Solved

NSLookup is returning the FQDN of my domain controllers

Posted on 2013-01-26
11
48 Views
Last Modified: 2015-06-23
I set up a new zone of a web site. I specified 2 names servers: ns1.[INTERNET_DOMAIN_NAME].com and ns2.[INTERNET_DOMAIN_NAME].com.

When I run NSLookup against either name server, it shows those to FQDNs but it also returns the FQDN of both of my domain controllers. There are only 2 NS records in the zone. Why would it be returning 4 records and exposing that information publicly and how can I prevent that?

Thx so much,
Dave
0
Comment
Question by:SQLDave
11 Comments
 
LVL 23

Expert Comment

by:Nagendra Pratap Singh
ID: 38823492
Is it possible to upload the output with actual details masked?
0
 

Author Comment

by:SQLDave
ID: 38823506
I'm not sure how useful that would be, but I did here is the results of just looking up google
NSLookup for google
The only difference in my scenario is that along with the 2 public NS records, it is also publishing my domain controllers complete with FQDN and their internal IP addresses.
0
 

Author Comment

by:SQLDave
ID: 38823529
It might help to add that if I create another new zone and don't add any NS records, it will still return 2 servers ( my domain controllers and their internal IPs ).
0
 
LVL 5

Expert Comment

by:balmasri
ID: 38823544
1-Do you perform the query from a workstation that joined to the domain ?
2-Is your query performed using the organization's internet connectivity ( from inside) or from outside ( public connectivity )?
0
 
LVL 23

Expert Comment

by:Nagendra Pratap Singh
ID: 38823547
outside PCs cannot connect to your DNS so it is all OK.
0
Why spend so long doing email signature updates?

Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

 

Author Comment

by:SQLDave
ID: 38823552
This DNS is for public consumption and the same information was definately public as it showed up using this tool as well.

http://network-tools.com/default.asp?prog=dnsrec&host=google.com
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 38824356
Are you using same domain for public and internal namespacr?
If so, you nead to split the zone to have external zone on separate DNS server and the internal zone on internal DNS/DC.
Do not store external DNS zone as AD integrated zone on internal DCs
0
 

Author Comment

by:SQLDave
ID: 38824506
It is not the same domain, but it is the same server.

So I should set up 2 seperate DNS servers to service external DNS and make sure they are not AD integrated?
0
 
LVL 23

Accepted Solution

by:
Nagendra Pratap Singh earned 100 total points
ID: 38825543
You should be able to use a forwarder for the external domains.
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40845601
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I have been working as System Administrators since 2003. I recently started working as a FreeLancer and was amazed to find out that very few people are taking full advantage of their Windows Server Machines. Microsoft Windows Server comes with so…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now