DNS --> What exactly is reverse lookup Zones

I know the definition o f Rev ookup zones, I even successfully set it up....

But with or without it, I have no idea what difference it made. What is the
the real point of Rlookup & and is it commoly used...

"Hareth" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I know the definition o f Rev ookup zones, I even successfully set it
up....
>
> But with or without it, I have no idea what difference it made. What is
the
> the real point of Rlookup

Not much.

> & and is it commoly used...

Sometimes.

Most people don't need it -- why did you set it up?

Sometimes it is necessary to achieve pseudo-security features.

--
Herb Martin


>
>

its actually becoming more necessary every day. aol for instance wont allow
incoming mail anymore unless they can successfully do a reverse lookup on
the mail server that sent the mail.... this helps to prevent spammers. so
yes, you should make it a habit to configure a reverse lookup zone


"Herb Martin" <(E-Mail Removed)> wrote in message
news:utoV$(E-Mail Removed)...
> "Hareth" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > I know the definition o f Rev ookup zones, I even successfully set it
> up....
> >
> > But with or without it, I have no idea what difference it made. What is
> the
> > the real point of Rlookup
>
> Not much.
>
> > & and is it commoly used...
>
> Sometimes.
>
> Most people don't need it -- why did you set it up?
>
> Sometimes it is necessary to achieve pseudo-security features.
>
> --
> Herb Martin
>
>
> >
> >
>
>

<(E-Mail Removed)> wrote in message
news:awkAc.23925$(E-Mail Removed) t...
> its actually becoming more necessary every day. aol for instance wont
allow
> incoming mail anymore unless they can successfully do a reverse lookup on
> the mail server that sent the mail.... this helps to prevent spammers. so
> yes, you should make it a habit to configure a reverse lookup zone
>

But things like this are only likely to be true for the
PUBLIC reverse zones, and in general those are
maintained by the ISPs or NAPs.

He's asking about setting up his own reverse zones.

--
Herb Martin


>
> "Herb Martin" <(E-Mail Removed)> wrote in message
> news:utoV$(E-Mail Removed)...
> > "Hareth" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> > > I know the definition o f Rev ookup zones, I even successfully set it
> > up....
> > >
> > > But with or without it, I have no idea what difference it made. What
is
> > the
> > > the real point of Rlookup
> >
> > Not much.
> >
> > > & and is it commoly used...
> >
> > Sometimes.
> >
> > Most people don't need it -- why did you set it up?
> >
> > Sometimes it is necessary to achieve pseudo-security features.
> >
> > --
> > Herb Martin
> >
> >
> > >
> > >
> >
> >
>
>

"Herb Martin" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> But things like this are only likely to be true for the
> PUBLIC reverse zones, and in general those are
> maintained by the ISPs or NAPs.
>
> He's asking about setting up his own reverse zones.

I don't have the previous posts, but if this is an AD DNS Server, I always
take a "hands off" approach to them and only change/edit/add/remove what is
absolutely required for something to work properly and then just stay away
from the thing. AD and DNS are so tightly intertangled together that all
kinds of things can blow up in your face if you make it "angry".

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

"Phillip Windell" <@.> wrote in message
news:#(E-Mail Removed)...
> "Herb Martin" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
> > But things like this are only likely to be true for the
> > PUBLIC reverse zones, and in general those are
> > maintained by the ISPs or NAPs.
> >
> > He's asking about setting up his own reverse zones.
>
> I don't have the previous posts, but if this is an AD DNS Server, I always
> take a "hands off" approach to them and only change/edit/add/remove what
is
> absolutely required for something to work properly and then just stay away
> from the thing. AD and DNS are so tightly intertangled together that all
> kinds of things can blow up in your face if you make it "angry".
>

You really don't have to be so skittish -- just a LITTLE more
understanding of DNS (and ADs use of it) will explain
what is safe and what is not.

They really are not "entangled" so much as AD is dependent
on Dynamic DNS. If you put DNS into AD that does constitute
some interdependence and it is an issue but that is pretty much the
only serious "entanglement."

However...
One mistake that is avoided by your approach is the person
who decides to enable "scavenging" and decrease the times
to minutes/hours (instead of weeks) and then manages to
"clean up the DC SRV records" while the DCs are out of
touch over a downed WAN line etc.


--
Herb Martin


> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>

To get back to the original question, a reverse lookup zone just enables
you to do a reverse lookup.That is, you can put in the IP address and get
out the machine name. A zone file is just a simple list, not a database. The
normal zone has the name listed first, and the query returns the IP. The
reverse zone has the IP first, and a query returns the name.

If you run any apps which require reverse lookups, they will fail if
you do not have a reverse lookup zone for the subnet.

"Herb Martin" <(E-Mail Removed)> wrote in message
news:#(E-Mail Removed)...
> "Phillip Windell" <@.> wrote in message
> news:#(E-Mail Removed)...
> > "Herb Martin" <(E-Mail Removed)> wrote in message
> > news:%(E-Mail Removed)...
> > > But things like this are only likely to be true for the
> > > PUBLIC reverse zones, and in general those are
> > > maintained by the ISPs or NAPs.
> > >
> > > He's asking about setting up his own reverse zones.
> >
> > I don't have the previous posts, but if this is an AD DNS Server, I
always
> > take a "hands off" approach to them and only change/edit/add/remove what
> is
> > absolutely required for something to work properly and then just stay
away
> > from the thing. AD and DNS are so tightly intertangled together that all
> > kinds of things can blow up in your face if you make it "angry".
> >
>
> You really don't have to be so skittish -- just a LITTLE more
> understanding of DNS (and ADs use of it) will explain
> what is safe and what is not.
>
> They really are not "entangled" so much as AD is dependent
> on Dynamic DNS. If you put DNS into AD that does constitute
> some interdependence and it is an issue but that is pretty much the
> only serious "entanglement."
>
> However...
> One mistake that is avoided by your approach is the person
> who decides to enable "scavenging" and decrease the times
> to minutes/hours (instead of weeks) and then manages to
> "clean up the DC SRV records" while the DCs are out of
> touch over a downed WAN line etc.
>
>
> --
> Herb Martin
>
>
> > --
> >
> > Phillip Windell [MCP, MVP, CCNA]
> > www.wandtv.com
> >
> >
>
>

HM> Sometimes it is necessary to achieve pseudo-security features.

j> its actually becoming more necessary every day. aol for instance
j> wont allow incoming mail anymore unless they can successfully do
j> a reverse lookup on the mail server that sent the mail....

That's what Herb was referring to as "pseudo-security".

<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-avoid-double-reverse.html>

j> this helps to prevent spammers.

No, it doesn't. And here we go with short-term flawed measures
from AOL again. Haven't we enough evidence from history that these
don't work, yet ?

<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/smtp-anti-ubm-dont-work.html#SourceRouting>