• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 446
  • Last Modified:


I read to not expose your internal DNS service to the internet as this will expose information that shouldn't be public.  Is this accomplished by using DNS Forwarders (ISP) and setting up your internal domain to use mydomain.local?
  • 2
1 Solution
It's done thru public IP address (your isp will provide to you) and a DNS register. You will also need to setup NAT's on your firewall to pass thru the public ip address's to your private network.


your domain is catco.com. Your ISP give's you a public ip address of You register your domain name (catco.com) with a DNS register. You then setup a NAT on your firewall... to pass thru your firewall to 10.x.x.x.(your private network). This is just a quick and dirty (I'm short on time).

>>Is this accomplished by using DNS Forwarders (ISP) and setting up your internal domain to use mydomain.local?
no, not at all.

DNS forwarders forward dns queries from your dns clients (PCs) that are pointed to your internal DNS server out to a public DNS server when your private DNS server doesn't know the answer to the query.  DNS forwarders have NOTHING to do with exposing your internal DNS records out to the public internet.

your private DNS server usually just hosts DNS records for your private domain for PCs on your internal network.  Basically answers requests for dns queries like server.yourinternaldomain.com to the private ip of that server or other machine on your private domain.

your public DNS records are totally different and should be hosted on a seperate server (assuming you host your own public DNS.  public DNS servers answer dns queries from computers OUTSIDE of your network.  There should only be records for servers that you want external users to access (mail, www, etc)  these records are usually for things such as mail.externaldomainname.com and would point to the PUBLIC IP of your mail server.

basically internal and external DNS are two completly different things,,, dont mix/confuse them.
vivo123Author Commented:
Thank you for the clarification...  I was getting confused after reading some other posts.  I don't host my own public records.  I only NAT the public to private at the firewall for mail or www.

not a problem

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now