How do I make DNS work with a firewall?
Some organizations want to hide DNS names from the outside. Many experts don’t think hiding DNS names is worthwhile, but if site/corporate policy mandates hiding domain names, this is one approach that is known to work. Another reason you may have to hide domain names is if you have a non-standard addressing scheme on your internal network. In that case, you have no choice but to hide those addresses. Don’t fool yourself into thinking that if your DNS names are hidden that it will slow an attacker down much if they break into your firewall. Information about what is on your network is too easily gleaned from the networking layer itself. If you want an interesting demonstration of this, ping the subnet broadcast address on your LAN and then do an “arp -a.” Note also that hiding names in the DNS doesn’t address the problem of host names “leaking” out in mail headers, news articles, etc. This approach is one of many, and is useful for organizations that wish to hide their host names f