in-addr.arpa

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

A year ago I build a new W2K forest (root domain) and then
upgraded an NT4.0 domain into a second domain in the
forest.

Prior to that we had a standard public DNS structure (for
mostly non-MS devices).

At the time of the migration (upgrade) to W2K we created
new internal-only forward zones for the W2K-AD.

Because I didn't want to break the existing in-arpa
reverse zones at that time I elected not to change my
reverse zones to dynamic zones.

Thus, my AD zones have been running for a year without
being able to do any reverse lookups, but nothing appears
to be broken. All services (servers/clients) work fine.

Does any MS OSs use/do reverse zone lookups?

What are the consequences of not having any in-addr.arpa
entries for my AD forest/domains. I'm even running E2K
successfully, at least as far as I can tell.

The only service that acts weird is the licensing server
which has replicated the original licenses of the updated
domain several times within it's database.

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In article <1d4a01c4acb7$6c819200$a401280a@phx.gbl>,
anonymous@discussions.microsoft.com says...
>
>A year ago I build a new W2K forest (root domain) and then
>upgraded an NT4.0 domain into a second domain in the
>forest.
>
>Prior to that we had a standard public DNS structure (for
>mostly non-MS devices).
>
>At the time of the migration (upgrade) to W2K we created
>new internal-only forward zones for the W2K-AD.
>
>Because I didn't want to break the existing in-arpa
>reverse zones at that time I elected not to change my
>reverse zones to dynamic zones.
>
>Thus, my AD zones have been running for a year without
>being able to do any reverse lookups, but nothing appears
>to be broken. All services (servers/clients) work fine.
>
>Does any MS OSs use/do reverse zone lookups?
>
>What are the consequences of not having any in-addr.arpa
>entries for my AD forest/domains. I'm even running E2K
>successfully, at least as far as I can tell.
>
>The only service that acts weird is the licensing server
>which has replicated the original licenses of the updated
>domain several times within it's database.
>
***************** REPLY SEPARATER ********************
In my humble opinion (IMHO), reverse lookup (PTR records) is a standard that
has basically outlived it's usefullness. At one time (when everyone had their
own public IP address), they were used to confirm the identity of the machine
connecting to larger networks such as a campus. It is a top down driven process
in which the authority must be allocated from the network above it. Because of
the fact that many domains can be supported on a single IP address, and because
of the difficulty in getting ISPs to maintain these records properly (some
don't even supply reverse records), they have become unreliable as an
identification method. Some mail servers will check to see that a reverse
record exists, but they can't really tie it to the domain name used.

That is the situation for public addresses. In terms of private networks
(192.168.0.0/10.0.0.0), I see even less utility. But that does not mean that a
good use could not be found.

J.A. Coutts

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

>-----Original Message-----
>In article <1d4a01c4acb7$6c819200$a401280a@phx.gbl>,
>anonymous@discussions.microsoft.com says...
>>
>>A year ago I build a new W2K forest (root domain) and
then
>>upgraded an NT4.0 domain into a second domain in the
>>forest.
>>
>>Prior to that we had a standard public DNS structure
(for
>>mostly non-MS devices).
>>
>>At the time of the migration (upgrade) to W2K we created
>>new internal-only forward zones for the W2K-AD.
>>
>>Because I didn't want to break the existing in-arpa
>>reverse zones at that time I elected not to change my
>>reverse zones to dynamic zones.
>>
>>Thus, my AD zones have been running for a year without
>>being able to do any reverse lookups, but nothing
appears
>>to be broken. All services (servers/clients) work fine.
>>
>>Does any MS OSs use/do reverse zone lookups?
>>
>>What are the consequences of not having any in-addr.arpa
>>entries for my AD forest/domains. I'm even running E2K
>>successfully, at least as far as I can tell.
>>
>>The only service that acts weird is the licensing server
>>which has replicated the original licenses of the
updated
>>domain several times within it's database.
>>
>***************** REPLY SEPARATER ********************
>In my humble opinion (IMHO), reverse lookup (PTR records)
is a standard that
>has basically outlived it's usefullness. At one time
(when everyone had their
>own public IP address), they were used to confirm the
identity of the machine
>connecting to larger networks such as a campus. It is a
top down driven process
>in which the authority must be allocated from the network
above it. Because of
>the fact that many domains can be supported on a single
IP address, and because
>of the difficulty in getting ISPs to maintain these
records properly (some
>don't even supply reverse records), they have become
unreliable as an
>identification method. Some mail servers will check to
see that a reverse
>record exists, but they can't really tie it to the domain
name used.
>
>That is the situation for public addresses. In terms of
private networks
>(192.168.0.0/10.0.0.0), I see even less utility. But that
does not mean that a
>good use could not be found.
>
>J.A. Coutts
>

J.A. Thanks for your comments. I understand your answer
exactly. However, I'm still back to my main question.
Does AD (or the MS operating systems themeselves)
require/use reverse DNS lookups for any critical
functionality. If I had the reverse zones set dynamic
what AD records would be populated in them, thus what am I
missing (or breaking) by not having reverse dynamic zones
for my AD infrastructure. I will also post this post into
an AD group to see if I can get an answer from an AD
expert. - bill

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

Not required (i.e. optional.)

--
William Stacey, MVP

"BillMT" <anonymous@discussions.microsoft.com> wrote in message
news:2e8701c4ad74$5f723bb0$a601280a@phx.gbl...
>
> >-----Original Message-----
> >In article <1d4a01c4acb7$6c819200$a401280a@phx.gbl>,
> >anonymous@discussions.microsoft.com says...
> >>
> >>A year ago I build a new W2K forest (root domain) and
> then
> >>upgraded an NT4.0 domain into a second domain in the
> >>forest.
> >>
> >>Prior to that we had a standard public DNS structure
> (for
> >>mostly non-MS devices).
> >>
> >>At the time of the migration (upgrade) to W2K we created
> >>new internal-only forward zones for the W2K-AD.
> >>
> >>Because I didn't want to break the existing in-arpa
> >>reverse zones at that time I elected not to change my
> >>reverse zones to dynamic zones.
> >>
> >>Thus, my AD zones have been running for a year without
> >>being able to do any reverse lookups, but nothing
> appears
> >>to be broken. All services (servers/clients) work fine.
> >>
> >>Does any MS OSs use/do reverse zone lookups?
> >>
> >>What are the consequences of not having any in-addr.arpa
> >>entries for my AD forest/domains. I'm even running E2K
> >>successfully, at least as far as I can tell.
> >>
> >>The only service that acts weird is the licensing server
> >>which has replicated the original licenses of the
> updated
> >>domain several times within it's database.
> >>
> >***************** REPLY SEPARATER ********************
> >In my humble opinion (IMHO), reverse lookup (PTR records)
> is a standard that
> >has basically outlived it's usefullness. At one time
> (when everyone had their
> >own public IP address), they were used to confirm the
> identity of the machine
> >connecting to larger networks such as a campus. It is a
> top down driven process
> >in which the authority must be allocated from the network
> above it. Because of
> >the fact that many domains can be supported on a single
> IP address, and because
> >of the difficulty in getting ISPs to maintain these
> records properly (some
> >don't even supply reverse records), they have become
> unreliable as an
> >identification method. Some mail servers will check to
> see that a reverse
> >record exists, but they can't really tie it to the domain
> name used.
> >
> >That is the situation for public addresses. In terms of
> private networks
> >(192.168.0.0/10.0.0.0), I see even less utility. But that
> does not mean that a
> >good use could not be found.
> >
> >J.A. Coutts
> >
>
> J.A. Thanks for your comments. I understand your answer
> exactly. However, I'm still back to my main question.
> Does AD (or the MS operating systems themeselves)
> require/use reverse DNS lookups for any critical
> functionality. If I had the reverse zones set dynamic
> what AD records would be populated in them, thus what am I
> missing (or breaking) by not having reverse dynamic zones
> for my AD infrastructure. I will also post this post into
> an AD group to see if I can get an answer from an AD
> expert. - bill
>