Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

NSLookup is returning the FQDN of my domain controllers

Posted on 2013-01-26
11
Medium Priority
?
63 Views
Last Modified: 2015-06-23
I set up a new zone of a web site. I specified 2 names servers: ns1.[INTERNET_DOMAIN_NAME].com and ns2.[INTERNET_DOMAIN_NAME].com.

When I run NSLookup against either name server, it shows those to FQDNs but it also returns the FQDN of both of my domain controllers. There are only 2 NS records in the zone. Why would it be returning 4 records and exposing that information publicly and how can I prevent that?

Thx so much,
Dave
0
Comment
Question by:SQLDave
10 Comments
 
LVL 24

Expert Comment

by:Nagendra Pratap Singh
ID: 38823492
Is it possible to upload the output with actual details masked?
0
 

Author Comment

by:SQLDave
ID: 38823506
I'm not sure how useful that would be, but I did here is the results of just looking up google
NSLookup for google
The only difference in my scenario is that along with the 2 public NS records, it is also publishing my domain controllers complete with FQDN and their internal IP addresses.
0
 

Author Comment

by:SQLDave
ID: 38823529
It might help to add that if I create another new zone and don't add any NS records, it will still return 2 servers ( my domain controllers and their internal IPs ).
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LVL 5

Expert Comment

by:balmasri
ID: 38823544
1-Do you perform the query from a workstation that joined to the domain ?
2-Is your query performed using the organization's internet connectivity ( from inside) or from outside ( public connectivity )?
0
 
LVL 24

Expert Comment

by:Nagendra Pratap Singh
ID: 38823547
outside PCs cannot connect to your DNS so it is all OK.
0
 

Author Comment

by:SQLDave
ID: 38823552
This DNS is for public consumption and the same information was definately public as it showed up using this tool as well.

http://network-tools.com/default.asp?prog=dnsrec&host=google.com
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 38824356
Are you using same domain for public and internal namespacr?
If so, you nead to split the zone to have external zone on separate DNS server and the internal zone on internal DNS/DC.
Do not store external DNS zone as AD integrated zone on internal DCs
0
 

Author Comment

by:SQLDave
ID: 38824506
It is not the same domain, but it is the same server.

So I should set up 2 seperate DNS servers to service external DNS and make sure they are not AD integrated?
0
 
LVL 24

Accepted Solution

by:
Nagendra Pratap Singh earned 400 total points
ID: 38825543
You should be able to use a forwarder for the external domains.
0
 
LVL 36

Expert Comment

by:Seth Simmons
ID: 40845601
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question