Sign in with
Sign up | Sign in
Your question

NSLookup Shows Local Machine Name

Tags:
  • Microsoft
  • DNS
  • Servers
  • Windows
Last response: in Windows 2000/NT
Share
Anonymous
October 23, 2004 10:47:01 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

Hello Everyone and thanks for your help in advance. I am setting up new DNS
and mail servers and am relatively new to DNS. My problem is, I have set up
mydomain.com. It is hosted on a machine mydomain.local. There is also a mai
server, mail.mydomain.com that is hosted on mail.mydomain.local. My problem
is, in the headers of emails, it shows the mail as received from
mail.mydomain.,local. Also, in doing a DNS lookup through DNSReports, it
shows the primary nameserver as machinename.mydomain.local. I am getting
correct resolution on the domains, but I am concerened about disclosing the
machine names. There does not appear to be any reference to the local
machines in this particualr zone. So I am not sure why this is happening.
Any insight on this issue would be greatly appreciated. Thanks.

More about : nslookup shows local machine

Anonymous
October 23, 2004 9:38:31 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

"kmcnet" <kmcnet@discussions.microsoft.com> wrote in message
news:D 0E03C40-0D2A-41F3-BFB6-5A790CF3C172@microsoft.com...
> Hello Everyone and thanks for your help in advance. I am setting up new
DNS
> and mail servers and am relatively new to DNS. My problem is, I have set
up
> mydomain.com. It is hosted on a machine mydomain.local. There is also a
mai
> server, mail.mydomain.com that is hosted on mail.mydomain.local. My
problem
> is, in the headers of emails, it shows the mail as received from
> mail.mydomain.,local.

Normally the email server will report whatever Machine name
is ''official" for the computer OR whatever you specify in your
SMTP server software -- my guess is you specified the .local
name or let it default.

Once cannot fully answer this question without knowing the
software you are using.

> Also, in doing a DNS lookup through DNSReports, it
> shows the primary nameserver as machinename.mydomain.local.

I doubt that it is actually working (publicly like that with
DNSreports) using .local.

This is one of those cases where you should likely use the
actual names or risk confusing anyone trying to help you.

> I am getting
> correct resolution on the domains, but I am concerened about disclosing
the
> machine names. There does not appear to be any reference to the local
> machines in this particualr zone. So I am not sure why this is happening.
> Any insight on this issue would be greatly appreciated. Thanks.

If you have a public email server there can be little harm in
giving us the actual names and precisely what you have and
wish to have, along with your software and versions.

--
Herb Martin
Anonymous
October 24, 2004 6:09:11 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

kmcnet wrote:
> Hello Everyone and thanks for your help in advance. I am setting up
> new DNS and mail servers and am relatively new to DNS. My problem
> is, I have set up mydomain.com. It is hosted on a machine
> mydomain.local. There is also a mai server, mail.mydomain.com that
> is hosted on mail.mydomain.local. My problem is, in the headers of
> emails, it shows the mail as received from mail.mydomain.,local.

The headers will *include* the server's full name (mail.mydomain.local), as
will a telnet to port 25 on your public IP or A record specified in your MX
record. This is normal -

> Also, in doing a DNS lookup through DNSReports, it shows the primary
> nameserver as machinename.mydomain.local.

Unusual...are you 100% sure? .local isn't a top level domain and can't be
used on the Internet. Are you looking up mydomain.com ? That's what you
should be looking up - if you see .local referenced in there anywhere but in
your server's mail greeting banner on the mail test, your public DNS isn't
set up right.

> I am getting correct
> resolution on the domains, but I am concerened about disclosing the
> machine names.

Why? Anyone who can send you mail can see your mail server's name. It
doesn't represent a security risk. I don't know what your mail system is,
but security does not begin there - it begins with protecting your network
at the perimeter to block unwanted/dangerous inbound traffic, keeping your
servers patched, using a good security/password policy, etc etc etc....

> There does not appear to be any reference to the
> local machines in this particualr zone. So I am not sure why this is
> happening. Any insight on this issue would be greatly appreciated.
> Thanks.
Related resources
Anonymous
October 24, 2004 7:26:21 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:D 0E03C40-0D2A-41F3-BFB6-5A790CF3C172@microsoft.com,
kmcnet <kmcnet@discussions.microsoft.com> commented
Then Kevin replied below:
> Hello Everyone and thanks for your help in advance. I am
> setting up new DNS and mail servers and am relatively new
> to DNS. My problem is, I have set up mydomain.com. It
> is hosted on a machine mydomain.local. There is also a
> mai server, mail.mydomain.com that is hosted on
> mail.mydomain.local. My problem is, in the headers of
> emails, it shows the mail as received from
> mail.mydomain.,local. Also, in doing a DNS lookup
> through DNSReports, it shows the primary nameserver as
> machinename.mydomain.local. I am getting correct
> resolution on the domains, but I am concerened about
> disclosing the machine names. There does not appear to
> be any reference to the local machines in this particualr
> zone. So I am not sure why this is happening. Any
> insight on this issue would be greatly appreciated.
> Thanks.

Is you zone Active Directory integrated?
You will have to change it to standard primary, the change the Primary Name
Server on the SOA record to reflect the name of your NS records listed at
the gTLD servers for your domain.
Note- If this zone is the zone for an AD domain the primary name server will
change back to the DC name once it is refreshed from AD.


--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Anonymous
October 25, 2004 3:01:31 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:D 0E03C40-0D2A-41F3-BFB6-5A790CF3C172@microsoft.com,
kmcnet <kmcnet@discussions.microsoft.com> made a post then I commented below
> Hello Everyone and thanks for your help in advance. I am setting up
> new DNS and mail servers and am relatively new to DNS. My problem
> is, I have set up mydomain.com. It is hosted on a machine
> mydomain.local. There is also a mai server, mail.mydomain.com that
> is hosted on mail.mydomain.local. My problem is, in the headers of
> emails, it shows the mail as received from mail.mydomain.,local.
> Also, in doing a DNS lookup through DNSReports, it shows the primary
> nameserver as machinename.mydomain.local. I am getting correct
> resolution on the domains, but I am concerened about disclosing the
> machine names. There does not appear to be any reference to the
> local machines in this particualr zone. So I am not sure why this is
> happening. Any insight on this issue would be greatly appreciated.
> Thanks.

IN addition to everyone's responses, I would suggest to use a separate DNS
server to host your external data. It *appears* that you are using an
internal DNS hosting your AD info. If you can confirm that, please let us
know.

Maybe you can help us to help you better by providing the actual name. As
Lanwench said, it's really not a security issue to post the name, unless you
feel you haven't secured your mail server properly or you have relaying
allowed?

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
=================================
Anonymous
October 25, 2004 4:03:04 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

Hello Everyone and thanks for your response. I am using Exchange 2003 on one
Windows 2003 box. The DNS is being handled by another 2003 box within the
network, that is integrated with Active Directory. The domain name is
pocanticolane.com. My primary question is, will I have any security or
routing issues because of this?

Again, everyone's help is greatly appreciated.

"Ace Fekay [MVP]" wrote:

> In news:D 0E03C40-0D2A-41F3-BFB6-5A790CF3C172@microsoft.com,
> kmcnet <kmcnet@discussions.microsoft.com> made a post then I commented below
> > Hello Everyone and thanks for your help in advance. I am setting up
> > new DNS and mail servers and am relatively new to DNS. My problem
> > is, I have set up mydomain.com. It is hosted on a machine
> > mydomain.local. There is also a mai server, mail.mydomain.com that
> > is hosted on mail.mydomain.local. My problem is, in the headers of
> > emails, it shows the mail as received from mail.mydomain.,local.
> > Also, in doing a DNS lookup through DNSReports, it shows the primary
> > nameserver as machinename.mydomain.local. I am getting correct
> > resolution on the domains, but I am concerened about disclosing the
> > machine names. There does not appear to be any reference to the
> > local machines in this particualr zone. So I am not sure why this is
> > happening. Any insight on this issue would be greatly appreciated.
> > Thanks.
>
> IN addition to everyone's responses, I would suggest to use a separate DNS
> server to host your external data. It *appears* that you are using an
> internal DNS hosting your AD info. If you can confirm that, please let us
> know.
>
> Maybe you can help us to help you better by providing the actual name. As
> Lanwench said, it's really not a security issue to post the name, unless you
> feel you haven't secured your mail server properly or you have relaying
> allowed?
>
> --
> Regards,
> Ace
>
> Please direct all replies ONLY to the Microsoft public newsgroups
> so all can benefit.
>
> This posting is provided "AS-IS" with no warranties or guarantees
> and confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft Windows MVP - Windows Server - Directory Services
>
> Security Is Like An Onion, It Has Layers
> HAM AND EGGS: A day's work for a chicken;
> A lifetime commitment for a pig.
> --
> =================================
>
>
>
Anonymous
October 25, 2004 11:04:44 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

kmcnet wrote:
> Hello Everyone and thanks for your response. I am using Exchange
> 2003 on one Windows 2003 box. The DNS is being handled by another
> 2003 box within the network, that is integrated with Active
> Directory. The domain name is pocanticolane.com. My primary
> question is, will I have any security or routing issues because of
> this?
>
> Again, everyone's help is greatly appreciated.

If you're hosting your public DNS in-house, it needs to be on another
server, ideally in your DMZ or something. Not an AD-integrated DNS server.
Do not mix your AD DNS with your public DNS.

I generally advise against this for small offices - keep your DNS hosted
externally, at your ISP, registrar, whatnot. It's a lot to handle/manage &
you're unlikely to have the kind of redundancy built in that your ISP etc.
would.
>
> "Ace Fekay [MVP]" wrote:
>
>> In news:D 0E03C40-0D2A-41F3-BFB6-5A790CF3C172@microsoft.com,
>> kmcnet <kmcnet@discussions.microsoft.com> made a post then I
>> commented below
>>> Hello Everyone and thanks for your help in advance. I am setting up
>>> new DNS and mail servers and am relatively new to DNS. My problem
>>> is, I have set up mydomain.com. It is hosted on a machine
>>> mydomain.local. There is also a mai server, mail.mydomain.com that
>>> is hosted on mail.mydomain.local. My problem is, in the headers of
>>> emails, it shows the mail as received from mail.mydomain.,local.
>>> Also, in doing a DNS lookup through DNSReports, it shows the primary
>>> nameserver as machinename.mydomain.local. I am getting correct
>>> resolution on the domains, but I am concerened about disclosing the
>>> machine names. There does not appear to be any reference to the
>>> local machines in this particualr zone. So I am not sure why this
>>> is happening. Any insight on this issue would be greatly
>>> appreciated. Thanks.
>>
>> IN addition to everyone's responses, I would suggest to use a
>> separate DNS server to host your external data. It *appears* that
>> you are using an internal DNS hosting your AD info. If you can
>> confirm that, please let us know.
>>
>> Maybe you can help us to help you better by providing the actual
>> name. As Lanwench said, it's really not a security issue to post the
>> name, unless you feel you haven't secured your mail server properly
>> or you have relaying allowed?
>>
>> --
>> Regards,
>> Ace
>>
>> Please direct all replies ONLY to the Microsoft public newsgroups
>> so all can benefit.
>>
>> This posting is provided "AS-IS" with no warranties or guarantees
>> and confers no rights.
>>
>> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
>> Microsoft Windows MVP - Windows Server - Directory Services
>>
>> Security Is Like An Onion, It Has Layers
>> HAM AND EGGS: A day's work for a chicken;
>> A lifetime commitment for a pig.
>> --
>> =================================
Anonymous
October 25, 2004 11:04:45 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

Again, thanks for the help. I think you have assisted me in the past, and as
I had mentioned, this is a test lab for my learningn purposes. Could someone
clue me in as to the ramifications of integrating the domain with AD or not?

"Lanwench [MVP - Exchange]" wrote:

> kmcnet wrote:
> > Hello Everyone and thanks for your response. I am using Exchange
> > 2003 on one Windows 2003 box. The DNS is being handled by another
> > 2003 box within the network, that is integrated with Active
> > Directory. The domain name is pocanticolane.com. My primary
> > question is, will I have any security or routing issues because of
> > this?
> >
> > Again, everyone's help is greatly appreciated.
>
> If you're hosting your public DNS in-house, it needs to be on another
> server, ideally in your DMZ or something. Not an AD-integrated DNS server.
> Do not mix your AD DNS with your public DNS.
>
> I generally advise against this for small offices - keep your DNS hosted
> externally, at your ISP, registrar, whatnot. It's a lot to handle/manage &
> you're unlikely to have the kind of redundancy built in that your ISP etc.
> would.
> >
> > "Ace Fekay [MVP]" wrote:
> >
> >> In news:D 0E03C40-0D2A-41F3-BFB6-5A790CF3C172@microsoft.com,
> >> kmcnet <kmcnet@discussions.microsoft.com> made a post then I
> >> commented below
> >>> Hello Everyone and thanks for your help in advance. I am setting up
> >>> new DNS and mail servers and am relatively new to DNS. My problem
> >>> is, I have set up mydomain.com. It is hosted on a machine
> >>> mydomain.local. There is also a mai server, mail.mydomain.com that
> >>> is hosted on mail.mydomain.local. My problem is, in the headers of
> >>> emails, it shows the mail as received from mail.mydomain.,local.
> >>> Also, in doing a DNS lookup through DNSReports, it shows the primary
> >>> nameserver as machinename.mydomain.local. I am getting correct
> >>> resolution on the domains, but I am concerened about disclosing the
> >>> machine names. There does not appear to be any reference to the
> >>> local machines in this particualr zone. So I am not sure why this
> >>> is happening. Any insight on this issue would be greatly
> >>> appreciated. Thanks.
> >>
> >> IN addition to everyone's responses, I would suggest to use a
> >> separate DNS server to host your external data. It *appears* that
> >> you are using an internal DNS hosting your AD info. If you can
> >> confirm that, please let us know.
> >>
> >> Maybe you can help us to help you better by providing the actual
> >> name. As Lanwench said, it's really not a security issue to post the
> >> name, unless you feel you haven't secured your mail server properly
> >> or you have relaying allowed?
> >>
> >> --
> >> Regards,
> >> Ace
> >>
> >> Please direct all replies ONLY to the Microsoft public newsgroups
> >> so all can benefit.
> >>
> >> This posting is provided "AS-IS" with no warranties or guarantees
> >> and confers no rights.
> >>
> >> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> >> Microsoft Windows MVP - Windows Server - Directory Services
> >>
> >> Security Is Like An Onion, It Has Layers
> >> HAM AND EGGS: A day's work for a chicken;
> >> A lifetime commitment for a pig.
> >> --
> >> =================================
>
>
>
Anonymous
October 26, 2004 2:07:01 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

kmcnet wrote:
> Again, thanks for the help. I think you have assisted me in the
> past, and as I had mentioned, this is a test lab for my learningn
> purposes. Could someone clue me in as to the ramifications of
> integrating the domain with AD or not?

Integrating your public DNS with your AD DNS? I don't have any links for
you, sorry. It is just a Very Bad Idea and will Cause Major Problems. Don't
do it. :-)
>
> "Lanwench [MVP - Exchange]" wrote:
>
>> kmcnet wrote:
>>> Hello Everyone and thanks for your response. I am using Exchange
>>> 2003 on one Windows 2003 box. The DNS is being handled by another
>>> 2003 box within the network, that is integrated with Active
>>> Directory. The domain name is pocanticolane.com. My primary
>>> question is, will I have any security or routing issues because of
>>> this?
>>>
>>> Again, everyone's help is greatly appreciated.
>>
>> If you're hosting your public DNS in-house, it needs to be on another
>> server, ideally in your DMZ or something. Not an AD-integrated DNS
>> server. Do not mix your AD DNS with your public DNS.
>>
>> I generally advise against this for small offices - keep your DNS
>> hosted externally, at your ISP, registrar, whatnot. It's a lot to
>> handle/manage & you're unlikely to have the kind of redundancy built
>> in that your ISP etc. would.
>>>
>>> "Ace Fekay [MVP]" wrote:
>>>
>>>> In news:D 0E03C40-0D2A-41F3-BFB6-5A790CF3C172@microsoft.com,
>>>> kmcnet <kmcnet@discussions.microsoft.com> made a post then I
>>>> commented below
>>>>> Hello Everyone and thanks for your help in advance. I am setting
>>>>> up new DNS and mail servers and am relatively new to DNS. My
>>>>> problem is, I have set up mydomain.com. It is hosted on a machine
>>>>> mydomain.local. There is also a mai server, mail.mydomain.com
>>>>> that is hosted on mail.mydomain.local. My problem is, in the
>>>>> headers of emails, it shows the mail as received from
>>>>> mail.mydomain.,local. Also, in doing a DNS lookup through
>>>>> DNSReports, it shows the primary nameserver as
>>>>> machinename.mydomain.local. I am getting correct resolution on
>>>>> the domains, but I am concerened about disclosing the machine
>>>>> names. There does not appear to be any reference to the local
>>>>> machines in this particualr zone. So I am not sure why this is
>>>>> happening. Any insight on this issue would be greatly
>>>>> appreciated. Thanks.
>>>>
>>>> IN addition to everyone's responses, I would suggest to use a
>>>> separate DNS server to host your external data. It *appears* that
>>>> you are using an internal DNS hosting your AD info. If you can
>>>> confirm that, please let us know.
>>>>
>>>> Maybe you can help us to help you better by providing the actual
>>>> name. As Lanwench said, it's really not a security issue to post
>>>> the name, unless you feel you haven't secured your mail server
>>>> properly or you have relaying allowed?
>>>>
>>>> --
>>>> Regards,
>>>> Ace
>>>>
>>>> Please direct all replies ONLY to the Microsoft public newsgroups
>>>> so all can benefit.
>>>>
>>>> This posting is provided "AS-IS" with no warranties or guarantees
>>>> and confers no rights.
>>>>
>>>> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
>>>> Microsoft Windows MVP - Windows Server - Directory Services
>>>>
>>>> Security Is Like An Onion, It Has Layers
>>>> HAM AND EGGS: A day's work for a chicken;
>>>> A lifetime commitment for a pig.
>>>> --
>>>> =================================
Anonymous
October 27, 2004 12:00:22 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:A5D65265-6A96-4D92-BF38-8B0EAC753354@microsoft.com,
kmcnet <kmcnet@discussions.microsoft.com> made a post then I commented below
> Again, thanks for the help. I think you have assisted me in the
> past, and as I had mentioned, this is a test lab for my learningn
> purposes. Could someone clue me in as to the ramifications of
> integrating the domain with AD or not?
>

This is NOT recommended.

Reasons NOT to host a hostname server (DNS server) for public resolution of
your external domain name on your AD domain controller's DNS server:

1. Exposing your internal data to the world (why would you want to do
that?).
2. Exposing your DC to the world (why would you want to do that?).
2. Mixing private and public IPs on the same server is very PROBLEMATIC, to
put it lightly.
3. The private IP of the SOA on the internal DNS for public use will cause
issues.

As Lanwench said, you'll need TWO SEPARATE DNS servers that are not part of
your internal AD domain (a standalone), with most services disabled other
than what's required (no IIS, no messenger service, no NetBIOS, uninstall .
Hosting a nameserver for external public use requires two nameservers for
each domain, as per the registrar rules.

Believe me, using your registrar's hostname servers is way easier. Less
headaches, less hardware, and sleeping better at night not having to worry
about anyone trying to exploit any vulnerabilities on your machine.


Ace
!