A couple of days I have been searching any articles on the Internet about to publicise the DNS as an external. However, I only found on Microsoft TechNet, the URL link below was really useful for Securing DNS Server:
why I cover this topic, because it concerns to me that I try to find out why the Split DNS is vital for Internal and External network.
What I found !
If we want to make our own DNS to be a public DNS that can query such host record A, CNAME (Alias), MX record, make sure that there are no internal IP address exposed to the Internet and also the zones for internal should not be there.
External DNS server should be in DMZ Zone and where you don’t keep the internal records in this DNS. External DNS (which is for public DNS) was a stand alone server that does not join domain of the internal network.
I’ve tried some proven point that external users can query the internal IP Address,hostname and zones IF I put the Internal and DMZ IP address in the Public DNS Server. This can be done by simple command such as NSLOOKUP.
In my Local Network, There is an Internal DNS Server where only records all zones, IP address of internal site only.
My Public DNS only handles such records below:
www .netoverme.info resolve website where ip address 220.127.116.11
mail.netoverme.info resolve mx record where ip address 18.104.22.168
netoverme.info resolve domain where ip address 22.214.171.124
My Internal DNS Server
www.netoverme.local resolve 192.168.0.1 internal website
ns1.netoverme.local resolve 192.168.0.2 nameserver