Welcome to Sign in | Join | Help
in
Home Blog Forums

The Lazy Admin

DNS Tips #5 - Reverse Lookup Zones and Event ID 40961

Sponsor

Reverse DNS records, aka PTR records, are used when you have an IP address you need to resolve to a name. While it is not 100% necessary to create a reverse lookup zone in your Active Directory domain this is a popular error.

Event Type: Warning Event Source: LSASRV Event Category: SPNEGO (Negotiator) Event ID: 40961 Date: 1/1/2005 Time: 12:30:45PM User: N/A Computer: COMPUTERNAME Description: The Security System could not establish a secured connection with the server DNS/prisoner.iana.org. No authentication protocol was available.

So what is prisoner.iana.org? Well its a blackhole of sorts. RFC 1918 defines three zones called 10.in-addr.arpa, 16.172.in-addr.arpa, and 168.192.in-addr.arpa on three DNS servers called blackhole-1.iana.org, blackhole-2.iana.org and prisoner.iana.org containing these zones. When a client updates its DNS PTR record it will update the reverse lookup zone xxx.xxx.in-addr.arpa. If you have a reverse lookup zone configured, it will be successful. However if you do not have a reverse lookup zone, thanks to RFC 1918, it will try to register itself with prisoner.iana.org (or one of the other blackhole servers) and fail.

To resolve this issue create a reverse lookup zone. It is ok to ignore this warning but best practice would be to configure a reverse lookup zone.

For more information see:

RFC 1918





Published Wednesday, January 26, 2005 8:00 AM by rodney.buike
Filed under:

Comments

No Comments
Anonymous comments are disabled

This Blog

Powered By

 

Syndication

Sponsors

 
 
Get a free 5GB e-mail account @isalazyadmin.com

Affiliates

Canadian IT Professionals

Canadian IT Managers

Certifications & Awards


All postings are provided "AS IS" with no warranties, and confer no rights.
Microsoft product screen shot(s) reprinted with permission from Microsoft Corporation.
Copyright TheLazyAdmin Inc. All Rights Reserved 2004-2008