Reverse Zone

Similar Messages

• DNS: reverse zone comes back after remove and some follow up issues

  hello community,
  after installation of OSL i had setup dns with a primary zone.
  the automatically created reverse zone for my internal network is fine.
  whenever i enter a new system the default for the ip address is 10.0.0.1 and the reverse zone is automatically setup for this ip address.
  whenever i remove this reverse zone it come back automatically after saving the dns configuration.
  with this come some follow up error.
  server admin claim that there is no name server configured for this reverse zone.
  when i configure it the configured name server entry vanished after clicking the save button.
  when i try to configure settings i can not. i get the error message that the configuration can not be saved cause of the missing name server for the reverse zone i am not using ....
  in the log file i can see that the file for reverse zone can not be found.
  when i check the dns configuration in the shell i can see that the reverse zone file is not there.
  someone has an idea
  - whats the best way to fix this?
  - why is the gui still showing the reverse zone i am not using?
  - is the dns configuration also in the ldap db with wrong entries?
  regards
  christian

  Clean out your zone definitions, and start over. Server Admin is unfortunately seemingly fussy around the authoritative server stuff and the order stuff gets entered, and it seems you can get into a sequence where it doesn't have what it needs. I had encountered couple of cases when I was in a similar state as you're in now, and I ended up clearing and deleting the primary zone and re-adding the zone and the hosts, being careful to add the authoritative server as the first step of adding a zone.

• Strange behaviour of OS X Server DNS with IPv6 reverse zones

  I am running a full IPv4 / IPv6 dual stack setup across several machiens including a server (OS X 10.9.1 / OS X Server 3.0.2). I also have IPv6 Internet access via TunnelBroker and have a /64 prefix assigned to me. All my systems have valid and correct IPv6 addresses (not temporary ones) from the range denoted by that prefix.
  I have setup IPv4 and IPv6 addresses for all my systems in OS X Server DNS and that works fine. However, when I add an IPv6 address for a system, the DNS server (or maybe the server GUI) insists on creating a reverse zone for the /127 version of the address. This means I pretty much have a separate reverse zone for every system, which seems crazy to me. it is especially annoying as I have another DNS server where all my zones are defined as slave zoes (for availability reasons) and thsi makes the process of addign a new IPv6 host somewhat tedious. I tried pre-creating a properly named reverse zone for the /64 prefix but the DNS server would not use that and still persists in creating these strange zones.
  Here is a (fictitous example)...
  My /64 prefix is 2001:fd0:f19:2ab::/64
  I have a system with an address of 2001:fd0:f19:2ab:7e6d:62ff:fe8a:a84c
  I add this to OS X Server DNS and it created the reverse DNS zone:
  4.8.a.a.8.e.f.f.f.2.6.d.6.e.7.b.a.2.0.9.1.f.0.0.d.f.0.1.0.0.2.ip6.arpa
  whereas I would expect it to instead add it to the zone
  b.a.2.0.9.1.f.0.0.d.f.0.1.0.0.2.ip6.arpa
  if that zone already exists.
  Has anyone else noticed this? Or do you have it working as one might expect?

  Chris..
  I, too, have the same problem.  I take issue with much of the OS X "Server" after it has been so completely dummed down that it is virtually useless for anyone that would actually like to utilize it as an actual, as the name implies, "SERVER."  I won't get into all of the details of everything that drives me crazy with Apple's decisions here but, suffice it to say, I am EXTREMELY DISAPPOINTED with Apple more than ever.  They should, at a minimum, offer a full-fledged server like they used to have, for an additional price, for people that need more than a nice looking interface and a worthless box.
  That being said, the DNS server, like the rest of the OS X Mavericks Server, is dummed down to the point of allowing very little customization.  Short of using the command line, which I have decided to do (I scrapped the OS X server all together, and just set up BIND, openLDAP, DHCP, Quagga, etc. from the CLI just like I do with all of my Linux servers), there is not much you can do to get the correct prefixes to show up in IPv6 reverse zones.  The reason is that when you enter the forward record, the interface does not give an option to enter the prefix.  So, it seems that for EACH AND EVERY v6 entry (AAAA record) you have (or at least every 10 entries), you will get a separate reverse zone.
  To be completely honest, I don't even know why they included IPv6 zones in this implementation because it is totally out of compliance with the RFCs and, obviously, will not provide proper and correct reverse lookups.  How could it? As you pointed out above, with a /64 prefix, you're getting a 31 digit long reverse zone (which, btw, is a /124)...***???  I've never heard of such a thing.  There should be 16 digits in a /64, 12 in a /48, 8 in /32 and so on.
  I don't think it is anything to do with your using a tunnel broker -- all of our systems are native IPv6 and all reverse queries to the Mac Server fail. 
  I can tell you how to use the CLI to manually enter the zones with the serveradmin tool, if you like, but my advice is to just move to a full fledged BIND implementation .... and, if you want some type of interface other than the console, use something like Webmin which has a GREAT DNS zone interface...and it also keeps up with the RFC compliance.
  Just message me back if you'd like the shell commands.  I hate to say this, it literally pains me, but I administer a ton of servers (physical and virtualized)... roughly 1000 +- to be exact...and WINDOWS Server has a DNS server that is so much further ahead and ADVANCED than Mac, it is disgusting.  In fact, we are running 12 Win Server 2012R2 Active Directory Domain Servers, each running synchronized DNS records and even with over 250,000 DNS records, it works like a champ.  Still, our primary and fail-safe DNS servers are all BIND v9.  Like I said, it is awful to say that about Mac, but dude, they need to wake up and either get back to the real-deal systems or just get out of the advanced product arena all together.  (one exception...my new MacPRO is AWESOME and the most advanced piece of computing equipment money can buy for the price...so kudos there)
  Sorry about the rant, but when i read your post, I was reminded how frustrated I am at all of this nonsense.
  Take care...and good luck.

• Looking for best practices when creating DNS reverse zones for DHCP

  Hello,
  We are migrating from ISC DHCP to Microsoft DHCP. We would like the DHCP server to automatically update DNS A and PTR records for computers when they get an IP. The question is, what is the best practice for creating the reverse look up zones in DNS? Here
  is an example:
  10.0.1.0/23
  This would give out IPs from 10.0.1.1-10.0.2.254. So with this in mind, do we then create the following reverse DNS zones?:
  1.0.10.in-addr.arpa AND 2.0.10.in-addr.arpa
  OR do we only create:
  0.10.in-addr.arpa And both 10.0.1 and 10.0.2 addresses will get stuffed into those zones.
  Or is there an even better way that I haven't thought about? Thanks in advance.

  Hi,
  Base on your description, creating two reverse DNS zones 1.0.10.in-addr.arpa and 2.0.10.in-addr.arpa, or creating one reverse DNS zone 0.10.in-addr.arpa, both methods are all right.
  Best Regards,
  Tina

• Windows 2012 adds an incorrect name when creating a PTR Record in a /56 reverse zone using MMC

  Hello,
  I have created a reverse lookup zone for 2001:bc8:3f83:0200::/56, when I add a PTR record for 2001:bc8:3f83:0200::200:99, the MMC snap-in adds a zero group in my address and adds a record for 2001:bc8:3f83:0200:0000:0000:0000:200:99.
  Zone creation :
  http://imageshack.com/a/img673/4018/JFf7BX.jpg
  PTR creation :
  http://imageshack.com/a/img538/9239/bZqaQl.jpg
  Result :
  a PTR with address 2001:bc8:3f83:0200:0000:0000:0000:200:99 :
  http://imageshack.com/a/img673/8793/3EcxOW.jpg
  (Sorry for the image links, the forum would not allow me to post images...)

  Hi,
  According to your description, my understanding is that the name of PTR record(IPv6) displayed as 2001:bc8:3f83:0200:0000:0000:0000:200:99, but when open its Properties, the Host IP address option displayed as 2001:bc8:3f83:0200:0000:0000:200:99.
  I have the similar problem on my test device Windows Server 2012, but this problem do not occurred on Windows Server 2012 R2. They have different ways to type the Host IP address. And it is may be related to the prefix digit number – not the integer multiple
  of 16.
  You may try to update your server to the latest version. Or a work around way to manually add the PTR record of IPv6 by command line:
  dnscmd <ServerName> /RecordAdd <ZoneName> <NodeName> [/Aging] [/OpenAcl] [<Ttl>] PTR <HostName>|<DomainName>
  Detailed information reference link:
  https://technet.microsoft.com/en-us/library/cc844045(v=ws.10).aspx
  Best Regards,
  Eve Wang
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Application directory Partition, Reverse lookup Zone , after Installation of Tree Domain

  I have multiple domains (Windows Server 2008 Enterprize, and funtional level 2008) in an exisiting forest
  after installation of new Tree domain i am facing the problem in creating reverse zone in DNS
  Error message
  "the partition to replicate zone data top all dns server that domain controllers on the active directory ws not created. The application directory partition operation failed. the domain controller holding the domain naming master role is down or unable
  to service the request or is not running windows 2003"
  plz reply soon i am facing a trouble .
  Wajahat

  The error message states that your domain naming master role holder is down or not responding.
  First, you need to identify which one of your DCs is the holder of this FSMO role: You can use
  netdom query fsmo command for that. If there is no DC that is currently holding this FSMO role then you need to size to one of them: https://support.microsoft.com/KB/255504?wa=wsignin1.0
  If one of your DCs is holding the role then you need to check why it is not responding or unreachable. This could be checked by running
  dcdiag on this DC to do a health check.
  I would also recommend that you refer to recommendations I shared here: http://www.ahmedmalek.com/web/fr/articles.asp?artid=23
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Change reverse lookup zone replication

  We have a windows 2008 R2 domain / forest.
  One Root domain and 2 childdomains. A DC/DNS server in the root domain is the scavenging server in the forest
  Long story short, i noticed that the replication of the reverse lookup zone in one childomain, is set to All DC's in this domain, instead of to all DNS servers in the forest.
  I want to change this because we have a lot of duplicate in the reverse zone, and encounter issues with remote desktop or remote asstistance.
  Can i change this to "all DNS servers running on domain controllers in this forest" without any downtime / issues?
  Thanx

  Suffixes should be configured on EVERY machine, not just DCs. This way any machine can resolve anything in the infrastructure. That's the goal to design DNS.
  If you want to go to forest wide replication, the first thing you must do is set all child DCs to ONLY use the forest root DNS servers. Don't worry about servers and clients in the child domains at this time that may be pointing to the child DC/DNS for the
  moment, because you will be doing this during a maintenance window and we'll get to them later... Stick with me a second...
  Then you would change the replication scope on the parent root domain DNS servers ONLY.
  Then WAIT for replication to happen. Go have lunch, go see a movie, etc... Then check the zone properties on a few DCs at the parent, and especially the child domains' DCs, to make sure that they reflect the zone is now set to forest wide replication.
  Now on a child domain DC, create a test record. Check the partner DCs and the other child domain DCs, and the parent root domain DCs to see if it replicated. If it did, you're good to go.
  Once you've confirmed that they are all showing forest wide replication, and the test worked, then change the child domain DCs to point to it's partner DC as the first entry, and itself or the loopback as the second entry.
  And yes, delegate the _msdcs zone. First create the _msdcs.domain.local zone, and set updates to Secure Only, and put it in the forest scope. Then go to domain.local, right-click, delegate, type in _msdcs, and type in the forest root DCs' IP.
  Hope that helps.
  Ace Fekay
  MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
  This posting is provided AS-IS with no warranties or guarantees and confers no rights.

• Can't delete primary zone in DNS after moving the server

  Woe is me!
  Our MacMini was hosted at a Colo site and working fine. No firewall in front of the machine, so we turned on the server firewall and only allowed mail, web, ftp, and a couple of other services. This worked great using our external public DNS wired to our domain names and public fixed IP address. Later, we got VPN up a running (the trick was to create a second, local IP address for the ethernet port), but this also required us to turn on the server's DNS to create a split-brained DNS server.
  Everything was working swimmingly... and then we had a hard drive crash. Since we were thinking about moving the server onsite anyway (our POS system was accessed through the VPN, but it could be slow and made our tasting room dependent on Internet access in order to run the POS), we ordered Comcast business class internet with a fixed IP address.
  We updated the external public DNS to the new public fixed ip. Rather than plug the mini directly to the Comcast router (which is in pass-through mode), we elected to put a AirPort Extreme in front of it, mainly so we could get all of the POS computers on the same local network without using the mini as a DHCP/NAT router. We created a DHCP reservation on the Extreme so that the mini had a fixed local IP address. We port forwarded everything we wanted to expose to the Internet. Email started to work again. However, web services and VPN are nada.
  This being Snow Leopard Server and having spent literally hours debugging DNS issues when we first got the server, I knew it wouldn't be straightforward. And it hasn't been. Even changing the IP address of the server has been a chore.
  We ran "sudo changeip <old IP address> <new IP address>".
  Then we ran "sudo changeip -checkhostname" and received:
  "$ sudo changeip -checkhostname
  Primary address     = 10.0.8.2 <new static internal IP address>
  Current HostName    = <servername>.<domainname>.com
  The DNS hostname is not available, please repair DNS and re-run this tool.
  dirserv:success = "success""
  Oh no, the black pit of death.
  Even though I tried to modify the machine record in the local DNS to reflect the new internal static IP address, Nada.
  So, looking back on my previous research from Mr Hoffman and others, I stopped the DNS service, and I deleted the primary zone and reverse lookups in order to rebuild them from scratch. Except that no matter what I do, I can't delete the primary zone - it comes back like Dracula (even though the reverse zone and all of the zone records are gone). I tried rebuilding everything using the undeletable zone, but after a few services (saved each one separately), they would suddenly disappear.
  I am leery of messing with the DNS files on the server as I don't want to hose up Server Admin (my command line skills are rudimentary and slow). I have so much installed on the machine now that I am concerned about someone saying "reinstall".
  Help!
  Related to this is that it is not clear to me in web services which IP address you should use for the sites. The internal IP? The public IP? I thought Apache cared about the external IP address. And I think Apache is hosed at the moment due to my DNS troubles anyway.
  Thanks in advance!

  Morris Zwick wrote:
  And does anyone know which IP you enter for your sites in the web service? The public static IP or the internal private static IP?
  For the external DNS server I am sure you have already deduced that it should be the static IP issued you by Comcast and this will be forwarded by your router to your server.
  For your internal DNS server you could use either the internal LAN IP, or the external IP although the later might be affected by your firewall so this you will need to test.
  For the Web Server service in Server admin, if your only running a single website you could avoid the issue by just using the wildcard entry which will respond to any IP address, so this would be an empty host name and an IP address of *
  In fact you don't have to specify an IP address you could just use the hostname, so it will listen to traffic arriving at your server addressed to any IP address and as long as the URL that was requested includes the hostname you define for the site it will get responded to. So if as an example you have two websites you want to serve
  www.example.com
  site2.example.com
  then as long as both have the IP address for the site as an * (asterisk) then both should work as separate sites for traffic addressed to either the LAN or WAN IP address of the server.
  You will still need to use two IP addresses on the server to enable VPN, you could use a USB Ethernet adapter for the second one. Port forwarding for VPN is not as simple as other traffic as VPN requires traffic different to the standard IP and UDP packets. Routers that support 'VPN Passthrough' are specifically designed to accomodate this but I don't know if the AirPort Extreme does this. I have also found PPTP copes better with this sort of setup than L2TP although PPTP is generally regarded as less secure.

• DHCP-Server (2008 R2) is not updating Reverse-DNS-Pointer

  Hi there,
  we have a 2008 R2 DHCP running. The DHCP is using an user which is member of "DnsUpdateProxy"-AD-Group to create, update and delete DNS-entries. Also the Option "Always dynamically update dns A and ptr records"
  is set!
  Now I have a strange behavior, that the Forward-DNS-Entries are created and updated correctly, but not the Reverse-Entries. There are no Errors in the DHCP-Log regarding problems with registering DNS-entries...
  What should I check?!
  Regards
  Miranda

  Hi,
  Thanks for your share.
  In general, DNS Reverse Lookup Zone is not created automatically. In addition,  does the Reverse-Zone you mentioned mean DNS Reverse Lookup Zone? If yes, I am sorry to say that I have never heard a way can achieve that. Maybe a script or command can
  do that.
  Best regards,
  Susie

• DNS - can't remove "0.0.10.in-addr.arpa" reverse domain!

  I'm having some trouble with DNS behind our firewall. In this case we have an internal block of IP's. We're using the public 10.0.1.xxx subnet. Using OS X Server's DNS service to attempt to add a virtual host to our to our previously working network has created some trouble. First of it always adds the Reverse Zone 0.0.10.in-addr.arpa. to our Zones list. The working one is 1.0.10.in-addr.arpa. so why does it insist on adding this other one? I delete it and save. But it reappears immediately...
  It even shows in the log:
  +03-Sep-2009 08:50:12.083 zone 0.0.10.in-addr.arpa/IN/com.apple.ServerAdmin.DNS.public: loading from master file db.0.0.10.in-addr.arpa. failed: file not found+
  Server is running Leopard (10.5.8)

  Hi,
  When you set up your Kerberos realm on the original 10.0.x.x DNS zone with its accompanying x.0.10.in-addr.arpa then you established a required service. If you still had OD master with Kerberos running when you deleted the 10.0.x.x zone then Kerberos failed and kept trying to use the reverse pointer x.0.10.in-addr.arpa.
  You will probably have to take the OD back to standalone after setting up the new zone with the new address and its reverse pointer. Give the new zone a different host name which results in a new realm. Then repromote OD and have Kerberos established with the new realm and DNS setup.
  At this point it seems Kerberos is borked and you don't have much choice about going to standalone and repromoting to get it back.
  HTH,
  Harry

• DNS - NS entry on reverse lookup has changed - how to reset?

  Hi,
  When I view the DNS setup through the GUI in server admin everything looks as it should. However when I use Lookup in Network Utility there is a problem with the ns entry.
  Using lookup on the servers FQDN (xserve.company.com) returns the correct NS entry, which is xserve.company.com. However when I query the servers IP address to perform a reverse lookup the NS entry shows ns.company.com
  when I intially set up DNS all was checked and verified. Recently someone on site stopped some services and performed a hard reboot of the server as they thought it had frozen. Next time I came to the site to check things I noticed this NS entry discrepancy.
  How do I or indeed can I get the NS entry on the reverse lookup back to xserve.company.com?
  Thanks

  Hi Jeff,
  Config files in /var/named/zones appear to contain the incorrect NS entries
  There are two files in the zones directory:
  db.0.1.10.in-addr.arpa.zone.apple
  **$TTL 10800**
  **0.1.10.in-addr.arpa. IN SOA ns.company.com. admin.0.1.10.in-addr.arpa. (**
  **2009031300 ;Serial**
  **86400 ;Refresh**
  **7200 ;Retry**
  **2592000 ;Expire**
  **345600 ;Negative caching TTL**
  **0.1.10.in-addr.arpa. IN NS ns.company.com.**
  **10.0.1.10.in-addr.arpa. IN PTR xserve.company.com.**
  **db.0.1.10.in-addr.arpa.zone.apple (END)**
  and
  db.company.com.zone.apple
  $TTL 10800
  company.com. IN +SOA xserve+ john.company.com (
  2009042901 ;Serial
  86400 ;Refresh
  3600 ;Retry
  604800 ;Expire
  345600 ;Negative caching TTL
  company.com. IN +NS xserve+
  xserve IN A 10.1.0.10
  xserve IN HINFO "Apple XServe" "OSX Server 10.5.6"
  db.company.com.zone.apple (END)
  What I notice is that there are the incorrect NS entries in the reverse zone file but there are also differences in the forward zone file compared to another correctly working server - namely that in the above case the SOA and NS entry simply consist of the name xserve but on the other server these entries have the full domain name. (I italicized these entries so you know which I am referring to)
  I guess my questions now are:
  1) Should I go ahead and backup these files and edit the NS entries in the reverse zone file?
  2) Should I also edit the forward zone file SOA and NS entries to the full domain name?
  3) Should I stop the DNS service prior to making these changes and restart it afterwards or make the changes and then stop it and start it?
  Thankyou very much for your patience and time.

• Adding another machine to Primary Zone

  Adding another machine to Primary Zone
  I have a good split-DNS configuration that has been working without issue for some months now since I installed OS X Server Snow Leopard (Mac Mini) at my company's office. We have another machine used as a file server (Mac Pro), without the dedicated server OS installed.
  We want to add a virtualized instance of Windows Server 2008 R2 as a guest OS on the Mac Pro via VMWare Fusion. We want to use this Windows Server instance to host some private web based services for our corporate team (intended to be reachable from within the local private network, and remotely, from the public internet (with proper authorization to access only).
  So far so good:
  -WinServer2008R2 installed as a guest OS on the host Mac Pro
  -WinServer's virtual NIC is in bridged mode (joins the host OS's physical network)
  -WinServer instance configured with an IP 10.0.1.33, which is set aside and reserved for the WinServer by the local DHCP service on the same network
  -WinServer successfully installed and tested IIS7 - both localhost from the WinServer instance and http://10.0.1.33 from other machines on the local private network (and from remote VPN clients) resolve to the WinServer's IIS default page properly.
  Where I am stumbling now in configuring DNS on the Mac Mini to properly forward requests aimed at the WinServer instance.
  DNS for the local domain is controlled by the Mac Mini. The configuration has been quite simple up to now, as that has met our needs. Just one Primary Zone and one Reverse Zone. We have an external DNS service from DYNDNS that handles any request for our domain from the external public internet. For now I'm not concerned with altering the external DNS service. Once I get the name service to properly resolve requests for the WinServer instance from the local domain, then I'll move onto matching up the external DNS.
  --Primary Zones
  Primary Zone:
  Primary Zone Name: ourcompany.net.
  Nameservers: Zone: ourcompany.net. Nameserver Hostname: server.ourcompany.net.
  --Records
  Machine Record:
  Machine Name: server.ourcompany.net.
  IP Address: 10.0.1.11
  --Reverse Zones
  Reverse Zone:
  Reverse Zone Name: 11.1.0.10.in-addr.arpa.
  Nameservers: Zone: 11.1.0.10.in-addr.arpa. Nameserver Hostname: server.ourcompany.net.
  Resolve 10.0.1.11 to: server.ourcompany.net.
  The -checkhostname command returns:
  Primary address = 10.0.1.11
  Current HostName = server.ourcompany.net
  DNS HostName = server.ourcompany.net
  The names match. There is nothing to change.
  dirserv:success = "success"
  So I attempted to add a Machine Record to the Primary Zone with the following settings:
  Machine Record:
  Machine Name: dash.thewcateam.net.
  IP Address: 10.0.1.33
  When I did this it added the following Reverse Zone:
  Reverse Zone:
  Reverse Zone Name: 1.0.10.in-addr.arpa.
  Nameservers: Zone: 1.0.10.in-addr.arpa. Nameserver Hostname: server.ourcompany.net.
  Resolve 10.0.1.33 to: dash.ourcompany.net.
  And with the following records added I don't seem to have a proper resolution to 10.0.1.33 when requesting dash.ourcompany.net.
  I'm wondering where I should look next in troubleshooting this issue. Any pointers or advice would be very appreciated.

  Remove the "Reverse Zone Name: 11.1.0.10.in-addr.arpa."
  It's probably left from when you first configured the server.
  Though the "Primary Zone Name: ourcompany.net." seems correct.
  Then update the 10.0.1.11 record so it's added to the right reverse zone - "1.0.10.in-addr.arpa."
  In a MacPro we run VM Ware on a separate interface (en1/"Built in 2") that is forced up using a LaunchDaemon. "Built in 2" must be active in Network config in OS X but don't need to be configured (red "LED").
  That way the MacPro can use it's own IP on the en0 interface without disturbing en1 and vice versa.

• No Name Available / No Reverse DNS Entry in System Log

  On our network, we have two Macs running different versions of OSX Server software. Our "main" server is a G5 dual 2GHz (2.5 Gb RAM) running Leopard Server 10.5.6, and it runs most of our major services such as Open Directory (it’s designated an OD Master), Mail, Web, FTP and DNS. Our "secondary" server is an XServe dual 2.3GHz (G5) (2 Gb RAM) running Tiger Server 10.4.11. It only runs the AFP service and exists solely as our company’s fileserver. Both of its ethernet ports are connected to our company’s 10/100 switch, and the ports are configured as follows: Built-in Ethernet 2 (BSD Device Name en1) IP addr. 10.1.10.154; Built-in Ethernet 1 (BSD Device Name en0) IP addr. 10.1.10.152. In the Network control panel’s Network Port Configurations, Built-in Ethernet 2 (IP address 10.1.154) is moved to the top of the configuration window and as a result, Network Status indicates that that XServe "is connected to the Internet via Built-in Ethernet 2."
  That said, I see the following every 30 minutes in the System log:
  Apr 20 11:01:51 NAGXServe2 servermgrd: servermgr_dns: no name available via DNS for 10.1.10.154
  Apr 20 11:01:51 NAGXServe2 servermgrd: servermgr_dns: no reverse DNS entry for server, various services may not function properly
  This doesn’t cause any apparent problems in daily operation but if it’s something I could fix myself, I’d be willing to try. In the TCP/IP configuration for both ports, the DNS Server entry points to our "main" G5 server (which has a static IP address) and the Search Domain entry is that "main" G5 server’s domain name.
  In the DNS setup on the "main" G5 server, its domain name is entered in the "Primary Zone" field and its static IP address is entered in the Reverse Zone field; Whois lookups work successfully both forward and backward. But there is no mention of our "secondary" server anywhere in the "main" G5 server’s DNS setup.
  Thanks for any help!

  I am going to assume that the IP addresses you have given are REAL.
  You have to add an entry for NAGXServe2 in the DNS server's (NAGXServe1?) configs.
  First, what you need to enter are hostnames. The zone/domainname (example.com) should resolve to one representative server (your main server) for www service's sake, but otherwise, even your main server should have its own hostname (hostname.example.com).
  Let's say you already have an entry for your domain, example.com. This zone should already have one (or even two) A record, nagxserve1.example.com (and maybe example.com, without any hostname). You need to add another A record for nagxserve2.example.com with the IP address 10.1.10.154.
  You do this buy selecting "Computer (A) record" from the "Add record" dropdown button. A new A record called "newMachine" should appear under the zone record. If you can't see it, try clicking on the little triangle next to the zone/domain name.

• 2 domain, each with 2 way transitive truts, with sub domains pointing to the same DNS server (how should forward and reserver look zone be configured)

  Hello,
  I found a test environment and I just trying to understand how it works.
  If I have two domains (a.com and b.com) with sub domains(a1.com and b1.com) with two way trust and I want them to point to a Windows DNS server. How should the Forward lookup zones and Reverse lookup zones be configured? In forward lookup
  zones do I just add a new zone, make them all primary since only one DNS server, add a.com and b.com and do the same for reverse zones.
  Do the sub domains need to be added? What about pointers? Do I add the IP address of a.com and b.com in reverse lookup zones.
  A side question: When you create a Domain with dns AD intergrated the forward and reserve lookup are automatically created. You don't need to add the zone of the domain you just created but have to add zones of other domains.

  Hello,
  I found a test environment and I just trying to understand how it works.
  If I have two domains (a.com and b.com) with sub domains(a1.com and b1.com) with two way trust and I want them to point to a Windows DNS server. How should the Forward lookup zones and Reverse lookup zones be configured? In forward lookup
  zones do I just add a new zone, make them all primary since only one DNS server, add a.com and b.com and do the same for reverse zones.
  Do the sub domains need to be added? What about pointers? Do I add the IP address of a.com and b.com in reverse lookup zones.
  A side question: When you create a Domain with dns AD intergrated the forward and reserve lookup are automatically created. You don't need to add the zone of the domain you just created but have to add zones of other domains.
  Make each domain controller as a DNS server too. Reverse lookup zones & forwarders are not replicated automatically. You can create AD-Integrated reverse lookup zone & set the replication scope.
  You can create AD-Integrated DNS zones in the parent/root domain, set the replication scope to the forest-wide & delegate the zones for handling request locally. Once you create AD-Integrated DNS zone & set the replication scope forest wide, all
  the zones will appear automatically in each domain's DNS server.
  http://awinish.wordpress.com/2011/04/09/configuring-dns-in-child-domain/
  Awinish Vishwakarma - MVP
  My Blog: awinish.wordpress.com
  Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

• When trying to assign IP reservation in IPAM, Domain does not appear in Forward lookup zone drop-down list

  I am trying to assign reserved IP Addresses through IPAM that is installed on a Server 2012 OS.  Here is the procedure I have been following:
  Login to IPAM server
  Open Server Manager
  In left-hand column select IPAM
  In left-center column expand IP ADDRESS SPACE
  Select IP Address Range Groups
  Right-click the appropriate address range and select Find and Allocate Available IP Address
  In new window, scroll down to Basic Configurations
  I can input the basic configurations with no problem.  DHCP Reservation Synchronizations look good too.  But when I get down to DNS Record Synchronization, I can't do anything with the Forward lookup zones because nothing appears in the drop-down
  lists and I cannot manually enter the zone name.  Here is a screen shot of what I see at this point:
  Without completing this information, I cannot complete the Address Reservation.
  Any help or insight will be greatly appreciated.
  Thanks!
  Tom LaLumiere

  Hi Tom,
  This happens if your DNS servers that are managed by IPAM are not authoritative and primary for any zones, if they are not authoritative for the appropriate zones, or if there are not any DNS servers managed by IPAM.
  See the examples below. Here my DNS server is authoritative for 4 forward zones and 2 reverse zones. I can choose any of the forward zones but assuming I pick a range such as 10.0.1.0, I would be unable to choose the 168.192.in-addr.arpa zone because the
  IP addresses do not match.
  -Greg