If you have ever installed the DNS Server Service on a Windows Server, you may have noticed that three reverse lookup zones are automatically created. In addition, you may find yourself never creating any records in these zones. So why are they there and what do they do?
There is nothing special about these zones in comparison to any other reverse lookup zones you may create and manage. According to the RFC, every DNS server should be authoritative for the following three reverse lookup zones.
The reason for this is that clients may sometimes query for standard IP addresses such as
127.0.0.1 (loopback), and
255.255.255.255 (broadcast). By being authoritative for the zones corresponding to these queries, the DNS server will avoid unnecessary recursion requests sent to the root servers.
0.in-addr.arpa. and the
255.in-addr.arpa zone will not contain any records other than the Start of Authority (SOA) or the Name Server (NS) records.
The 127.in-addr.arpa. zone will contain the SOA, NS, and one PTR record for localhost pointing to
The behavior of automatically creating these zones can be changed by modifying the Windows registry. Navigate to the following location once you start the Registry editor (
DisableAutoReverseZones key does not exist or is zero, the Microsoft DNS server will automatically create these zones with the correct entries (none except for a PTR for
127.0.0.1 to localhost).
DisableAutoReverseZones is nonzero, the server does NOT create these zones.