Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Sunday, September 23, 2018 4:53 AM | 1 vote
Server O.S: 2016 | Domain joined standalone DNS server. Server is placed behind a Firewall.
Server is configured with single NIC with Private IP range of 192.168.1.x. I have configured Split Brain DNS policies for my internal domain name say “Ktest.net”. Hence it is also responsible to reply queries from external/outside clients for some specific records.
Have created the zone scope name for zone “Ktest.net” as “Extest.net”, added records for external clients and is working fine. External clients are getting the configured IP address for the queries they are doing to my DNS server. Forwarding from firewall to dns server is working fine.
Followed below article to configure the above:
But the same is not working for reverse lookup zone. I am not sure how to follow the above article for reverse lookup zone. Hence we have created a reverse lookup zone for external IP address and created some static records to it. Ex: 112.105.63.in-addr.arpa (sample)
But when the clients are doing a reverse lookup (for external zone records) query using nslookup. They are getting a refused response from DNS server. Due to which I believe our clients are facing the email issues.
I took a packet captured and confirmed that the server is replying with a Refused response. Please help me finding why we are getting the refused response from server and how to correct this.
All replies (6)
Monday, September 24, 2018 4:20 AM
Hi,
Thanks for your question.
May I know the detailed scripts of how did you configure the split brain DNS for reverse lookup? Please remember to cover up your privacy information for security.
**Please also review this DNS policy setting if it is configured for queries from specific scope or block by restriction? **
Furthermore, any error event regarding DNS on the server?
If you have any question or concern, please feel free to let me know.
Best regards,
Michael
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected]
Monday, September 24, 2018 9:28 PM | 1 vote
Hey Michael,
I am not sure if you understood my issue correctly or not. As your below query is my actual question.
<May **I know the detailed scripts of how did you configure the split brain DNS for reverse lookup? **
My Query: As mentioned above. The split brain which I have configured for the forward zone is working but I am not sure how to configure the split brain for reverse.
We have created a reverse lookup zone for external IP address and created some static records to it. Ex: 112.105.63.in-addr.arpa (sample). So that when the external clients contact my DNS Server for reverse loopkup they should get a response. Please note there is no split brain policy has been configured for
reverse zone. I just want to know if I can do that or not? If yes, then how.
Because in current configuration when the clients are doing a reverse lookup (for external zone records) query using nslookup. They are getting a refused response from DNS server. Due to which I believe our clients are facing the email issues.
Wednesday, September 26, 2018 4:33 PM
Hi,
Sorry, I've got your concern right now. You want to receive the answer from reverse lookup zone of internal DNS server when you request a PTR record outside, is that? Please don't hesitate to let me know if I misunderstood.
Now you can do that for normal DNS zone setup without split brain. This can be done, however, Refused queries can cause problems at startup, and they can cause lookup failures during a session.
This one has two possible causes. Either your name server does not support inverse queries (older *nslookup *s only) or an access list is preventing the lookup.
For details, we can refer to this article,
Troubleshooting nslookup Problems
Please check the access list if it block the DNS query for specific zone from clients.
Please also try this thread with a similar issue to see if it works.
DNS Server - query refused from outside network. Query accepted from inside with internal IP's
Best regards,
Michael
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected]
Wednesday, September 26, 2018 11:01 PM | 1 vote
So here is the reply to your queries.
<Either your name server does not support inverse queries (older nslookup s only)>
Server is 2016. I am not sure if it would be using old nslookup? Let me know if I can provide you any specific output for this.
<Please check the access list if it block the DNS query for specific zone from clients.>
Are you referring to the zone permissions/ security tab. Please be specific?
<Please also try this thread with a similar issue to see if it works.
DNS Server - query refused from outside network Query accepted from inside with internal IP's>
This thread will not work as the forward lookup query is working, the issue is only with the reverse lookup query. If it would be related to port I believe the forward queries should also failed.
I am still waiting for a valid answer, if you can help.
Tuesday, October 9, 2018 11:13 PM | 1 vote
any update on this ?
Saturday, January 11, 2020 2:06 AM
Can you confirm that internal clients can perform reverse-lookup queries for the zone?