How to Configure a Subnetted Reverse Lookup Zone on Windows NT

 Last reviewed: March 3, 1998
Article ID: Q174419
The information in this article applies to:
  • Microsoft Windows NT Server version 4.0

SUMMARY

The growing Internet community developed the need for the allocation of smaller portions of full IP networks. In an effort to support this growing need, the Internet Engineering Task Force (IETF) has submitted an Internet- Draft for RFC. This article discusses how to implement the suggestions in the Internet-Draft for RFC to configure reverse lookup zones for a Microsoft Windows NT Domain Name Service (DNS) Server using subnetted IP networks.

MORE INFORMATION

A "classful" IP addressing scheme is one that does not break an IP network down into smaller segments. For example, a class C address of 192.168.1.0 with a subnet mask of 255.255.255.0 is a classful IP addressing scheme.

A "classless" IP addressing scheme is one that uses a subnet mask to divide an IP address into smaller segments. For example, a class C address of 192.168.1.0 with a subnet mask of 255.255.255.192 is a classless IP addressing scheme. Along with this network, you would also have the following IP network addresses: 192.168.1.64, 192.168.1.128, and 192.168.1.192.

The above-mentioned Internet Draft for RFC suggests several ways to configure reverse lookup zones for DNS servers. This allows flexibility of ownership of the primary DNS server and the ability for a small business to register their own name with the Internic, instead of being a secondary zone to an Internet Solution Provider (ISP) and sharing that ISP's Fully Qualified Domain Name (FQDN). It also allows you, as the administrator of a small business, to make necessary changes to the DNS records without having to make a request for change through your ISP. These files can also be shared with your ISP, whose role would then assume that of a secondary DNS server through zone transfers.

The registered owner of the IP address range, typically the ISP, will determine who will be the Start of Authority (SOA) for the address range. Either you or the ISP can be SOA for the subnetted range. You and the ISP must agree upon using classless delegation. The Internic must be contacted to register the domain name and the associated name servers (NS). If you are granted SOA, then your DNS server will be configured as the primary DNS server. Your ISP can then configure their DNS server as a secondary DNS server.

Microsoft Windows NT Server version 4.0 DNS does support classless reverse lookup zones, or in-addr.arpa delegations; however, the Microsoft DNS Manager was not originally designed to read or edit these types of records.

The DNS Manager can be used to set up the primary zone and reverse lookup zone for that Name Server (NS). After the primary zone and in-addr.arpa zones are created, the in-addr.arpa file created will need to be manually edited to support the classless or subnetted reverse lookup records. This is because of the fact that it is not possible to do classless in-addr.arpa with the DNS Manager tool shipped in Windows NT 4.0 for (at minimum) two reasons:

  • DNS Manager cannot create a CNAME resource record in a reverse lookup zone.
  • DNS Manager cannot create a PTR resource record that has more than four octets in the owner name.

When you create classless reverse lookup zones, you use notation such as the following: 

   0/25.100.168.192.in-addr.arpa
This indicates that the subnetted reverse zone is the 0 subnetwork that is using 25 bits for its subnet mask. Here are some examples of class C subnetted addresses: 

   If the subnet mask is:              the subnet/bit-count is:

   255.255.255.128                     128/25
   255.255.255.192                      64/26
   255.255.255.224                      32/27
   255.255.255.240                      16/28
   255.255.255.248                       8/29
   255.255.255.252                       4/30
NOTE: This is not an all-inclusive list and your subnet/bit-count will depend solely upon the subnet mask and IP address range that your ISP assigns to you.

The following example assumes that you are going to be SOA for your own domain. To create a classless reverse lookup zone, use the following steps:

NOTE: The following steps assume that the Microsoft DNS Server has been installed and that the TCP/IP properties have been configured correctly. For these steps use Domain.com for the domain name, replace Domain.com with your actual domain name and replace the addresses listed in the example with your IP addresses.

  1. Apply the latest Microsoft Windows NT Service Pack.

  2. Restart your computer.

  3. Click Start, point to Programs, point to Administrative Tools, and then click DNS Manager.

  4. Click New Server on the DNS menu, type the IP address or host name of your DNS Server, and then click OK.

  5. Create two reverse lookup zones using the following steps:

    a. Click your DNS server, and then click New Zone on the DNS menu.

    b. Click the Primary radio button in the Creating New Zone dialog box, 

          and then click Next.

    c. Type 100.168.192.in-addr.arpa in the Zone Name text box, and then 

          press Tab.

    d. The Zone File text box should automatically be populated with 

          100.168.192.in-addr.arpa.dns.

    e. Click Finish.

    f. Repeat steps a through e, but substitute the following information: 

             Zone Name: 0/25.100.168.192.in-addr.arpa
         Zone File: 0.25.100.168.192.in-addr.arpa.dns

   g. Create the forward lookup zone by repeating steps a through e again,
      but substituting the following information:

         Zone Name: Domain.com
         Zone File: Domain.com.dns

  6. Click the newly created Domain.com zone, and then click New Record on the DNS menu. Verify that A Record is selected in the Record Type list box.

    NOTE: You cannot use the New Host option to add this record. It will not allow the creation of an A record without a Host Name.

  7. Leave the Host Name text box empty and type 255.255.255.128 in the Host IP Address text box. Click to clear the Create Associated PTR Record check box.

    NOTE: 255.255.255.128 is representing the subnet mask that your ISP has assigned to you. Replace this with your actual subnet mask.

  8. Click OK.

  9. Click New Host on the DNS menu to create all of the appropriate A records with the host names that you need to resolve to IP addresses using DNS. Verify that the Create Associated PTR Record check box is clear while creating these A records.

  10. When you have finished creating your A records, stop the DNS Server 

        using one of the following methods:


         - Use the Services tool in Control Panel:


           1. Click Start, point to Settings, click Control Panel, and then

              double-click the Services icon.

       2. Select Microsoft DNS Server in the Service list and click Stop.

       -or-

     - Type the following at a command prompt and press Enter:

          net stop dns

    NOTE: It is important to stop the DNS service before editing the Zone
    files or you may lose manually recorded information.


  11. Using a text editor, add the following text to the end of the

        100.168.192.in-addr.arpa.dns file in the %SystemRoot%\System32\Dns
    folder:

    

           1        IN CNAME   1.0/25
       2        IN CNAME   2.0/25
       3        IN CNAME   3.0/25

    where the number 1 above indicates the fourth octet of the host
    computer. The entries in this file merely refer to the appropriate
    entries in the file in step 12.


  12. Using a text editor, add the following text to the end of the

        0.25.100.168.192.in-addr.arpa.dns file in the %SystemRoot%\System32\Dns
    folder:

    

           1        IN PTR   <Server>.Domain.com.

    where <Server>.domain.com. is the FQDN of the DNS server that is SOA
    for this sub-zone. The number 1 above indicates the fourth octet of
    this server's IP address, for example, 192.168.100.1.

    NOTE: Below the earlier <Server>.Domain.com. entry, add other host
    entries that you will need to resolve from this server, such as the
    following:

       2        IN PTR   <MailServer>.Domain.com.
       3        IN PTR   <FTPServer>.Domain.com.


  13. When you have completed manually editing the zone files, start the DNS

        server using one of the following methods:

    

         - Use the Services tool in Control Panel:

    

           1. Click Start, point to Settings, click Control Panel, and then

              double-click the Services icon.

       2. Select Microsoft DNS Server in the Service list and click Start.

       -or-

     - Type the following at a command prompt and press Enter:

          net start dns


Sample Zone Files

 


Typical Reverse Lookup Zone File:



   ;
   ;  Database file 10.10.210.in-addr.arpa.dns for 10.10.210.in-addr.arpa
   ;  zone.
   ;      Zone version:   97072103
   ;

   @      IN SOA      ns.MyDomain.com admin.MyDomain.com. (
                              97072103    ; serial number
                              3600        ; refresh
                              600         ; retry
                              86400       ; expire
                              3600      ) ; minimum TTL

   @      IN NS      ns.MyDomain.com.
          IN NS      ns0.TheIsp.net.

   1                 IN PTR     www.MyDomain.com.
   2                 IN PTR     host2.MyDomain.com.
   3                 IN PTR     host3.MyDomain.com.
   4                 IN PTR     host4.MyDomain.com.
   5                 IN PTR     host5.MyDomain.com.
   ...
   ...
   254               IN PTR   host254.MyDomain.com.
   ;  End delegation


NOTE: The two ellipses, "...", indicate the unique IP addresses and hosts
between 5 and 254. Ellipses are not valid in the file. In a non-subnetted
class C address file, these records can extend from 1-254, depending on the
number of hosts in the subnet. The 0 address is the network address. The
255 address is considered a broadcast address and is invalid.


A Classless or Subnetted Reverse Lookup Zone File:


Assume the class C address has been subnetted into 4 subnets of 64 host
networks, that is, a 255.255.255.192 subnet. This file represents the first
subnetwork of the range, that is the 0 network using 1 - 63 for the IP
addresses.



   ;
   ;  Database file 10.10.210.in-addr.arpa.dns for
   ;  0/26..10.210.in-addr.arpa zone.
   ;      Zone version:   97072103
   ;
   @      IN SOA      ns.MyDomain.com admin.MyDomain.com. (
                              97072103    ; serial number
                              3600        ; refresh
                              600         ; retry
                              86400       ; expire
                              3600      ) ; minimum TTL
   ;
   ;  Zone NS records
   ;
   @      IN NS      ns.MyDomain.com.
          IN A       255.255.255.192.
   ;
   ;  Zone records
   ;

   ;
   ;  Delegated sub-zone:  0/26..10.210.in-addr.arpa.
   ;
   0/26      IN NS      ns.MyDomain.com.
   0/26      IN NS      ns.TheIsp.net.

   ;  End delegation

   1      IN CNAME      1.0/26
   2      IN CNAME      2.0/26
   3      IN CNAME      3.0/26
   4      IN CNAME      4.0/26
   5      IN CNAME      5.0/26
   ...
   ...
   62      IN CNAME      62.0/26
   ; End delegation


The NS record has the 0/26 delegation and each record is a CNAME record
that is associated with a notation such as X.0/26, where X is the unique
IP address. In this in-addr.arpa file, there are no PTR records. Note the
A record underneath the SOA NS. A typical A record is defined for a
host, however, this is the subnet mask of the network. This is a helper
record to identify subnetted delegation.


ISP Reverse Zone File Supporting Four Domains:


These files will include the 0/26 delegation as well as the 64/26, 128/26
and the 192/26. This is assuming that the ISP has delegated SOA to four
customers and is assuming a secondary DNS role. There will be 4 separate
files transferred to the ISP, one from each SOA.


File 0/26.10.210.in-addr.arpa.:



   0/26.10.210.in-addr.arpa. SOA MyDomain.com admin.MyDomain.com.  (
                                 97072103
                                 3600
                                 600
                                 86400
                                 3600)

   0/26      IN NS      MyDomain.com.
   0/26      IN NS      ns1.TheIsp.net.

   1      IN CNAME      1.0/26
   2      IN CNAME      2.0/26
   3      IN CNAME      3.0/26
   4      IN CNAME      4.0/26
   5      IN CNAME      5.0/26
   ...
   ...
   62     IN CNAME      62.0/26


File 64/26.10.210.in-addr.arpa.:



   64/26.10.210.in-addr.arpa. SOA customer2.com admin.customer2.com. (
                                  97072103
                                  3600
                                  600
                                  86400
                                  3600)
   64/26      IN NS      customer2.com.
   64/26      IN NS      ns1.TheIsp.net.

   65      IN CNAME      65.64/26
   66      IN CNAME      66.64/26
   67      IN CNAME      67.64/26
   68      IN CNAME      68.64/26
   ...
   ...
   126     IN CNAME      126.64/26


File 128/26.10.210.in-addr.arpa.:



   128/26.10.210.in-addr.arpa. SOA customer3.com admin.customer3.com. (
                                    97072103
                                    3600
                                    600
                                    86400
                                    3600)
   128/26      IN NS      customer3.com.
   128/26      IN NS      ns0.TheIsp.net.

   129      IN CNAME      129.128/26
   130      IN CNAME      130.128/26
   131      IN CNAME      131.128/26
   132      IN CNAME      132.128/26
   ...
   ...
   190      IN CNAME      190.128/26


File 192/26.10.210.in-addr.arpa.:



   192/26.10.210.in-addr.arpa. SOA customer4.com admin.customer4.com. (
                                    97072103
                                    3600
                                    600
                                    86400
                                    3600)
   192/26      IN NS      customer4.com.
   192/26      IN NS      ns0.TheIsp.net.

   193      IN CNAME      193.192/26
   194      IN CNAME      192.192/26
   195      IN CNAME      195.192/26
   196      IN CNAME      196.192/26
   197      IN CNAME      197.192/26
   ...
   ...
   254      IN CNAME      254.192/26


Again, in the above examples, the ellipses indicate the omitted IP
addresses between the fifth record and the last record in that subnet.
Above are SOA records for four different domains.


ISP is SOA for Only a Portion of the IP Range:


If the ISP has been the SOA for a portion of the subnetted address range,
there would have been an SOA for the ns0.TheIsp.net. The ISP will have SOA
for the network address of 210.10.10.0 and will have a reverse lookup zone
that contains CNAME records for all of the IP addresses associated with the
network address.



   10.10.210.in-addr.arpa. SOA TheISP.net  admin.TheISP.net. (
                               97072103
                               3600
                               600
                               86400
                               3600)
   0/26      IN NS      MyDomain.com.
   0/26      IN NS      ns1.TheIsp.net.

   1      IN CNAME      1.0/26
   2      IN CNAME      2.0/26
   3      IN CNAME      3.0/26
   4      IN CNAME      4.0/26
   5      IN CNAME      5.0/26
   ...
   ...
   62     IN CNAME      62.0/26

   64/26      IN NS      customer2.com.
   64/26      IN NS      ns1.TheIsp.net.

   65     IN CNAME      65.64/26
   66     IN CNAME      66.64/26
   67     IN CNAME      67.64/26
   68     IN CNAME      68.64/26
   ...
   ...
   126    IN CNAME      126.64/26

   128/26      IN NS      customer3.com.
   128/26      IN NS      ns0.TheIsp.net.

   129      IN CNAME      129.128/26
   130      IN CNAME      130.128/26
   131      IN CNAME      131.128/26
   132      IN CNAME      132.128/26
   133      IN CNAME      133.128/26
   ...
   ...
   190      IN CNAME      190.128/26

   192/26      IN NS      customer4.com.
   192/26      IN NS      ns0.TheIsp.net.

   193      IN CNAME      193.192/26
   194      IN CNAME      192.192/26
   195      IN CNAME      195.192/26
   196      IN CNAME      196.192/26
   197      IN CNAME      197.192/26
   ...
   ...
   254      IN CNAME      254.192/26


The subnetted zones are different zones than the network zone. After a
reverse lookup is done, the root servers on the Internet will forward the
request to the ISP for the network zone. The delegations within the network
zone then point to the subnetted NameServers where the reverse lookup takes
place.


This process requires two reverse lookup zone files for the Microsoft DNS
Server to support classless delegation. The first in-addr.arpa file looks
similar to the non-subnetted file above. It will contain the associated PTR
records for the zone file. Both the original zone and non-subnetted in-
addr.arpa files can be created and edited in Microsoft DNS Manager.


The second in-addr.arpa file will contain the classless delegation with
CNAME records. It is necessary to manually edit this file.


NOTE: Because the classless in-addr.arpa is still in draft form, and a
standard has not been agreed upon, there may be implementation differences
between vendors' DNS. Please consult the particular vendor for their
implementation of classless in-addr.arpa delegation.


For additional information on DNS, please see the following whitepaper
available on the Microsoft anonymous ftp server:



   File Name: Dnswp.exe
   Location : ftp://ftp.microsoft.com/bussys/winnt/winnt-docs/papers/
   Title    : "DNS and Microsoft Windows NT 4.0"


REFERENCE

 



   ftp://ds.internic.net/internet-drafts


NOTE: The draft for classless in-addr.arpa delegation is being updated
frequently. The internet-drafts ftp site should be searched for the most
current version of this draft. The file name will look similar to the
following:



   draft-ietf-dnsind-classless-inaddr-03.txt

 

Keywords          : kbhowto kbinfo nthowto ntnetserv NTSrv kbnetwork
Version           : WinNT:4.0
Platform          : winnt


	
			
	















	






================================================================================








THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND.  MICROSOFT DISCLAIMS
ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  IN NO
EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR
ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF
MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.  SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES
SO THE FOREGOING LIMITATION MAY NOT APPLY.






	
	Last reviewed:  March 3, 1998
	

	© 1998 Microsoft Corporation. All rights reserved. Terms of Use.