Risk in adverting intranet on the Internet

[Quadri, Jay]

Thank you, I agree with you entirely, a lot of companies do do it, I think
mostly because its convenient: they query names externally route internally
to get to that node.   A business unit can put the whole company at risk
simply by the Internet leakage on their Intranet DNS server. Intranet &
Extranet DNS server trust each other and do DNS transfers all the time.  

Making an intranet name available on the net increases attacks such as
anti-spoofing taking place. E.g. A hostname such as cust_sales says a lot.
Besides no one can guarantee that their Firewall administrator keeps the
rulebase incheck with the security policy.  The Security policy might even
have holes in them.  

On top of implementing Firewalls,  every Branch or business unit must
implement allow-transfer and allow-query option on every DNS servers.
Implementing this requires the Hostmaster to know the entire topology of the
company including extranet ones.