Reverse DNS not working internally

[Jimmy]

--- Problem ---

Reverse lookup DNS queries of non-local IP addresses do
not resolve on our internal DNS servers.

--- Background ---
DNS server is internal, supporting Active Directory.
It is configured to use forwarders for external lookups.
Forward lookups work just fine, both internal and external.
Reverse lookups to internal systems work fine too.
(10.X.X.X IP space)
DNS server is Windows 2000, SP3 AD server.
12.127.17.71 is a DNS server from one of our ISP's.
Reverse lookups to this
server work just fine.
We need this to support an anti-spam product that does
reverse lookups for mail servers.
We use Hotmail as an example here, but we have also tried
to look up other sites/servers.


--- This works---

C:\>nslookup
Default Server: sjc010dc01.fffc.com

server 12.127.17.71

Default Server: [12.127.17.71]
Address: 12.127.17.71

set type=PTR
230.166.54.65.in-addr.arpa

Server: [12.127.17.71]
Address: 12.127.17.71

Non-authoritative answer:
230.166.54.65.in-addr.arpa name =
mc10.bay6.hotmail.com

54.65.IN-ADDR.ARPA nameserver = DNS1.CP.MSFT.NET
54.65.IN-ADDR.ARPA nameserver = DNS1.DC.MSFT.NET
54.65.IN-ADDR.ARPA nameserver = DNS1.SJ.MSFT.NET
54.65.IN-ADDR.ARPA nameserver = DNS1.TK.MSFT.NET
54.65.IN-ADDR.ARPA nameserver = DNS2.CP.MSFT.NET
DNS1.CP.MSFT.NET internet address = 207.46.138.20
DNS1.DC.MSFT.NET internet address = 64.4.25.30
DNS1.SJ.MSFT.NET internet address = 64.4.25.30
DNS1.TK.MSFT.NET internet address = 207.46.245.230
DNS2.CP.MSFT.NET internet address = 207.46.138.21


--- This Does not Work ---
C:\>nslookup
Default Server: sjc010dc01.fffc.com

set type=ptr
230.166.54.65.in-addr.arpa

Server: sjc010dc01.fffc.com
Address: 10.<deleted>.<deleted>.<deleted>

*** sjc010dc01.fffc.com can't find 230.166.54.65.in-
addr.arpa: Non-existent domain

 

[Herb Martin]

One presumes that you don't have the "reverse zones" on
EVERY internal DNS server (nor are you using some
Win2003 work-around like stub zones or conditional
forwarding for the zones in question), then when the
clients request the "internal reverse address record" the
local DNS server not having it, forwards to the Internet
DNS server which will NEVER have it since those
private addresses are not delegated in the INTERNET
reverse DNS tree.

It is a little confusing exactly which or where the problem
is surfacing (in your post), but that is most likely the
reason.

Which servers hold the forward zones you use internally?
Which servers hold the reverse zones you use internally?

How are these servers configured for "forwarding" or
internal tree searching (the latter is unlikely)?

How are the clients configured?

--
Herb Martin

--- Problem ---

Reverse lookup DNS queries of non-local IP addresses do
not resolve on our internal DNS servers.

--- Background ---
DNS server is internal, supporting Active Directory.
It is configured to use forwarders for external lookups.
Forward lookups work just fine, both internal and external.
Reverse lookups to internal systems work fine too.
(10.X.X.X IP space)
DNS server is Windows 2000, SP3 AD server.
12.127.17.71 is a DNS server from one of our ISP's.
Reverse lookups to this
server work just fine.
We need this to support an anti-spam product that does
reverse lookups for mail servers.
We use Hotmail as an example here, but we have also tried
to look up other sites/servers.


--- This works---

C:\>nslookup
Default Server: sjc010dc01.fffc.com

server 12.127.17.71

Default Server: [12.127.17.71]
Address: 12.127.17.71

set type=PTR
230.166.54.65.in-addr.arpa

Server: [12.127.17.71]
Address: 12.127.17.71

Non-authoritative answer:
230.166.54.65.in-addr.arpa name =
mc10.bay6.hotmail.com

54.65.IN-ADDR.ARPA nameserver = DNS1.CP.MSFT.NET
54.65.IN-ADDR.ARPA nameserver = DNS1.DC.MSFT.NET
54.65.IN-ADDR.ARPA nameserver = DNS1.SJ.MSFT.NET
54.65.IN-ADDR.ARPA nameserver = DNS1.TK.MSFT.NET
54.65.IN-ADDR.ARPA nameserver = DNS2.CP.MSFT.NET
DNS1.CP.MSFT.NET internet address = 207.46.138.20
DNS1.DC.MSFT.NET internet address = 64.4.25.30
DNS1.SJ.MSFT.NET internet address = 64.4.25.30
DNS1.TK.MSFT.NET internet address = 207.46.245.230
DNS2.CP.MSFT.NET internet address = 207.46.138.21


--- This Does not Work ---
C:\>nslookup
Default Server: sjc010dc01.fffc.com

set type=ptr
230.166.54.65.in-addr.arpa

Server: sjc010dc01.fffc.com
Address: 10.<deleted>.<deleted>.<deleted>

*** sjc010dc01.fffc.com can't find 230.166.54.65.in-
addr.arpa: Non-existent domain

 

[Guest]

Herb thanks for your reply,

The objective is to get our SPAM server to do RDNS lookups and reject mail from servers that do not have valid RDNS entries. Our SPAM server points to our internal DNS servers which is uses to deliver mail to our internal mail server. All is working fine until we tell the SPAM server to do RDNS lookups. The SPAM server beings to reject all incoming mail because it is unable to do RDNS on external machines using our internal DNS servers. I am not in any way a DNS guru so feel free to talk down to my level.

I just want to be sure you understand our problem. We are able to resolve RDNS for internal machines on our internal DNS server. That works. The problem is that we want our internal DNS server to do RDNS lookups on external machines and they don't.

One presumes that you don't have the "reverse zones" on
EVERY internal DNS server (nor are you using some
Win2003 work-around like stub zones or conditional
forwarding for the zones in question), then when the
clients request the "internal reverse address record" the
local DNS server not having it, forwards to the Internet
DNS server which will NEVER have it since those
private addresses are not delegated in the INTERNET
reverse DNS tree.

It is a little confusing exactly which or where the problem
is surfacing (in your post), but that is most likely the
reason.

Which servers hold the forward zones you use internally?
Which servers hold the reverse zones you use internally?

How are these servers configured for "forwarding" or
internal tree searching (the latter is unlikely)?

How are the clients configured?

--
Herb Martin

--- Problem ---

Reverse lookup DNS queries of non-local IP addresses do
not resolve on our internal DNS servers.

--- Background ---
DNS server is internal, supporting Active Directory.
It is configured to use forwarders for external lookups.
Forward lookups work just fine, both internal and external.
Reverse lookups to internal systems work fine too.
(10.X.X.X IP space)
DNS server is Windows 2000, SP3 AD server.
12.127.17.71 is a DNS server from one of our ISP's.
Reverse lookups to this
server work just fine.
We need this to support an anti-spam product that does
reverse lookups for mail servers.
We use Hotmail as an example here, but we have also tried
to look up other sites/servers.


--- This works---

C:\>nslookup
Default Server: sjc010dc01.fffc.com

server 12.127.17.71

Default Server: [12.127.17.71]
Address: 12.127.17.71

set type=PTR
230.166.54.65.in-addr.arpa

Server: [12.127.17.71]
Address: 12.127.17.71

Non-authoritative answer:
230.166.54.65.in-addr.arpa name =
mc10.bay6.hotmail.com

54.65.IN-ADDR.ARPA nameserver = DNS1.CP.MSFT.NET
54.65.IN-ADDR.ARPA nameserver = DNS1.DC.MSFT.NET
54.65.IN-ADDR.ARPA nameserver = DNS1.SJ.MSFT.NET
54.65.IN-ADDR.ARPA nameserver = DNS1.TK.MSFT.NET
54.65.IN-ADDR.ARPA nameserver = DNS2.CP.MSFT.NET
DNS1.CP.MSFT.NET internet address = 207.46.138.20
DNS1.DC.MSFT.NET internet address = 64.4.25.30
DNS1.SJ.MSFT.NET internet address = 64.4.25.30
DNS1.TK.MSFT.NET internet address = 207.46.245.230
DNS2.CP.MSFT.NET internet address = 207.46.138.21


--- This Does not Work ---
C:\>nslookup
Default Server: sjc010dc01.fffc.com

set type=ptr
230.166.54.65.in-addr.arpa

Server: sjc010dc01.fffc.com
Address: 10.<deleted>.<deleted>.<deleted>

*** sjc010dc01.fffc.com can't find 230.166.54.65.in-
addr.arpa: Non-existent domain