question

Malcz86-0090 avatar image
0 Votes"
Malcz86-0090 asked LeonhardVoos-4336 commented

Reverse DNS not resolving

Hello,

We have two domain controllers running Windows Server 2019, they were upgraded from 2008 about a year ago. The netwok was configured on a 10.0.0.0/16 subnet (was before our time!). There's a DHCP pool on 10.0.99.0/24. Servers and other devices are on 10.0.0.0/24, there's no vlan's or any other routing, all subnets can talk to all others.

It appears that reverse DNS is not working for machines in this pool, the machines register on DNS and an entry is created in the forward lookup zone, but no reverse DNS entry is created. This means that if you do a NSLookup to say 10.0.99.99 it will not resolve to a hostname, which is now causing issues.

DCDiag shows the below errors,

Delegation information for the zone: contoso.com.

Delegated domain name: _msdcs.contoso.com.

DNS server: dc004. IP:10.0.0.90 [Valid]

DNS server: dc005. IP:10.0.0.91 [Valid]

Delegated domain name: contoso.com.contoso.com.

Warning: Delegation of DNS server dc004.contoso.com. is broken on IP:10.0.0.90

Error: DNS server: dc004.contoso.com.

IP:10.0.0.90 [Broken delegation]

Warning: Delegation of DNS server dc005.contoso.com. is broken on IP:10.0.0.91

Error: DNS server: dc005.contoso.com.

IP:10.0.0.91 [Broken delegation]

TEST: Dynamic update (Dyn)

Test record dcdiag-test-record added successfully in zone contoso.com

Warning: Failed to delete the test record dcdiag-test-record in zone contoso.com

[Error details: 9505 (Type: Win32 - Description: Unsecured DNS packet.)]

DNS server: 10.0.0.90 (dc004.contoso.com.)

2 test failure on this DNS server

Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered

DNS delegation for the domain _msdcs.contoso.com. is operational on IP 10.0.0.90

DNS delegation for the domain contoso.com.contoso.com. is broken on IP 10.0.0.90

[Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]

Total query time:0 min. 0 sec., Total WMI connection

time:0 min. 0 sec.

DNS server: 10.0.0.91 (dc005.contoso.com.)

2 test failure on this DNS server

Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered

DNS delegation for the domain _msdcs.contoso.com. is operational on IP 10.0.0.91

DNS delegation for the domain contoso.com.contoso.com. is broken on IP 10.0.0.91

[Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]

Total query time:0 min. 0 sec., Total WMI connection

time:0 min. 0 sec.

Non DHCP machines are registering and work with NSLookup.

Is there something we need to configure in DHCP or DNS to get the records creating?

windows-serverwindows-dhcp-dns
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Just checking in to see if the information provided was helpful.
Please let us know if you would like further assistance.

0 Votes 0 ·

1 Answer

CandyLuo-MSFT avatar image
0 Votes"
CandyLuo-MSFT answered LeonhardVoos-4336 commented

Hi ,

Based on my understanding, your issue is that PTR record can not be registered in DNS server. Is that right? Please feel free to let me know if I have any misunderstanding.

Please refer to the following steps:

1.First make sure you have set the following configuration:

113579-1.png

2.Add the DHCP server to DnsUpdateProxy security group.

3.Configure DHCP Credentials.
113627-image.png

4.If the above steps still doesn't work ,check the box of Use this connection's DNS suffix in DNS registration on the DHCP client.

113548-image.png

For your reference:

DNS Reverse Lookup Zones

Best Regards,
Candy


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



1.png (146.8 KiB)
image.png (104.8 KiB)
image.png (122.9 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks! The yellow marked setting which can also be forced by GPO did it for me. Now PTR record is registered.

0 Votes 0 ·