help with DNS zones

When to use DNS zones such forward lookup and reverse lookup? How about DNS caching only server...would it be sufficient to support active directory for name resolution. I'm confuse so don't laugh at me.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

dynamik

Forward and reverse lookup are easy. Forward resolves a name to an IP address and reverse resolves an IP address to a name. I'm sure you understand the importance of forward lookup zones, but reverse lookups are important when, say, you're troubleshooting a network problem and need to figure out which machine uses a certain IP. Maybe you noticed a high rate of email coming from an IP, and you suspect it has a spam bot on it. It would be much more efficient to just look up the name in a reverse lookup zone than go around to every machine and trying to find the right one.

Caching does just what it sounds like. If you try to resolve a name that the caching server doesn't have, it goes out and finds it for you, and then caches that, so it can respond immediately the next time someone asks about that name. An example of when you'd use a caching server is when you have a remote site across a slow WAN link. It would be sufficient for that site, but you're still going to need a forward lookup zone for the domain somewhere. You can't run AD with a caching server alone.

ladiesman217

What I mean is if you only have a single domain...Do you still need to set forward lookup zones. I don't get it.

undomiel

A forward lookup zone is required. It resolves names to ip addresses. If you do not have a forward lookup zone then you might as well have no dns server as no name resolution will be possible for your domain. Which will create a host of problems with Active Directory as well, since it depends upon name resolution. Let's say you have a single domain of brap.local and server named goose. If you have a forward lookup zone for brap.local and an A record for goose you will be able to find the ip address for goose with nslookup goose.brap.local. If no forward lookup zone exists for brap.local then nslookup goose.brap.local will just return an error.

ladiesman217

undomiel wrote: »

A forward lookup zone is required. It resolves names to ip addresses. If you do not have a forward lookup zone then you might as well have no dns server as no name resolution will be possible for your domain. Which will create a host of problems with Active Directory as well, since it depends upon name resolution. Let's say you have a single domain of brap.local and server named goose. If you have a forward lookup zone for brap.local and an A record for goose you will be able to find the ip address for goose with nslookup goose.brap.local. If no forward lookup zone exists for brap.local then nslookup goose.brap.local will just return an error.

yeah I'm getting it.

Let's say I have domain which is xyz.com... you mean I need to create a forward lookup zone named xyz.com to make authoritative over that domain? and so on for another child domain? Do I need to make it active directory integrated?

thanks