Reverse Lookup Zones

  • Thread starter Thread starter Wayne Taylor
  • Start date Start date
W

Wayne Taylor

OK... I've never done anything withe this before and I don't prented to
understand DNS fully either.

I'm going to read up on DNS over this comming week, but out of intrest and
wanting a quick answer (if that exists)

It is my understanding that from reading the help file, you don't need to
use Reverse Lookup Zones on your internal network when you are using
internal IP address range.

Or another way to put this is when should you use Reverse Lookup Zones?


Thanks in advance.
 
It is my understanding that from reading the help file, you don't need to
use Reverse Lookup Zones on your internal network when you are using
internal IP address range.
Click to expand...

That is (pretty much) correct.
Or another way to put this is when should you use Reverse Lookup Zones?
Click to expand...

You need reverse zones primarily if any of your applications demand
them -- most do not.

When 128-bit encryption was illegal for expert, Microsoft used to
have the download site check reverse entries for an address registered
to a North American ISP/company. (Canada was "ok'.)

Receiving SMTP servers will some insist on reversing the sending
SMTP server's address as further proof of legitimacy.

One courtesy issue does aries however: If you have no reverse
zones for the private ranges then your machines may be requesting
these resolutions from the Internet (which should never succeed if
everything is correct.)

So setting up even EMPTY reverse zones is a good idea.

Weird thing here is that even if you are using 192.168.x.0, you really
need reverse zones for 192.168.*.* and 172.16.*.*-172.31.*.* AND
10.*.*.*

Just empty zones for any you don't really use.

My firewall DNS server has these so that when we forward to it
it will always give Negative responses for the private ranges. (Yes,
I did 169.254.*.* too, even though that shouldn't be necessary.)
 
Some applications require reverse lookups for security. Some email servers
for example. If you have an app that requires it or have a desire to do
reverse lookups yourself then you can install one but if you never install
one you will probably never miss it.
 
Back
Top