Reverse Lookup Zones

  • Thread starter Thread starter Glate
  • Start date Start date
G

Glate

I have been informed by a colleague that "Active Directory uses PTR
records for name resolution and replication" and that it "will not
function optimally without them".

I believe that he's wrong, and I can't find any document that agrees
with him. My thoughts on PTR records are mirrored at the following
site:

http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/cnet/cncf_imp_dewg.mspx?mfr=true

"Reverse lookup zones and PTR resource records are not necessary for
Active Directory to work, but you need them if you want clients to be
able to resolve FQDNs from IP addresses. Also, PTR resource records are
commonly used by some applications to verify the identities of
clients."

I guess what I'd really like to find is a whitepaper (or similar) that
agrees with him.
 
I've not seen any documentation that agrees with your colleague.

It is very easy to prove that PTR records are not needed. If you don't have
a test domain to play with, use Virtual PC and bring up two DC's deleting
any PTR records, replicate AD and rub it in his face. Oops, I mean help
educate your colleague. :-)


--
Mike Shepperd
Sunfire Solutions LLC
Seattle, WA

[This posting is provided AS-IS, with no warranties and confers no rights]
 
I've spent a good chunk of my day searching and have still found
nothing.

"How the Active Directory Replication Model Works"
(http://technet2.microsoft.com/Windo...b763-45ec-b971-c23cdc27400e1033.mspx?mfr=true)
updated July 2006 states nothing about PTR records, and only mentions
that one of the steps is:

"Query DNS for IP address of replication partner"

You'll notice it does NOT say

"Query DNS for Hostname of replication partner"

I'd say he's full of crap.. was hoping to find a more technical
article, but that's about as indepth as I could find for the
replication process...

Mike said:
I've not seen any documentation that agrees with your colleague.

It is very easy to prove that PTR records are not needed. If you don't have
a test domain to play with, use Virtual PC and bring up two DC's deleting
any PTR records, replicate AD and rub it in his face. Oops, I mean help
educate your colleague. :-)


--
Mike Shepperd
Sunfire Solutions LLC
Seattle, WA

[This posting is provided AS-IS, with no warranties and confers no rights]


Glate said:
I have been informed by a colleague that "Active Directory uses PTR
records for name resolution and replication" and that it "will not
function optimally without them".

I believe that he's wrong, and I can't find any document that agrees
with him. My thoughts on PTR records are mirrored at the following
site:

http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/cnet/cncf_imp_dewg.mspx?mfr=true

"Reverse lookup zones and PTR resource records are not necessary for
Active Directory to work, but you need them if you want clients to be
able to resolve FQDNs from IP addresses. Also, PTR resource records are
commonly used by some applications to verify the identities of
clients."

I guess what I'd really like to find is a whitepaper (or similar) that
agrees with him.
Click to expand...
Click to expand...
 
AD and its clients need at least forward lookup zones to lookup services
(e.g. authentication, GC, DFS, etc.) and to replicate (CNAME records /
GUIDs)

reverse lookup zones are most of the times used when a service or
application needs to retrieve/check the name that belongs to an IP address

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
 
Back
Top