Posted on 2006-05-16
Last Modified: 2010-04-13
I read to not expose your internal DNS service to the internet as this will expose information that shouldn't be public.  Is this accomplished by using DNS Forwarders (ISP) and setting up your internal domain to use mydomain.local?
Question by:vivo123
    LVL 2

    Expert Comment

    It's done thru public IP address (your isp will provide to you) and a DNS register. You will also need to setup NAT's on your firewall to pass thru the public ip address's to your private network.


    your domain is Your ISP give's you a public ip address of You register your domain name ( with a DNS register. You then setup a NAT on your firewall... to pass thru your firewall to 10.x.x.x.(your private network). This is just a quick and dirty (I'm short on time).

    LVL 25

    Accepted Solution

    >>Is this accomplished by using DNS Forwarders (ISP) and setting up your internal domain to use mydomain.local?
    no, not at all.

    DNS forwarders forward dns queries from your dns clients (PCs) that are pointed to your internal DNS server out to a public DNS server when your private DNS server doesn't know the answer to the query.  DNS forwarders have NOTHING to do with exposing your internal DNS records out to the public internet.

    your private DNS server usually just hosts DNS records for your private domain for PCs on your internal network.  Basically answers requests for dns queries like to the private ip of that server or other machine on your private domain.

    your public DNS records are totally different and should be hosted on a seperate server (assuming you host your own public DNS.  public DNS servers answer dns queries from computers OUTSIDE of your network.  There should only be records for servers that you want external users to access (mail, www, etc)  these records are usually for things such as and would point to the PUBLIC IP of your mail server.

    basically internal and external DNS are two completly different things,,, dont mix/confuse them.

    Author Comment

    Thank you for the clarification...  I was getting confused after reading some other posts.  I don't host my own public records.  I only NAT the public to private at the firewall for mail or www.

    LVL 25

    Expert Comment

    not a problem

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Suggested Solutions

    Title # Comments Views Activity
    Windows 2000 Kerberos problem 5 295
    auto copy 8 608
    Just changed my 2000 Server DCs IP now what 3 386
    ClamAV for Old Windows 2000 Server 7 1,833
    NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
    Create and license users in Office 365 in bulk based on a CSV file. A step-by-step guide with PowerShell script examples.
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now