Danny Moran

How to setup DNS Reverse Lookup Zones

Published May 27, 2023 by Danny Moran

Table of Contents
PAGE CONTENT

Introduction

Learn how to setup reverse lookup zones in an Active Directory network on Windows Server and how Pointer (PTR) Records are created. In this example, I show you how to create a reverse lookup zone using the DNS client on a Windows Server that is connected to an Active Directory domain.

Video

Creating a Reverse Lookup Zone

  1. Open DNS Management Console.

  2. Right-click Reverse Lookup Zone and press New Zone.

  3. Select Primary Zone and press Next.

  4. Select To all DNS servers running on domain controllers in this domain and press Next.

  5. Select IPv4 Reverse Lookup Zone and press Next.

  6. Enter the first three octets of the network subnet you want to create the reverse lookup zone for and press Next.

  7. Select Allow only secure dynamic updates (recommended for Active Directory) and press Next.

  8. Check the configuration and press Finish.

Your Reverse Lookup Zone has now been created.

Updating Pointer Records (PRT Records)

Reverse Lookup Zone records (PRT records) are automatically updated using two different methods. The most common being updated by a DHCP (Dynamic Host Configuration Protocol) server, and the second being updated directly by the network adapters of devices.

DHCP

By default, DHCP should automatically create PTR records in the correct zones when a client is handed an IP address. You might need to enable dynamic DNS record updating in the settings of your Windows DHCP server.

  1. Open the DHCP management console.

  2. Right-click IPv4 and press Properties.

  3. Under the DNS tab:

    • Tick Enable DNS dynamic updates
    • Untick Disable dymanic updates for DNS PTR records.

  4. Press OK to apply these settings.

Network Adapters

This option is generally only used when a network adapter has a static IP address and doesn’t go to the DHCP server to get an IP address. In this instance, the network adapter needs to notify the DNS server what IP address it has so that the PTR record can be updated. For a network adapter to add or update the PTR record on the DNS server, the Register this connection's address in DNS option needs to be enabled in the network adapters advanced settings. To check this;

  1. Open the Network Connections panel.

  2. Right-click the network adapter and press Properties.

  3. Select Internet Protocol Version 4 (TCP/IPv4) and then press Properties.

  4. Under the General tab, press Advanced.

  5. Under the DNS tab, tick the box for the option Register this connection’s address in DNS.

  6. Press OK, then OK, then close.

You might need to restart disable and then re-enable the network adapter for these settings to be applied.