The Lazyadmin.com

Reverse DNS records, aka PTR records, are used when you have an IP address you need to resolve to a name. While it is not 100% necessary to create a reverse lookup zone in your Active Directory domain this is a popular error.

Event Type: Warning Event Source: LSASRV Event Category: SPNEGO (Negotiator) Event ID: 40961 Date: 1/1/2005 Time: 12:30:45PM User: N/A Computer: COMPUTERNAME Description: The Security System could not establish a secured connection with the server DNS/prisoner.iana.org. No authentication protocol was available.

So what is prisoner.iana.org? Well its a blackhole of sorts. RFC 1918 defines three zones called 10.in-addr.arpa, 16.172.in-addr.arpa, and 168.192.in-addr.arpa on three DNS servers called blackhole-1.iana.org, blackhole-2.iana.org and prisoner.iana.org containing these zones. When a client updates its DNS PTR record it will update the reverse lookup zone xxx.xxx.in-addr.arpa. If you have a reverse lookup zone configured, it will be successful. However if you do not have

Continue reading DNS Tips #5 – Reverse Lookup Zones and Event ID 40961

Another very common DNS issue is the inability to resolve external names. This problem is more common in Windows 2000 Active Directory domains, but it can happen in Windows 2003 AD domains as well.

The usual culprit is the formation of a root zone (.) which also prevents the formation of Root Hints and Forwarders. Because a root domain is the ultimate authority for name resolution, if you have such a zone, DNS resolution will never pass this zone and external DNS resolution will fail. This usually happens when DNS is not installed before DCpromo on Windows 2000, or if a DNS Server for the domain cannot be contacted during promotion. Have no fear its an easy fix!

Open up the DNS Management MMC and look in the Forward Lookup Zone. You should see two, one called your-domain.com and the root zone (.). Delete the (.) zone. With that

Continue reading DNS Tips #4 – Resolving External Domains