      0t0    TCP localhost:5347->localhost:49277 (ESTABLISHED)
    c2s         409        _jabber    4u  IPv4 0xffffff8012760ff8      0t0    TCP localhost:49167->localhost:5347 (ESTABLISHED)
    mu-confer   410        _jabber    6u  IPv4 0xffffff8011d14a08      0t0    TCP localhost:49168->localhost:5347 (ESTABLISHED)
    s2s         411        _jabber    4u  IPv4 0xffffff8012761bd8      0t0    TCP localhost:49166->localhost:5347 (ESTABLISHED)

  • DNS server's PTR record wrong?

    I have a server I frequent that has an IP address of 10.1.1.2.  It acts as an OD and AD server, DNS server, IM server and a few other things. 
    As of now, the DNS server only has 1 entry in it, for the DNS server itself.  I got a request to add a second A record for a new accounting server.  Easy enough right?  I added an A record under my primary zone and made sure it was FQDN.  I went to ping it by name and by IP and no luck - no resolution.
    Whats odd is when I look at my records, I have 2 groupings of PTR records.  One is my new one which makes sense : 1.1.10.in-addr.arpa.  The other is the one that the DNS server originally had: 2.1.1.10.in-addr.arpa.
    I'm thinking this is why I can't get my new A record to work. 
    I really REALLY don't want to kill OD or AD here.  I know they lean on DNS to live.  I have to get this fixed though.  Can I delete both those records our of my primary zone, readd them, and all will work OK as long as I don't poke the primary zone?  I'm assuming I can't rename a PTR record directly, right?
    Any help would be super-duper appreciated!  I have to fix this ASAP (obviously, right?).
    Thanks!

    Your DNS server isn't really serving out much in the way of DNS, it's running the self-hosted configuration that's the default when no DNS services were established during the Mac OS X Server installation and configuration.
    And if DNS services aren't right, then yes, the rest of the stack tends to be spotty.  Including OD.
    Here is how to set up DNS on Mac OS X Server and then you should be able to migrate to correct DNS services without wrecking OD.  This if your existing domain choice and set-up for the self-hosted DNS was correct.
    Basically, you get to nuke the existing forward and reverse zone (the default install creates one of each), and establish a forward zone for your domain name (and not the host's FQDN), and add your host name (which doesn't need to be an FQDN in this context) into the forward zone.  This will then apply the zone name to create the FQDN.   Server Admin should then establish one or more reverse zones, and as needed.

  • Trace Route Doesn't Return DNS Name

    I changed from a Linksys E4200 to a 5505 and when I use trace route, it doesn't return a DNS name for each hop.   I can see the hops shown as asterisks.  Do I have to add something to inspect for this to work?                  

    Hi,
    You could try the following. (Depending if your "policy-map" configuration is as its default settings)
    policy-map global_policy
    class inspection_default
      inspect icmp error
      inspect icmp
    Then you could add the following to your ACL attached to your "outside" interface or configure a new ACL to your "outside" interface if it doesnt yet exist
    access-list OUTSIDE-IN remark Allow ICMP return messages
    access-list OUTSIDE-IN permit icmp any any unreachable
    access-list OUTSIDE-IN permit icmp any any time-exceeded
    access-list OUTSIDE-IN permit icmp any any echo-reply
    access-group OUTSIDE-IN in interface outside
    You will naturally use the existing ACL if you have one. If no ACL exists you can use the above configuration as it is.
    Hope this helps
    Please remember to mark the reply as the correct answer if it answered your question.
    Ask more if needed
    - Jouni

  • DNS server returns IP addresses even for domain na...

    Like a number of other people I have been looking at the BT Broadband service and have found that there is an issue with the current DNS server. What I / we have found is that the DNS server returns IP addresses even for domain names which should not resolve. See following -
    DNS results wildcarding (?): Warning
    Your ISP's DNS server returns IP addresses even for domain names which should not resolve. Instead of an error, the DNS server returns an address of 92.242.132.15, which resolves to unallocated.barefruit.co.uk.
    There are several possible explanations for this behavior. The most likely cause is that the ISP is attempting to profit from customer's typos by presenting advertisements in response to bad requests, but it could also be due to an error or misconfiguration in the DNS server.
    The big problem with this behavior is that it can potentially break any network application which relies on DNS properly returning an error when a name does not exist.
    The following lists your DNS server's behavior in more detail.
    www.{random}.com is mapped to 92.242.132.15.
    www.{random}.org is mapped to 92.242.132.15.
    fubar.{random}.com is mapped to 92.242.132.15.
    www.yahoo.cmo [sic] is mapped to 92.242.132.15.
    nxdomain.{random}.netalyzr.icsi.berkeley.edu is mapped to 92.242.132.15.
    Moderators could you please investigate this for us.
    Infinidim
    Megadodo Publications
    Ursa Minor Beta
    If you want to say thanks for a helpful answer, please click on the Ratings star on the left-hand side
    If the the reply answers your question then please mark as ’Mark as Accepted Solution’
    Solved!
    Go to Solution.

    RedAmberGreen wrote:
    BT use a Barefruit (which your post seems to suggest) service called 'Error Resolution'.
    http://www.barefruit.com/background/error_resoluti​on.php
    Any DNS that can not get resolved goes via this service and returns a page showing paid adverts and/or links related to what they think you were looking for.
    BT refer to this as 'BT Web Address Help' and can be turned off on an opt-out basis via this link: http://preferences.webaddresshelp.bt.com/selfcare/
    I assume BT's view is this helps improve the user experience and provides some directed help instead of a blank error page.
    Further details: http://www.bt.com/help/webaddresshelp
    Thanks for this RedAmberGreen.
    Infinidim
    Megadodo Publications
    Ursa Minor Beta
    If you want to say thanks for a helpful answer, please click on the Ratings star on the left-hand side
    If the the reply answers your question then please mark as ’Mark as Accepted Solution’

  • Time Capsule blinks yellow,when I go to airport utility to set up, it Says This apple wi-fi bse station doesn't have any DNS server addresses and might have trouble connecting to internet.  My internet works, but I can't back up anything. What do I do??

    Worked fine for about a couple of weeks after my son -law installed the time capsule.  I can access the Internet both from my wife's I phone and from my desktop.  I think that I need to get the DNS server numbers and put them in the two blanks; but where do I get them?  Thanks, Jim

    If the modem is also a router, either use the modem in bridge and run pppoe client on the TC.. that is assuming ADSL or similar eg vdsl. If it is cable service.. and the modem is a router, then bridge the TC.. go to internet page and select connect by ethernet and below that set connection sharing to bridge.
    Please tell us more about the modem if the above gives you issues.

  • DNS server provided by VPN to Mountain lion doesn't work

    We are producing proprietary VPN server and client. After upgrade to Mountain lion the DNS stopped working. I noticed that if_index is now in the dns resolver decription when scutil --dns is used for listing. This if_index refers to the physical network interface. So I tried to send public DNS server from our VPN server. It helped because the DNS resolution is done over physical interface. Problem is that we need to use private DNS server, that is the purpose of VPN. The only suspicious piece of code is
    str = SCDynamicStoreKeyCreateNetworkServiceEntity(0, kSCDynamicStoreDomainState, gs_dynamicCache.m_serviceId, kSCEntNetIPv4);
    whic copies IPv4 settings from primary IPv4 sesrvice. Can you recommend good article where I would find and understand DNS reolution guidelines for Mountain lion? It is impossible to find something about that if_index. And we are pretty sure that it works correctly on Lion.

    cima.m wrote:
    We are producing proprietary VPN server and client.
    Please don't. People absolutely detest those things. MacOS X includes perfectly good VPN clients that work far better than any proprietary VPN. Why don't you just change the server to work with what ships with MacOS X?

  • Why doesn't my airport express router issue proper DNS server address to DHCP clients?

    I have an Airport express router (version 7.6.4).  It was configured to connect to internet via a cable modem, acting as a router with NAT. This means it obtians WAN address from cable modem, and in LAN it assumes IP address 10.0.1.1 as a gateway, and issue IP address to my 4-5 wireless clients (MBA, iPads, PCs) vi DHCP.
    However I recently encounter an issue, that the router no longer issues DNS server address obtained from Cable Modem(206.x.x.x) but instead tell every DHCP client to use router ip address (10.0.1.1) as DNS server. I was pretty sure before Dec 2013 it is issueing (206.x.x.x) to all DHCP clients.
    Apparently now the Airport express is acting as a DNS server or as a DNS cache. This works sporadically and very often result in long DNS look up or DNS look up failure.
    Is this a bug or is it supposed to do so?  Any configuration can turn it off so Airport express will issue Cable modem obtained DNS server to DHCP clients?
    My network otherwise works fine. for some of the Clients (e.g. one MBA) I configured DNS for it mannually and it's internet is working very smoothly.

    But this will be a problem for my ipad and iphone that uses wifi.
    These devices either allow full DHCP. If you need to mannually enter DNS server, you will need to turn entire IP configuration to mannual and that will be a problem for me.

  • DNS requests from Solaris 10 box to Bind/MySQL DNS server fail

    We have some servers running solaris 9 and some running solaris 10. We also have a DNS server setup running BIND with the MySQL backend. When I query the DNS server from our solaris 9 boxes, they always work just fine. However, when I query the DNS server from our solaris 10 boxes, they always fail. Queries to other DNS servers from the Solaris 10 boxes work just fine - they only fail when being sent to this particular DNS server. Here's exactly what I'm doing:
    ON SOLARIS 9 BOX:
    bash-3.00$ nslookup google.com calo-sunset
    Server: calo-sunset
    Address: <IP_OF_DNS_SERVER>#53
    Non-authoritative answer:
    Name: google.com
    Address: 64.233.187.99
    Name: google.com
    Address: 72.14.207.99
    Name: google.com
    Address: 209.85.171.99
    ON SOLARIS 10 BOX:
    bash-2.05$ nslookup google.com calo-sunset
    *** Can't find server name for address <IP_OF_DNS_SERVER>: Non-existent host/domain
    *** Default servers are not available
    In the case of the SOLARIS 10 box, <IP_OF_DNS_SERVER> is correct - it knows the IP address of the DNS server, but apparently it doesn't recognize that it's actually a DNS server.
    I am utterly perplexed by this. It seems to me that a DNS request is a DNS request, regardless of your OS. Clearly something is different from Solaris 9 to Solaris 10 though because the requests fail on all of our solaris 10 boxes, and they succeed on all of our Solaris 9 boxes. Incidentally, dig requests from the Solaris 10 box also fail, where they succeed on the Solaris 9 boxes.
    I don't really know what other information I could offer that might be useful. If you have any information at all about this or ideas on what I might try to troubleshoot/fix it, I'd love to hear it. Thanks in advance.

    First off, I am an idiot. I got this entire post backwards. The fact is that the DNS requests work swimmingly well on our Solaris 10 boxes. They fail on our Solaris 9 boxes. I don't know how I managed to read this post all of these times and not notice that I got that backwards. Nice.
    In any case, I've found the problem. It was non-trivial to me because I am not terribly familiar with the inner-workings of DNS. To those who are, it may seem painfully obvious. To me it certainly was not.
    The problem was that the DNS server (BIND 9 with MySQL backend) did not contain a reverse DNS entry for itself. Apparently this is a big problem for Solaris 9. I got a hint that this might be the cause when I turned on verbose debugging info when I ran nslookup (nslookup -d2). I had to add the PTR record for the DNS server itself. I don't know why Solaris 9 would require that a DNS server contain reverse DNS information about itself, but sure enough it does. As soon as I added that info, the Solaris 9 boxes were able to successfully query the DNS server. Very odd.
    Anyway, I doubt anyone else will come across this problem, but if you do, now you know something that might fix it.
    Edited by: dprater on Oct 7, 2008 8:09 PM

  • What DNS server is that in the window.. 65.254.254.102

    So. I have 1 DNS server, 1 DC, 1 GC etc. One.
    It essentially is a lightweight network only serving a few PCs. Strangely it is getting these events for a DNS that doesn't exist.
    The dynamic registration of the DNS record '_ldap._tcp.pdc._msdcs.araroprinting.com. 600 IN SRV 0 100 389 AGPYYC-SVR-003.araroprinting.com.' failed on the following DNS server:  
    DNS server IP address: 65.254.254.102 
    Returned Response Code (RCODE): 5 
    Returned Status Code: 9017  
    For computers and users to locate this domain controller, this record must be registered in DNS.  
    USER ACTION  
    Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support
    Center. To initiate registration of the DNS records by this domain  controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service. 
      Or, you can manually add this record to DNS, but it is not recommended.  
    ADDITIONAL DATA 
    Error Value: DNS bad key.
    I have looked this up and down all over and can't seem to find a) an answer that work and b) the DNS entry anywhere in the server. So what gives? I read through this conversation and it's almost identical. There is no old domains anywhere and I have run
    through all the suggestions. Anyone have some insight?
    -Jake

    Hi,
    You may try to restart NetLogon service on DC, in order to re-register related DNS record. Open CMD and type each line and end with Enter:
    Net stop netlogon
    Net start netlogon
    Check your DNS server and to see if the record is listed.
    Best Regards,
    Eve Wang
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • DNS Server settings not working as expected ....?

    Greetings
    I have our load balancer/firewall setup to where if someone enters a hostname like (www.example.com) it points it to a local server at 10.0.1.2
    When logged into the network, the DNS Server that pulls up is 10.0.1.1 (IP of firewall), which is fine, but I also have the two openDNS servers at the 2nd and 3rd slots manually entered.
    If the opendns servers are listed, the ping returns the public IP of www.example.com, but if removed, it does the right thing and pings the internal IP address.
    Even though the 10.0.1.1 DNS server setting is first, it doesn't seem to use that setting when you have DNS servers entered manually.... any idea why and how to make this stop?
    I prefer to leave the opendns settings in the DNS server settings (for when I'm switching around to various networks) ...

    Quick update. Added to a previously filed bug. Looks like it's assigned now so maybe we'll see a fix for this soon.
    https://bugzilla.mozilla.org/show_bug.cgi?id=563169

  • DNS Server - How does it resolve queries that aren't in it's zones?

    Footy wrote:
    Also if you have multiple DNS servers pointing at each other and no root hint or forwarders you get stuck in a loop of the two machines querying each other over and overNo. It doesn't. If the DNS server has no forwarders or root hints then it doesn't know how to get any further answers to the query so it returns a negative response. Read RFC 2308.

    So I'm trying to learn more about the basics of DNS, specifically DNS servers as that's what I'm having trouble with in my environment and trying to learn more about to fix.I know what DNS is and I think I have a pretty good handle on how it does what it does, but where I'm having trouble keeping up is figuring out how it resolves things outside of my local domain.For example, everything I've seen in searches says that if you've got two DCs on your domain you should have it set up like this:On DC1:DNS1: DC2DNS2: DC1On DC2:DNS1: DC1DNS2: DC2And you should have the workstations in your environment set with DC1 and DC2 as their primary and secondary DNS servers. Is that correct?If it is correct, then what happens when someone in the network goes to say www.google.comconsidering I don't have that name or IP address in my server's lookup...
    This topic first appeared in the Spiceworks Community

  • Searching in DNS Server

    Hi !
    This has been a question  in my mind since many days ago
    Why we cannot search DNS or maybe we can but i do not know how !
    we have about 10 zones and about 3000 entries in a 2008 R2 DNS server and many times we need to search for a specific record
    how can i search for a specific record in all zones ?
    Thanks

    I probably wont get credit, looks like this is already closed, but I found something.
    I have the same problem, looking for DNS with wildcards, and the export option does not work, it doesn't export the whole tree.  For me it is tedious, because I have to remove a bad DC, and the metdata cleanup was not smooth.  So I am having to
    go through DNS and clean it out manually.  With thousands upon thousands of records, and the DNS having random hex names, it is...unpleasant. 
    MICROSOFT, PLEASE ALLOW A "Right Click" SEARCH ALL for DNS!
    Solution:
    While trying to export from the command line DNSCMD (which I have not fully explored, maybe there is something here??) I stumbled across this folder C:\Windows\System32\DNS\Backup\  (NOTE IT IS THE BACKUP, SO DELETED entries may already be gone) 
    and it has one giant text file with all the DNS entries in it.   To get a fresh copy of the file to search, use;
    dnscmd /ZoneExport Microsoft.local MSzone.txt
     This way I can 'find' with the current or backup file anyway I want, findstr being my preference, AND it will give me the full name.
    Missing the backup folder?  Try the windows backup, and be sure to include live data.  This part I am not so sure, we setup our backups long ago, maybe some more searching for DNS backup ;)
    Saving me HOURS of work!
    Hope this saves someone else some time too :)
    NOTES:
    I also found some interesting stuff when I was searching, namely if I searched with FIND or FINDSTR it would return an entry like this;
                            600     SRV     0 100 3268      SERVER.NAME.COM.
    so how to find it??  Turns out you need the line above it for the 'call' entry, if you find it in the file, you would find something like this;
    _gc._tcp.MYSITE._sites  600     SRV     0 100 3268      SERVER01.NAME.COM.
                            600     SRV     0 100 3268      SERVER.NAME.COM.
    Looking in the ZONE you dumped, start at _sites and you will find your entry.
    I ended up just using notepad find, and searching that way!
    BlankMonkey

Maybe you are looking for