Configuring reverse lookups
Configuring reverse lookups
Forward lookups are used to resolve domain names to IP addresses. Reverse lookups are used to resolve IP addresses to domain names. Each segment on your network should have a reverse lookup zone. For example, if you have the subnets 192.168.10.0, 192.168.11.0, and 192.168.12.0, you should have three reverse lookup zones.
The standard naming convention for reverse lookup zones is to enter the network ID in reverse order and then use the suffix in-addr.arpa. With the previous example, you’d have reverse lookup zones named 10.168.192.in-addr.arpa, 11.168.192.in-addr.arpa, and 12.168.192.in-addr.arpa. Records in the reverse lookup zone must be in sync with the forward lookup zone. If the zones get out of sync, authentication might fail for the domain.
You create reverse lookup zones by following these steps:
1. Start the DNS Manager console. If the server you want to configure isn’t listed, connect to it as described previously.
2. Press and hold or right-click the server entry, and then tap or click New Zone to start the New Zone Wizard. Tap or click Next.
3. If you’re configuring a primary server integrated with Active Directory (a domain controller), select Primary Zone and be sure that Store The Zone In Active Directory is selected. If you don’t want to integrate DNS with Active Directory, select Primary Zone, and then clear the Store The Zone In Active Directory check box. Tap or click Next.
4. If you’re configuring a reverse lookup zone for a secondary server, select Secondary Zone, and then tap or click Next.
5. If you’re integrating the zone with Active Directory, choose one of the following replication strategies:
? To All DNS Servers Running On Domain Controllers In This Forest Choose this strategy if you want the widest replication strategy. Remember, the Active Directory forest includes all domain trees that share the directory data with the current domain.
? To All DNS Servers Running On Domain Controllers In This Domain Choose this strategy if you want to replicate DNS information within the current domain.
? To All Domain Controllers In This Domain (For Windows 200 °Compatibility) Choose this strategy if you want to replicate DNS information to all domain controllers within the current domain, as needed for Windows 2000 compatibility. Although this strategy gives wider replication for DNS information within the domain, not every domain controller is a DNS server as well (and you don’t need to configure every domain controller as a DNS server either).
6. Select Reverse Lookup Zone, and then tap or click Next.
7. Choose whether you want to create a reverse lookup zone for IPv4 or IPv6 addresses, and then tap or click Next. Do one of the following:
? If you are configuring a reverse lookup zone for IPv4, enter the network ID for the reverse lookup zone. The values you enter set the default name for the reverse lookup zone. Tap or click Next.
? If you have multiple subnets on the same network, such as 192.168.10 and 192.168.11, you can enter only the network portion for the zone name. For example, you could enter 192.168. In this case, you’d have 168.192.in-addr.arpa as the zone name and allow the DNS Manager console to create the necessary subnet zones when needed.
? If you are configuring a reverse lookup zone for IPv6, enter the network prefix for the reverse lookup zone. The values you enter are used to automatically generate the related zone names. Depending on the prefix you enter, you can create up to eight zones. Tap or click Next.
8. If you’re configuring a primary or secondary server that isn’t integrated with Active Directory, you need to set the zone file name. A default name for the zone’s DNS database file should be filled in for you. You can use this name or enter a new file name. Tap or click Next.
9. Specify whether dynamic updates are allowed. You have three options:
? Allow Only Secure Dynamic Updates When the zone is integrated with Active Directory, you can use ACLs to restrict which clients can perform dynamic updates. With this option selected, only clients with authorized computer accounts and approved ACLs can dynamically update their resource records in DNS when changes occur.
? Allow Both Nonsecure And Secure Dynamic Updates Choose this option to allow any client to update its resource records in DNS when changes occur. Clients can be secure or nonsecure.
? Do Not Allow Dynamic Updates Choosing this option disables dynamic updates in DNS. You should use this option only when the zone isn’t integrated with Active Directory.
10. Tap or click Next, and then tap or click Finish. The new zone is added to the server, and basic DNS records are created automatically.
After you set up the reverse lookup zones, you need to ensure that delegation for the zones is handled properly. Contact your networking team or your ISP to ensure that the zones are registered with the parent domain.