Forward and Reverse look up zone

[Bad boy Warrior]

Can anyone explain in basic terms and possibly with some example:

1. What is a Primary Forward lookup zone

2. Why is it used (pref with an example please)

3. When is it used?

and all 3 questions again with Reverse lookup zone

thx

[eyeball]

ok assuming you have a bit of knowledge on DNS here goes..

primary lookup zone would be were a server would look for the A records that map a clients host name to its ip address.

it would be used if you were in an enterprise situation and you wanted to access your exchange server for example and its host name is "exchange2k3" if you opened up remote desktop and typed in "exchange2k3" the query would go to the dns server which would look in its forward lookup zone for the A record that maps that name to whatever ip it is and connect u to the exchange server

reverse is the opposite and is used to ip address to names using PTR records, the point of this being (mainly on the net) to verify senders of emails (ie you recieve a mail and the hostname it claims to be from has a reverse lookup done on it and if the ip is the same as what it came from then you know it legitimate)

honestly mate DNS is simple to understand what its doing, but when it comes to how its doing it it can be really mind boggling, if you can get at a win2k or 2k3 server and check the dns console in that you may get a better understanding but other than that there is a nice 1000 -odd page book by o'reilly on dns it really does get complicated

hope this helps, it may not be 100% accurate but at least you get the idea

good luck with it

Edited January 26, 2006 by eyeball

[Stormin_Norm]

So in a basic network of one server and a few pc's, what would the forward zone look like? I'm seeing our Server defined on top (Name Server entry), then a couple of the pc's in there, and finally the server again in 2x (192.168.1.2 and 192.168.1.13).

I imagine the second one is for VPN setup.

I also noticed in the reverse lookup, there were two ip's duplicated. This was automatic when the laptop changed computer names I assume. And I noticed another entry when a local laptop joined. So are computers auto-added to the reverse lookup when they join the domain??

Do we really need them in here? When would we ever need to reverse-lookup a pc within our office??

[fizban2]

for such a small domain having a reverse look-up zone really would be need but it won't be a hinderence either. if it has already been setup don't worry about it, when a record is created in the forward lookup zone there is also a record created in the reverse lookup zone, no big deal, doesn't take up much proccessor time or space for that matter.

[eyeball]

yes its not needed but to account for future growth and expansion it should definatly be implemented

[Stormin_Norm]

Thanks everyone for the quick response. I'm hooked on these forums!

for such a small domain having a reverse look-up zone really would be need but it won't be a hinderence either. if it has already been setup don't worry about it, when a record is created in the forward lookup zone there is also a record created in the reverse lookup zone, no big deal, doesn't take up much proccessor time or space for that matter.

When would a PC be automatically added as a forward? never I would think, unless I explicitly enter it.

Why even bother putting a pc in a forward lookup zone on a small network of 10 pcs? Everyone shares files on the server and perhaps would connect to only a print server on an admin desk. And in that case, are you really using a forward to locate that admin pc/printer? Or are you defaulted into using WINS then?

Am I wrong in thinking a DNS forward & reverse list should be VERY small with only the DC server in there as the first entry and then the two ISP's DNS servers. yes/no?

Edited February 3, 2006 by Stormin_Norm

[nmX.Memnoch]

You don't need to add your ISPs DNS servers as actual DNS entries in your internal DNS server. You should, however, configure them as forwarders (this is in the properties for your internal DNS server). This will allow your DNS server to forward lookup requests for domains that aren't internal.

Active Directory is very dependent on DNS so every machine needs to be in the forward zone. It does this automatically when a new machine is added to the domain. If you use DHCP they can (and will by default) be dynamically updated...meaning you don't have to do anything manually.

As was mentioned, a reverse zone is good to plan for future growth. It doesn't hurt having it there.

[fizban2]

[qoute]Why even bother putting a pc in a forward lookup zone on a small network of 10 pcs?[\qoute]

Like memnoch said, AD is highly dependent on DNS, cannot run without it, if both the forward and reverse zone are AD intergrated (which they should be) the record will be dynamically upgraded, it will be good for future expansion or implementation of new tools or programs also. as for WINS, only needed if you have 98 machine or 2000 (though it would use DNS first i believe)

Edited February 3, 2006 by fizban2

[Stormin_Norm]

I found the problem with our network. The dsl router was also pre-configured for DNS, but with a host id of 0.0.0.0 This is why our internal pc's couldn't find the external website. And why some took forever to login.

I didn't turn the router dns off, just added our server & ISP's IPs and made the starting address high. Just curious which pc's will resolve w/ the router and which will stay with the server.

But I'm still confused why half the pc's are listed in the forward & reverse lookup zones and half are not. Why would someone put them in there in the first place? I see no reason to have some of the pc's defined as forward & reverse lookups. It is only one office with 10 pcs. One Server, One Zone.

Maybe the original thinking was to be able to share folders or a printer. But that would be handled by dhcp & dns working together anyway.