Split DNS

[Kevin Darcy]

linux at penguinpower.com wrote:

> Is setting up Split DNS bascially a waste of time? (too many ways for
> network info to leak out?)

I don't think so. Even if the bad guys can't connect directly to the IPs
in question, exposing your internal DNS structure can give them a
roadmap, should they somehow find some way into your internal network.
Also, the DNS names themselves sometimes give away information about
what projects the organization is working on and so forth -- information
that you may not want to be public knowledge. (Cricket had a neat term
for this syndrome ("forensic information", perhaps?), but I can't recall
it to mind and I can't find it in the class workbook).


- Kevin