Here's the current scenario: We operate multiple websites and host DNS for thos sites on our own networks. There are 4 DNS servers involved. Two of them (NS1 and NS2) are for resolution of domain names from the Internet. Because of security issues recurrsion has been disabled on these two servers, causing the internal network to be unable to use these servers for lookups. Therefore we put into place NS3 and NS4 to handle DNS lookups from our internal network. All is working well, except that when I run a DNS report from DNSStuff.com, I come across an error that has me concerned. This error indicated that there are stealth servers for every domain we host, which I assume NS3 and NS4 are being called stealth because they will no respond to requests from the Internet, which is what they are designed to do.
My question is this:
Am I correct in using this configuration? If so, should I remove NS3 and NS4 from the name servers tab for each domain? And If I do that, what implications are there?
You shouldn't advertise ns3 and 4 in the public zone if they can't be reached by the public.
You can't conditionally forward requests for the zone(s) in question to ns1 and 2? Leaving ns3 and 4 as private resolvers (caching only, or caching and private zones only)?