10.1 Shared DNS for Internet and Intranet
The easiest solution is sharing a DNS database between the Internet and intranet. This might be unsuitable for two reasons:
Translations of computers with nonroutable addresses (net 10/8, 172.16/12, or 192.168/16) are published on the Internet.
Information concerning the company structure is published (IP addresses of intranet computers). This information is usually confidential.
The most significant question when configuring DNS on the firewall is whether or not all Internet names should be translated on the intranet, and whether the intranet clients should be enabled to translate the names of the company.com domain that are located on the intranet only.
10.1.1 The Whole Internet is Translated on the Intranet
If the whole Internet is translated on the intranet, then the intranet must also route IP addresses of the whole Internet. This has some negative effects as well:
1. The routing of the intranet must be ready for this, i.e., all IP addresses that...
