Using the same name for your internal infrastructure that you are using to identify your organization on the Internet can be very time-consuming and confusing. While users will not have any problem remembering just a single namespace, the administrative staff will have an increased workload to allow users the ability to access both internal and external resources.
A basic rule to protect your resources is to not allow external entities to discover your internal resources. If you want to use the same namespace internally as well as externally, you will have to use two completely different zones with the same namespace to guarantee that they will not share any zone information. Otherwise, zone transfers or Active Directory replication will populate the DNS servers that the external clients use with information about your internal network. Letting anyone outside of your organization access this information is not a good thing.
Therein lies the problem. How do you allow internal clients the ability to access resources outside of your internal infrastructure? For each of the web servers, SMTP servers, and any other server that is part of your Internet presence, you will have to manually enter the records into your internal DNS zones. If anything changes, you must make sure that you update the records accordingly. Missing any updates or forgetting to enter records for resources that the users need to access will cause plenty of phone calls to come your way!
Was this article helpful?