How to Create a Delegated Subnet Reverse Zone

You really, really want to host your public DNS records? If you do, you may also want to host your public IP range, instead of having to call your ISP every time you need a reverse (PTR) entry created or updated.

The key thing is setting the NS records in your zone file to the nameservers that are authorative for the zone based on ARIN and remove all iterations of your own nameservers.

Follow the syntax to create the delegated subnetted zone by using the syntax for “Child subnetted reverse lookup zone file” in the following article. But you must keep in mind, this MUST be done using a Standard Primary zone, so if it’s an AD Integrated zone, you must revert it to a Standard Primary zone so you can work on the zone files. Once you’re done you can change it back to AD Integrated, if you so desire.

How to configure a subnetted reverse lookup zone on Windows NT, Windows 2000, or Windows Server 2003
http://support.microsoft.com/kb/174419

Let’s try this example:

IP Subnet example: 192.168.10.160/27 (or 255.255.255.224)
IP Subnet Range:   192.168.10.160 to 192.168.10.191

If you take a look at that KB article I posted, it shows the exact steps needed to create it. That’s how I did it!

Let’s see if I can do it for your subnet range. I am not guaranteeing it will work, because it’s also reliant on how your ISP has it delegated.

Your IP subnet,  192.168.10.173 /255.255.255.224, indicates it is part of a range starting with 192.168.10.160 to 192.168.10.191, which give you 32 addresses in the range, 30 usable, assuming one is of course the router (gateway), which makes it 29 usable IPs.

Therefore, if this range was delegated to you, then the key IP to look at, which actually “Describes” the network block, as 192.168.10.160/27 or 192.168.10.160/255.255.255.224.

Based on the above:

Let’s run through the steps…

  1. Ask the ISP to delegate the subnetted zone, 192.168.10.160/27 to your hostname servers (you need two of them).
  2. Then to create the zone name, we must base it on your subnet starting IP and the subnet bit count.
  3. The IP subnet is  192.168.10.160/27
              The starting IP of this subnet = 192.168.10.160
              The bit count of this subnet = 27
    Therefore the syntax will be:
              <SubnetStartIP>-<SubnetBits>.10.168.192-in-addr.arpa
               OR
              160-27.10.168.192.in-addr.arpa.dns zone
  4. Based on that, create an ARPA (reverse) zone called 160-27.10.168.192.in-addr.arpa.dns zone.
  5. Then save it as a Standard Primary Zone (not an AD Integrated zone).
  6. Stop the DNS Server Service – In the DNS console, right click the server name, choose Stop.
  7. Then go into the file (system32\dns folder), and change all NS iterations from your server.InternalDomainName.com to the ISP’s. such as ns.ISP’sAuthorativeServer.com.
    (Please read the KB article for more information on how the zone file should be configured.)
  8. Save the file.
  9. Then Start the DNS Service – In the DNS console, right click the server name, choose Start.
  10. Then right-click the zone, choose Reload.
  11. Then right-click the zone, properties, Nameserver tab, remove your own server as an NS record only keeping the authorative server.
  12. Create a PTR record, such as for 192.168.10.173, under the zone, and call it whatever you want, such as ace.WhateveYourZoneNameIs.com.

Test it

Run nslookup or DIG to test a query to 192.168.10.173 internally and trying it using an external public nameserver.

If it doesn’t work, go through the above steps again. Follow the syntax EXACTLY.
If it does work, pour yourself a cold one.

 

References:

Technet Thread: “How to setup a Reverse lookup zone on windows 2008 server with IP address 65.19.134.173 and subnetmask 255.255.255.224.”
http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/7c81a129-efa2-4b88-80bb-591c4119beb4/

Thread title: “Reverse DNS smaller than /24 (v4)”
 http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/4147e8fe-43d8-4eff-a890-a0e1e31a96ea/#bd664835-05b3-4d53-9b08-d845b177d9d2

 

By Ace Fekay

Comments are welcomed.

Ace Fekay, MCT, MVP, MCSE 2012/Cloud, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & 2010, Exchange 2010 Enterprise Administrator, MCSE 2003/2000, MCSA Messaging 2003
   Microsoft Certified Trainer
   Microsoft MVP: Directory Services
   Active Directory, Exchange and Windows Infrastructure Engineer and Janitor
   www.delcocomputerconsulting.com

Leave a Reply