If you have ever installed the DNS Server Service on a Windows Server, you may have noticed that three reverse lookup zones are automatically created. In addition, you may find yourself never creating any records in these zones. So why are they there and what do they do?
There is nothing special about these zones in comparison to any other reverse lookup zones you may create and manage. According to the RFC, every DNS server should be authoritative for the following three reverse lookup zones.
0.in-addr.arpa.
127.in-addr.arpa.
255.in-addr.arpa
The reason for this is that clients may sometimes query for standard IP addresses such as 0.0.0.0
, 127.0.0.1
(loopback), and 255.255.255.255
(broadcast). By being authoritative for the zones corresponding to these queries, the DNS server will avoid unnecessary recursion requests sent to the root servers.
Generally, the 0.in-addr.arpa
. and the 255.in-addr.arpa
zone will not contain any records other than the Start of Authority (SOA) or the Name Server (NS) records. The 127.in-addr.arpa.
zone will contain the SOA, NS, and one PTR record for localhost pointing to 127.0.0.1
.
The behavior of automatically creating these zones can be changed by modifying the Windows registry. Navigate to the following location once you start the Registry editor (regedit.exe
):
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS\Parameters
Value: DisableAutoReverseZones
Type: DWORD
(Boolean)
If the DisableAutoReverseZones
key does not exist or is zero, the Microsoft DNS server will automatically create these zones with the correct entries (none except for a PTR for 127.0.0.1
to localhost).
If DisableAutoReverseZones
is nonzero, the server does NOT create these zones.