Reverse DNS

I recently had a guy ask me how he could fix a corrupt reverse DNS.

Simple enough, I thought and proceeded to instruct him how to change the AD Integrated DNS zone to a "Standard Primary" DNS zone, then take the DNS file, import it into Excel and manipulate the data however he wanted. He could then just put the file back and reload the DNS zone and that's that.

I also told him how he could use DNSCMD to export the DNS data from an AD Integrated zone.:
dnscmd /ZoneExport FQDN_of_zonename Zone_export_file

He then started telling me he had problems locating the reverse DNS information and it was at this point my techie sense started tingling. He may not even have a reverse DNS zone (it is completely optional, but can be quite useful), or may actually be referring to his DNS resolver cache. (I haven't determined the answer yet).

Reverse DNS operates just like regular DNS, but instead of looking up an IP address using a hostname, you look up the hostname from the IP address. This can be very useful in easily determining which host is the source or destination of traffic, instead of finding the port on the local switch.

Reverse DNS zones use the network address in reverse notation and the suffix in-addr.arpa. So if your network's IP Schema is based on subnets of the private range 172.16.0.0, you could have a reverse DNS zone of 16.172.in-addr.arpa, which could contain entries for all hosts within all subnets on your network. Of course, if you have an extremely large network, you probably want to break this down further, such as 10.16.172.in-addr.arpa, etc.

So, if your host server.company.com has an (A) record of 172.16.10.99, he can have a pointer DNS record type (PTR) in the reverse DNS zone of 99.10.16.172.in-addr.arpa pointing back to its designated hostname of server.company.com.

Reverse DNS zones for IPv6 use the special zone ip6.arpa and store their loooong IPv6 addresses as a sequence of nibbles in reverse order in much the same way as the IPv4 addresses are stored in reverse order. So an IPv6 address of 2001:0db8:85a3::62cd will be stored as a PTR record as d.c.2.6.0.0.0.0.3.a.5.8.8.b.d.0.1.0.0.2.ip6.arpa.

A DNS resolver cache on a caching name server will resolve a query, even though they are not authoritative for the result, by making a query to the authoritative server on behalf of the client. The caching name server will then store this record for it's Time-To-Live (TTL) in a local cache. This will result in quicker resolutions and reduced load on Internet name servers. A corrupted resolver cache can simply be cleared and it will rebuild itself with use.

Importing Autocomplete File into Outlook 2010

This is something I answered over at Experts Exchange and thought I'd post here as well.

The .NK2 file used by Outlook 2003 and Outlook 2007 and is used to suggest addresses when you start typing in the recipients field is no longer used by Outlook 2010.

This file can be imported by Outlook 2010 and the contacts placed in the "Suggested Contacts" folder in the mailbox.

Copy the .NK2 file to the "C:\Users\%username%\AppData\Roaming\Microsoft\Outlook" folder (assuming the client is Windows 7)

Rename the nk2-file to the name of your mail profile:

     In the Control Panel, type "mail" into the search box.
     Run the Mail applet.
     Click on the Show Profiles… button.
     By default, your profile is called “Outlook”. So in that case you would call your file “outlook.nk2”.

Start Outlook with the /importnk2 switch:

     outlook.exe /importnk2

Outlook will import the NK2 data into the Suggested Contacts folder.

Wake on LAN over the Internet

I was recently sitting at a desk at work with one of my colleagues and needed some information on my home computer. He watched as I turned on my home computer, established a remote session into it, got the information I needed and then shut it down again (I don't believe in leaving the computer turned on and wasting power).

"So that was interesting," said my colleague. "How did you set that up?"

The first thing to know about waking up your computer over the Internet is that not all home firewall/routers are going to be able to do it. Check the specs of your device. Along with the usual things like port forwarding, it needs to support static ARP entries. If it can, it's relatively straightforward.

First of all, set a static IP address on your target machine. Then go into the properties of the network card and enable Wake on LAN if it is not already enabled (It's usually enabled by default). You may have to enable Wake on LAN in the BIOS as well. Record the MAC address of your machine as you will need this to wake it (you can get this at the command prompt with an ipconfig /all ).

Next, you need to register the static IP address of your machine in the ARP table of your router. This is the part that some firewall/router devices targeting the home market are not going to be able to do. You will need to refer to your devices manual or support site to determine how to do this. You may not be able to do this while the network interface you are registering is connected to the network, so you may require another network interface or a second computer.

Finally, you need to set up a virtual server on your firewall with the following parameters:

• Use the UDP protocol.
• Use 9 for the internal port.
• Use your static IP address of the target computer for the internal address.
• Use any common port for the external port, but choose one not already in use. If you don't have a POP3 Mail server for instance, you could use 110.

I would also advise that you set up a Dynamic DNS. Many home firewall/router devices will be able to register their address automatically with one of these sites (for example: http://www.dyndns.com or http://www.no-ip.com.) This enables you to just remember a FQDN entry instead of an IP address and will also update if your IP address changes.

Now you should be able to turn off your computer and use another computer, or even a smart phone to send a magic packet to wake up the computer. I use http://www.depicus.com/wake-on-lan/woli.aspx

Just enter the MAC address of the computer, the IP address or FQDN, 255.255.255.255 as the subnet mask (as you are targeting a single host) and the port number you registered as the external port for your virtual server. Click the WAKE ON LAN button and your computer should turn itself on moments later!

If you have another virtual server set up to relay VNC or RDP to your machine, you can then control the machine remotely.


Cheers,
Sean

iPhone emails missing message body

There's any number of blogs and forum posts on the web that probably already have this, but I discovered an issue with the way the iPhone email handles interaction with PDFs and iBooks today.

If you download and email onto iphone with an attached PDF and save that PDF to iBooks the email body in all messages will disappear.


The simple solution is to reboot the phone or kill the mail process.

I expect Apple will patch this soon.

Reset Passwords for all User Accounts in an OU

I realise that there's plenty of scripts floating around the net that already do this, but for me this was simply an exercise.

Note: I haven't gotten around to testing it yet.


' PasswordReset.vbs
' Resets all passwords within an AD Container
' Version 1.0
' 27 September 2010


Option Explicit
Dim objRootDSE, objOU, objUser
Dim strTargetOU, strForceReset, strEnAcct, strDNSDomain, strNewPass
Dim intCounter, intUACval, intPWLval


' Change strTargetOU to location of user accounts
strTargetOU = "MyContainer"


' Change strNewPass to the new password
strNewPass = "Password123"


' Change strForceReset to "Yes" in order to force users to reset passwords
strForceReset = "No"


' Change strEnAcct to "Yes" in order to enable disabled accounts
strEnAcct = "No"


' Int Values 
' See Microsoft KB305144 for UserAccountControl values
' Setting PwdLastSet value to 0 forces password reset
intUACval = 544
intPWLval = 0
intCounter = 0


Set objRootDSE = GetObject("LDAP://RootDSE") 
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
strTargetOU = "OU=" & strTargetOU & ", " & strDNSDomain
set objOU =GetObject("LDAP://" & strTargetOU )


For each objUser in objOU
If objUser.class="user" then
objUser.SetPassword strNewPass
objUser.SetInfo


If strForceReset="Yes"
objUser.Put "pwdLastSet", intPWLval
objUser.SetInfo
End if
If strEnAcct="Yes"
objUser.Put "userAccountControl", intUACval
objUser.SetInfo
End if


intCounter = intCounter +1
End if
Next


WScript.Echo "New Password: " & strNewPass & vbCr & "Accounts changed: " & intCounter _
  & vbCr & "Password Change Forced: " & strForceReset & vbCr & "Disabled Accounts Enabled: " & strEnAcct
  

SCCM: Excluding a directory structure from being inventoried.

A colleague asked me today how to exclude a directory structure on a single client machine from being inventoried by SCCM. The answer is to create a hidden sparse text file named skpswi.dat in the folder.

Thanks Tyriax for the question!

Office Autosave Locations

I always thought that the autosave for an Office file was created in the same location as the file. It turns out that this was because I almost always work with Office files on network drives.

When a new file is started a temporary file is created. This can be either in the windows temp directory, in "C:\ Documents and Settings\<username>\Application Data\Microsoft". If the file is stored on a network drive then it will be temporarily created there.

This temporary file will have a few different letters after the tilde (or squiggly line “ ~”) . These are good ones to look for to find some lost info. There are others, but these are the ones most likely to contain data that can be recovered.