Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

NSLookup is returning the FQDN of my domain controllers

Posted on 2013-01-26
11
Medium Priority
?
60 Views
Last Modified: 2015-06-23
I set up a new zone of a web site. I specified 2 names servers: ns1.[INTERNET_DOMAIN_NAME].com and ns2.[INTERNET_DOMAIN_NAME].com.

When I run NSLookup against either name server, it shows those to FQDNs but it also returns the FQDN of both of my domain controllers. There are only 2 NS records in the zone. Why would it be returning 4 records and exposing that information publicly and how can I prevent that?

Thx so much,
Dave
0
Comment
Question by:SQLDave
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 24

Expert Comment

by:Nagendra Pratap Singh
ID: 38823492
Is it possible to upload the output with actual details masked?
0
 

Author Comment

by:SQLDave
ID: 38823506
I'm not sure how useful that would be, but I did here is the results of just looking up google
NSLookup for google
The only difference in my scenario is that along with the 2 public NS records, it is also publishing my domain controllers complete with FQDN and their internal IP addresses.
0
 

Author Comment

by:SQLDave
ID: 38823529
It might help to add that if I create another new zone and don't add any NS records, it will still return 2 servers ( my domain controllers and their internal IPs ).
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 
LVL 5

Expert Comment

by:balmasri
ID: 38823544
1-Do you perform the query from a workstation that joined to the domain ?
2-Is your query performed using the organization's internet connectivity ( from inside) or from outside ( public connectivity )?
0
 
LVL 24

Expert Comment

by:Nagendra Pratap Singh
ID: 38823547
outside PCs cannot connect to your DNS so it is all OK.
0
 

Author Comment

by:SQLDave
ID: 38823552
This DNS is for public consumption and the same information was definately public as it showed up using this tool as well.

http://network-tools.com/default.asp?prog=dnsrec&host=google.com
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 38824356
Are you using same domain for public and internal namespacr?
If so, you nead to split the zone to have external zone on separate DNS server and the internal zone on internal DNS/DC.
Do not store external DNS zone as AD integrated zone on internal DCs
0
 

Author Comment

by:SQLDave
ID: 38824506
It is not the same domain, but it is the same server.

So I should set up 2 seperate DNS servers to service external DNS and make sure they are not AD integrated?
0
 
LVL 24

Accepted Solution

by:
Nagendra Pratap Singh earned 400 total points
ID: 38825543
You should be able to use a forwarder for the external domains.
0
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40845601
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question