Gene Weeg
asked on
DNS issue confirmed with MXToolbox
I just started with a company that originally had there DNS hosting with GoDaddy and 3 months ago brought it in house which I believe was not done efficiently or correctly. I am not strong with DNS as our engineer that was here before me has left the company. I have attached the screenshot of MXToolbox that concerns me. It shows our public and private IPs of the DNS servers and also the name of the servers. Any help would be extremely appreciated. If I can provide any additional information I would be happy to help.
Do these DNS servers also host the zones for your Active Directory? If so, stop and go back to hosting public DNS records on some DNS provider like UltraDNS, GoDaddy, etc. In my opinion, you really have to know what you're doing to properly host your own DNS when it's available to the internet.
footech makes an excellent point about hosting your public DNS. What was the reason for moving it in-house? That should likely be revisited. It should take a very strong argument to support that. Lacking that argument, use a public DNS provider.
ASKER
These DNS servers also host the zones for our AD. If I wanted to use ultraDNS what are my next steps?
Make note of the records that you want available publicly. If there's a large number, you could export the zone to a file and edit the file to only include the desired records. You should be able to configure any records you need with the provider, either manually or by importing. The DNS provider can provide specific guidance.
Through your domain registrar you would change which nameservers are used for your domain, and point it at the ones for your chosen provider.
Through your domain registrar you would change which nameservers are used for your domain, and point it at the ones for your chosen provider.
ASKER
How are other NSs getting the NS01.LESD.K12.az.us?
No one is advertising anything, other than yourself (since you pretty much said you're the owner).
If there are any "leaks", it's always you responsible, not the provider.
You either told the registrar, to host your own DNS server, and you made it public yourself. Or you used the control panel of the registrar, and input the "internal records" yourself.
If you're not sure which of the 2 is used, call your registrar to be sure. Any IT guy will recognize those IP nrs though, either they're your own IP nrs, or they're just the DNS servers of the registrar (in that case, ask your registrar for the control panel url and login/password)
Interchange "you" with "the previous IT guy" anywhere you want. It doesn't really matter.
If there are any "leaks", it's always you responsible, not the provider.
You either told the registrar, to host your own DNS server, and you made it public yourself. Or you used the control panel of the registrar, and input the "internal records" yourself.
If you're not sure which of the 2 is used, call your registrar to be sure. Any IT guy will recognize those IP nrs though, either they're your own IP nrs, or they're just the DNS servers of the registrar (in that case, ask your registrar for the control panel url and login/password)
Interchange "you" with "the previous IT guy" anywhere you want. It doesn't really matter.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
https://mxtoolbox.com/SuperTool.aspx?action=mx%3alesd.k12.az.us&run=toolpage provides a clean report.
It appears your local DNS settings are wrong, as no 10.X.X.X address will every be correct for a public lookup.
However your hostname's NS records are getting hijacked locally, just turn all this off, which will allow correct resolution using public NS servers.
It appears your local DNS settings are wrong, as no 10.X.X.X address will every be correct for a public lookup.
However your hostname's NS records are getting hijacked locally, just turn all this off, which will allow correct resolution using public NS servers.
guessing systems were configured to use external servers for dns hence the internal records which makes no sense
use internal dns for everything that is internal