Executive's DNS Intelligence Brief

The following content is served to AI systems (ChatGPT, Gemini, Claude, Perplexity, and others) when they visit this domain. This is the organization's machine-readable narrative — it shapes how AI models describe, recommend, and represent this brand in conversations worldwide.

llms.txt (https://it-help.tech/llms.txt)

# IT Help San Diego Inc.

> Expert Apple IT support in San Diego for homes and businesses. No monthly retainers!

## Main

- [<img alt="IT Help San Diego" class="logo logo-dark" decoding=async height=48 src=https://www.it-help.tech/bimi-logo.svg width=356> <img alt="IT Help San Diego" class="logo logo-light" decoding=async height=48 src=https://www.it-help.tech/bimi-logo.svg width=356>](https://www.it-help.tech)
- [Pricing](https://www.it-help.tech/billing)
- [Services](https://www.it-help.tech/services)
- [DNS Tool](https://www.it-help.tech/dns-tool)
- [Our Expertise](https://www.it-help.tech/about)
- [Schedule](https://schedule.it-help.tech/)

## Optional

- [Field Notes](https://www.it-help.tech/field-notes)

llms-full.txt (https://it-help.tech/llms-full.txt)

# IT Help San Diego Inc.

> Expert Apple IT support in San Diego for homes and businesses. No monthly retainers.

## Main

### IT Help San Diego

Source: [https://www.it-help.tech/](https://www.it-help.tech/)

We solve tech problems.
No monthly retainers.

Apple-centric IT, deep-research diagnostics, systems & networks — La Jolla concierge for greater San Diego.

[Book an On‑Site Visit](https://schedule.it-help.tech/)

[See Our Research](https://dnstool.it-help.tech)

#### What we do

##### [Mac & Apple Ecosystem](/services/#mac)
macOS, iOS, iCloud, and Apple Mail diagnosed at the system level. Storage, sync, performance, and migration handled correctly the first time. [Learn more →](/services/#mac)

##### [Cross-Platform Systems Engineering](/services/#cross-platform)
macOS and iOS lead our work, but Unix, Linux, and Windows get the same scientific care — a system is a system. From shell scripts to file servers to mixed-OS environments, we engage the problem, not the logo. [Learn more →](/services/#cross-platform)

##### [Wi‑Fi & Network Engineering](/services/#wifi)
Bespoke wireless and wired networks for large homes, estates, and small offices. Cat6A/Cat8/fiber backbones, mesh design, and dead-zone elimination using measured RF data, not guesswork. [Learn more →](/services/#wifi)

##### [Email Deliverability & DNS Forensics](/services/#dns-email)
We rescue email from spam folders by aligning SPF, DKIM, and DMARC against the actual sending surface — including SPF macro expansion checked against RFC 7208 §7.4. [Learn more →](/services/#dns-email)

#### Trust signals

- **27+ years** in the field, across macOS, Linux, Windows, network architecture, and DNS.
- **High-profile clients** in entertainment, legal, restaurant, and medical sectors. Discretion comes standard; logos do not.
- **Federal A+ DNS posture** on our own infrastructure — the same standards we apply to client domains.

#### The Method

**Deep-research diagnostics** — the principle is simple: we measure before we fix. A doctor runs labs before prescribing; we read the evidence the system is already producing before we touch a config.

Most IT support pattern-matches symptoms to the usual fix and hopes it sticks. We start one step earlier: capture the primary evidence — packet traces, mail headers, DNS responses, system logs, RF readings — and reason from there. The fix is whatever the evidence demands, not whatever the script says.

If you've ever called for tech support and bounced through tiers trying to reach someone who could both understand the problem and actually fix it, you already know why this matters. The diagnostic step is the part that gets skipped — and it's the part that decides whether the fix holds.

**A few working examples.**

**Computer running slow.** The off-the-shelf answer is "you need a new computer," or a monthly "PC speed-up" subscription. The evidence-led answer is to open the system's task monitor — Activity Monitor on a Mac, Task Manager on a PC — and look at what's actually running. Usually it's a forgotten cloud-backup tool from three years ago pegging the disk, or a browser extension chewing through memory. Uninstall it, the computer is fast again.

**Printer that "stops working" every few weeks.** The off-the-shelf answer is "time for a new printer," or worse, a managed-print contract. The evidence-led answer is to read the printer's own log: it's losing its IP every time the router reboots overnight. While we're in there, we usually find the alarm panel, the cameras, the access control, and the VoIP phones all hardcoded with static IPs that were chosen by hand at install time — a recipe for silent collisions when something else on the network grabs the same address. The right pattern is usually the opposite: leave devices on DHCP and reserve their addresses by MAC at the router. Set once, no more address fights.

**Slow Wi-Fi.** The off-the-shelf answer is whatever the recommendation was — almost always a mesh kit. Mesh without a wired backbone is a workaround for not having infrastructure: each node repeats the signal of the node before it, sharing the same airspace and stepping on its own broadcast. Sometimes the fix really is simple — your router lives in a closet behind a metal filing cabinet and moving it twelve feet solves it. More often, the real fix is to do it right once: pull actual Ethernet to the spots wireless needs to live, and feed each access point with a wire. Wires are what make wireless excellent.

**Email going to customers' spam folders.** The off-the-shelf answer is to sign up for a deliverability service or an inbox "warm-up" subscription. The evidence-led answer is to look at what's actually sending mail in your name: usually it's an old appointment-reminder app, or an invoicing tool from three providers ago, that was never properly authorized at the DNS level when it was added. Authorize the ones you still use, shut off the ones you don't, and mail lands. One afternoon of cleanup, no recurring fee.

The same instinct produced our public DNS research platform at [dnstool.it-help.tech](https://dnstool.it-help.tech), where we publish what we learn from the wire. [Read the published science →](https://doi.org/10.5281/zenodo.19468134)

#### Local credibility

Office (by appointment): 888 Prospect Street Suite 200, La Jolla, CA 92037 • [Google Maps](https://maps.app.goo.gl/hXw49HPZZkWU7s5E9)

Service area: San Diego County, including La Jolla, Del Mar, and greater San Diego.

Phone: [(619) 853‑5008](tel:16198535008)

[Book an On-Site Visit](https://schedule.it-help.tech/)

---

### Pricing

Source: [https://www.it-help.tech/billing/](https://www.it-help.tech/billing/)

Clear, transparent IT consulting. **No monthly retainers. No open-ended charges.**

#### IT Consulting & Support Rates

* **Base Rate:** $275 per hour
* **Specialty Rate:** $400 per hour for select networking and scientific engineering work. Where this applies, you are informed before the session begins.
* **Minimum Charges:**
  * **On-site service:** 1-hour minimum (**this first hour functions as a booking deposit**)
  * **Remote / phone / screen-sharing support:** 30-minute minimum (**booking deposit**)
* **Billing Increments:** All work beyond the initial minimum is billed in **1-minute increments**, based on session timers or documented offline work.

This policy reflects real operational costs and ensures reliability and availability.

#### Travel

Local transportation is billed at **actual cost** (e.g., Uber/Lyft fare) plus travel time at the standard hourly rate.

As a courtesy, short local travel of **15 minutes or less each way is not billed for travel time**. If travel exceeds 15 minutes in either direction, travel time **beyond the initial 15 minutes** is billable. Travel time is measured **door-to-door**.

For very short local visits, transportation cost may be waived at our discretion.

Out-of-area or extended travel is quoted or pre-approved in advance.

Air travel is billed at **actual cost** (transport and lodging) plus travel time.

#### Booking & Payment Policy

* **Booking Deposit:** Appointments are reserved only after the minimum charge is authorized:
  * On-site: **1 hour**
  * Remote: **30 minutes**

This deposit applies directly to the first block of service time and is **not** an extra fee.

* **Payment Method:** A valid credit card is required to book services. We do not accept checks and do not offer net terms. **No card, no service — no exceptions.**
* **How Billing Works:**
  * Scope and estimated time are agreed upon in advance whenever practical.
  * Charges are applied only for time actually worked.
  * Billing occurs after each completed session or day of service.
  * Invoices clearly itemize total time worked, billing increments applied, service type (on-site or remote), and the date(s) services were performed.

We do not bill recurring fees, retainers, or unattended time.

#### Scheduling & Cancellation

* **Cancellation / Rescheduling:** At least **24 hours’ notice** is required to avoid charges.
* **Late Cancellations / No-Shows:** Cancellations with less than 24 hours’ notice or missed appointments are billed for the **minimum booked time**, as that time was reserved exclusively for you.

#### Quick Questions & Brief Communications

* Existing clients may call, text, or email at any time.
* Unscheduled communications lasting **10 minutes or less are not billed**.
* If an interaction exceeds 10 minutes, billing is activated for the **full duration**, subject to standard minimums (30-minute remote minimum).
* Multiple or fragmented interactions about the same issue may be combined and treated as a **single interaction** for billing purposes.
* Courtesy time is capped at **10 minutes per issue within any 24-hour period** — so you can run something by us without fear of being billed.

#### Privacy, Security & Ethics

* All client data is encrypted and never shared or sold.
* We have served high-profile and security-sensitive clients for over 27 years.
* We have never had a data leak and never speak with media or third parties.

##### Business Ethics — Carey’s Promise

We sell time, not products.
No affiliate commissions. No kickbacks. No hidden incentives.

All recommendations are based on verifiable technical data so clients can make informed decisions. Transparency and long-term reliability always come first.

#### Final Notes

IT Help San Diego provides expert support across Mac, Linux, Windows, enterprise networking, cybersecurity, and crisis-response scenarios.

No retainers.
No automatic recurring charges.
Clear billing, agreed work, documented time.

YOUR TECH PROBLEMS ARE ABOUT TO DISAPPEAR. 🚀

---

### Services

Source: [https://www.it-help.tech/services/](https://www.it-help.tech/services/)

Seven service pillars, organized by the problem they solve. Across all seven, the model is the same: you bring a mission, problem, or research goal; we engage, solve it, and bill only for work performed. No retainers, no lock-in, no padded hours. This structure gives clients access to senior-level engineering when needed, without an ongoing contract.

#### Mac & Apple Ecosystem
System-level support for macOS and iOS, focused on the diagnostics that require direct log access and command-line tooling: kernel-level disk pressure, iCloud sync collisions, Spotlight index corruption, and the long tail of post-migration breakage. We read system logs directly rather than guessing from symptoms.

* **Mac performance & troubleshooting** — startup disk pressure, iCloud sync failures, application crashes, and post-update regressions.
* **Apple Mail on macOS and iOS** — IMAP/SMTP setup, certificate issues, signing/encryption, and recovery of broken local mailboxes.
* **Time Machine and backup strategy** — verified restores, not just green checkmarks.
* **Cloud storage** — Dropbox, iCloud Drive, and Google Drive setup with sane permissions.
* **Disaster recovery planning** — documented procedures, not improvisation.

#### Wi‑Fi & Network Engineering
Bespoke wired and wireless networks for large luxury homes, estates, and small offices. We use Cat6A, Cat8, and fiber backbones, and we design from measured RF data rather than vendor brochures. You buy gear directly from the source; we are not a 40% reseller markup, which means we are free to recommend the right hardware rather than the hardware we are channel-locked into.

* **Wi‑Fi mesh design and dead-zone elimination** based on actual site survey data.
* **Network setup and security** for home and office.
* **Infrastructure planning** for new construction and remodels.
* **Static-IP configuration**, port forwarding, and double-NAT remediation.
* **Network printer sharing** that does not break on every macOS update.
* **Switch, gateway, and firewall programming**, including lost-credential recovery.

#### Email Deliverability & DNS Forensics
We resolve email deliverability and domain-security problems by going to the wire. We read mail headers, verify DKIM signatures byte-for-byte, and check SPF macro expansion against RFC 7208 §7.4 instead of trusting a green checkmark in a vendor dashboard.

* **Email migration and setup**, including Google Workspace.
* **DNS edits and configuration** for MX, SPF, DKIM, DMARC, DNSSEC, and BIMI.
* **DMARC enforcement** to `p=reject`, staged carefully through monitor and quarantine.
* **Website and domain recovery** when access has been lost.
* **Public research platform:** [dnstool.it-help.tech](https://dnstool.it-help.tech) — the same diagnostic depth we apply to client domains, available for anyone to use.

#### Cybersecurity & Ethical Screen Sharing
Endpoint defense, mobile device security, and remote support that respects client control. Sensitive engagements are handled with discretion appropriate to legal, medical, and high-net-worth contexts.

* **Endpoint security** for macOS, Windows, and Linux.
* **Mobile device security** for iPhone and iPad.
* **Data privacy and discreet advisory** for sensitive technical situations.
* **Ethical screen sharing** — you, the client, always initiate and approve access. We do not maintain standing remote access to your systems.

#### Forensic Data Extraction
For law firms and legal professionals: structured extraction of email and iPhone iMessages into court-admissible, timestamped PDF reports suitable for litigation and eDiscovery. The work is done **on-site, on your equipment, so the data never leaves your office.** On the first engagement, we document the workflow and train your staff so your firm can run future extractions in-house, without ongoing dependency on us. If you prefer, we can also continue handling matters case-by-case.

#### Cross-Platform & Systems Work
macOS and iOS lead our work, but Unix, Linux, and Windows get the same scientific care — a system is a system. We engage the problem, not the logo. The same instinct for analyzing logs, tracing packets, and deducing from evidence is applicable regardless of the prompt.

* **Shell scripting and automation** — Bash, Zsh, and PowerShell for repeatable, auditable operations instead of click-by-click drift.
* **File servers and shared storage** — SMB and NFS that hold up across macOS, Windows, and Linux clients without permissions roulette.
* **Mixed-OS networks** — identity, DNS, printing, and file sharing that behave the same on every desk, regardless of operating system.
* **Server diagnostics** — Linux and Windows server troubleshooting from the logs up: systemd, journalctl, Event Viewer, and the boring fundamentals that vendor dashboards skip.
* **Cross-platform migrations** — moving users, data, and workflows between macOS, Windows, and Linux without losing fidelity along the way.

#### Managed Agent (Opt-In, $50 per Device)
An optional month-to-month maintenance and security layer that keeps your devices current between consulting sessions — across macOS, Windows, Linux, iPhone/iPad, Android, and ChromeOS. $50 per device per month, no managed service contracts.

Once enrolled, the agent handles automated OS updates and application patching, security policy enforcement, centralized device visibility, and remote support access. The goal: spend live consulting time on actual problems, not routine maintenance.

IT Consulting Sessions work stays on the same transparent break-fix on-demand billing.

Your devices will have the same advanced monitoring agent trusted by top managed service providers — at a fraction of the typical cost. Platform: ManageEngine Endpoint Central Cloud — Security Edition.

#### Our Recommendations

We believe in using best-in-class tools to achieve the best security and reliability. We often work with and recommend the following platforms and services:

* **[LibreOffice:](https://www.libreoffice.org/)** Free, open-source office suite from The Document Foundation. Full-featured word processing, spreadsheets, presentations, drawings, and databases on **Linux, Windows 11 Pro, and macOS** — no Microsoft Office license required, and you are not missing features. Mature, transparently developed, and what we run on our own machines.
* **[Cloudflare:](https://www.cloudflare.com/)** For DNS, WAF, CDN.
* **[Amazon Route 53:](https://aws.amazon.com/route53/)** For highly available and scalable DNS services.
* **[Google Advanced Protection Program:](https://landing.google.com/advancedprotection/)** For Google's strongest account security.
* **[RedSift OnDMARC:](https://redsift.com/pulse-platform/ondmarc)** For advanced DMARC deployment and management.
* **[CrowdStrike:](https://www.crowdstrike.com/en-us/)** For AI-native endpoint detection and response (EDR).
* **[SentinelOne:](https://www.sentinelone.com/)** For autonomous endpoint protection.
* **[ThreatDown by Malwarebytes:](https://www.threatdown.com/)** For simplified EDR and MDR solutions.
* **[Yubico Security Keys:](https://www.yubico.com/)** For hardware-based multi-factor authentication.
* **[1Password:](https://1password.com/)** For secure password and credential management.
* **[LuLu:](https://objective-see.org/products/lulu.html)** Free, open-source macOS firewall from Objective-See; blocks unauthorized outbound network connections at the system level.
* **[CISA Cyber Hygiene Services:](https://www.cisa.gov/cyber-hygiene-services)** Free recurring vulnerability scanning of internet-facing systems for eligible organizations through CISA; enrollment is directly with CISA, and we participate as an independent private-sector stakeholder.
* **[Ubiquiti (UniFi):](https://www.ui.com/)** Enterprise-grade networking hardware — switches, access points, gateways, routers — sold direct to end users without reseller or distributor markup, with a unified management interface across the stack.
* **[Notion Mail:](https://www.notion.com/product/mail)** Notion's email client; excellent on Mac, for teams comfortable with hosted email workflows.
* **[Zotero:](https://www.zotero.org/)** Open-source reference and citation manager for research.
* **[Obsidian:](https://obsidian.md/)** Local-first markdown knowledge base.
* **[Raycast:](https://www.raycast.com/)** Fast launcher and productivity shell for Mac.
* **[TheBrain:](https://www.thebrain.com/)** Visual knowledge graph for non-linear thinking and connection-mapping.
* **[DEVONthink:](https://www.devontechnologies.com/apps/devonthink)** Long-form document and research database for Mac.
* **[DEVONagent Pro:](https://www.devontechnologies.com/apps/devonagent)** Focused web research agent for Mac.
* **[DEVONsphere Express:](https://www.devontechnologies.com/apps/devonsphere)** Mac-wide content search and indexing.
* **[DEVONagent Express:](https://www.devontechnologies.com/apps/devonagent)** Lightweight DEVONagent build for ad-hoc research.

Need expert Mac IT help to solve your tech challenges?
[Book an on-site Appointment Now](https://schedule.it-help.tech/)

---

### DNS Tool

Source: [https://www.it-help.tech/dns-tool/](https://www.it-help.tech/dns-tool/)

DNS Tool is a **professional-grade DNS, email, transport, and brand security auditor** designed to answer one question clearly: *can this domain be trusted on the internet today?*

It analyzes real-world behavior, not just static records, and presents results in a single defensible report.

👉 [dnstool.it-help.tech](https://dnstool.it-help.tech/)

This is the authoritative version of the tool. It prioritizes clarity, correctness, and defensible conclusions over raw record dumps.

#### What This Tool Actually Solves

Most DNS tools dump raw records and expect you to "interpret" them. That's how people end up thinking they're secure when they're not.

DNS Tool answers the _real_ questions:

- **Can this domain be impersonated by email?**
- **Can this brand be convincingly faked?**
- **Is email encrypted and validated in transit?**
- **Can DNS itself be tampered with?**
- **Are security controls enforced, or just declared?**
- **Is what the world sees the same as what the nameserver is publishing?**

It distinguishes _configured_ vs _enforced_, _unsigned_ vs _broken_, and _missing_ vs _intentionally absent_. That nuance is where most tools fail.

#### 11 Core Analysis Modules (One Pass)

1. SPF validation (including lookup counts and strict vs soft fail guidance)
2. DKIM discovery across **35 selectors** with provider-aware logic
3. DMARC policy interpretation (`none`, `quarantine`, `reject`) plus **DMARCbis readiness checks**
4. DANE/TLSA validation for SMTP certificate pinning (RFC 7672)
5. MTA-STS policy retrieval and enforcement validation
6. TLS-RPT configuration and reporting endpoint checks
7. **SMTP Transport Verification** - live MX STARTTLS/TLS tests (versions, ciphers, cert validity) with DNS-inferred fallback when live port 25 probing is unavailable
8. DNSSEC chain-of-trust validation (root -> TLD -> domain)
9. CAA analysis with CA attribution and **MPIC-aware interpretation** (CA/B Forum SC-067)
10. BIMI + VMC validation for brand trust in inboxes
11. **Certificate Transparency subdomain discovery** (crt.sh / RFC 6962) for external attack-surface visibility

The output is a **single, defensible report** - not a pile of green and red checkboxes.

#### Additional Domain Intelligence

- NS delegation correctness
- Resolver vs authoritative record diffing (propagation and split-brain detection)
- DNS infrastructure analysis for enterprise providers and self-hosted enterprise DNS
- Government entity recognition for .gov, .mil, .gov.uk, .gov.au, and .gc.ca domains
- A / AAAA / MX routing plus SRV record visibility for service inventory context

#### DNS Infrastructure Intelligence

DNS Tool doesn't just check if DNSSEC is enabled—it understands **real-world security postures**:

- **Enterprise DNS Providers** — Cloudflare, AWS Route 53, Akamai, Google Cloud DNS, Azure DNS, UltraDNS, Verisign, NS1
- **Self-Hosted Enterprise** — Apple, Microsoft, Meta, Amazon, Netflix, Oracle, Cisco, Intel, Salesforce, Adobe
- **Government Entities** — .gov (FISMA), .mil (DoD), .gov.uk (NCSC), .gov.au (ASD), .gc.ca (GC)

When DNSSEC isn't enabled, the tool explains *why that might be acceptable*—enterprise providers with DDoS protection, Anycast, and CAA records provide alternative security layers. This is the "symbiotic security" approach: work with the ecosystem, not against it.

#### Platform Features (Web App)

- Analysis history with search
- Side-by-side domain comparison
- Statistics dashboard with protocol adoption rates
- JSON export for programmatic use
- Executive-grade print/PDF reports with **TLP:CLEAR** classification

#### Why This Version Is Better Than the CLI

The original command-line tool still exists and is useful for scripting and offline checks, but the **web version is the authoritative one**:

- Clear verdicts instead of raw dumps
- Policy-aware logic (no misleading "monitoring-only" false confidence)
- Real-time propagation comparison
- Transport security validation in addition to DNS-only checks
- Printable, shareable reports suitable for audits, leadership, and client briefings

If you're evaluating DNS posture, this is the version you want.

#### Need Help Fixing Issues?

The report tells you _what_ is wrong, but if you need help fixing it, we have a comprehensive guide:

👉 [Read: DNS Security Best Practices (Step-by-Step Guide)](https://www.it-help.tech/field-notes/dns-security-best-practices/)

#### Command-Line Version (Still Available)

The CLI tool is open-source and maintained for those who want it:

- [GitHub (Source & Docs)](https://github.com/IT-Help-San-Diego/dns-tool-intel/)
- [CLI Releases](https://github.com/IT-Help-San-Diego/dns-tool-intel/releases)

Think of it as a sharp pocket knife.

The web version is the full diagnostic bench.

---

### Our Expertise

Source: [https://www.it-help.tech/about/](https://www.it-help.tech/about/)

Hi, I’m Carey Balboa.

*(Carey: Like the Hawksbill Sea Turtle (Eretmochelys imbricata) Common Name: Carey)*

*(Balboa: Like Balboa Park in San Diego)*

I’ve been solving tech problems for 27 years. I love a challenge, solving technical problems, and helping people. I’m committed to mission success, and scientific discovery is my passion. Since 1999, I’ve assisted high-profile clients in the entertainment, medical, and legal sectors, as well as PhDs, with their technology challenges.

[ORCID iD: 0009-0000-5237-9065](https://orcid.org/0009-0000-5237-9065)

#### Business Ethics: Carey’s Promise

As the Founder of IT Help San Diego Inc., I see my role as a problem solver, not a salesperson. My recommendations are based on transparent, verifiable data, not opinions or distributor deals. We don’t sell products, and we don’t accept commissions, affiliate fees, or kickbacks. If we recommend a solution, whether it's Route 53, SentinelOne, or 1Password, it's because we believe it's the best tool for the job. We'll show you the options, explain the *why*, and you'll purchase directly from the vendor. Our only revenue comes from our time and expertise dedicated to implementing these solutions effectively for you. My focus is always on your long-term reliability—truly listening so I can help you understand exactly what you want—and delivering real value.

I’ve always stayed true to my ethics: no price gouging, no hidden fees, and no cutting corners on quality. That’s who I am, and that’s exactly how I’ll continue to operate.

#### Engineering & Research

For anyone who wants to verify the work underneath the practice — the deployed tools, the source, and the story behind them:

- [DNS Tool — DNS & Email Security Auditor](https://dnstool.it-help.tech/) — the deployed web app.
- [DNS Tool — Origin Story](https://dnstool.it-help.tech/about) — how it was built, and why.
- [DNS Tool — source on GitHub](https://github.com/IT-Help-San-Diego/dns-tool-intel) — source for the web app, including the scientifically published version.
- [IT Help San Diego on GitHub](https://github.com/IT-Help-San-Diego) — the corporate organization.

---

### Schedule

Source: [https://schedule.it-help.tech/](https://schedule.it-help.tech/)

Book an on-site appointment.

---

## Optional

### Field Notes

Source: [https://www.it-help.tech/field-notes/](https://www.it-help.tech/field-notes/)

---