Split DNS definition
Split DNS is a configuration where the same domain has two DNS servers (sub-domains): one for the internal network and one for the external network. In this configuration, hosts on the local network use an internal DNS server, while those on the wider internet use an external DNS server. A split DNS strategy abstracts and boosts security by not revealing the requested resource's internal IP address. Split DNS employs either two physical servers and a software server that execute several DNS processes or one physical server that can discriminate access to DNS records. An external DNS includes only short zone files for a domain with FTP, Web, and other server addresses. An internal DNS server stores DNS records.
Benefits of Split DNS
- Remote access to internal resources. Hides your network by preventing external users from accessing internal services. In a network with distant and local users, you can configure internal-only DNS domains for servers, resources, and apps. This enables you to control your own DNS records, so internal-facing apps are only accessible from your company network.
- Improved network latency. Directs queries to the appropriate server. Your employees' requests for YouTube, Facebook, or GitHub won't burden your internal DNS server with a split DNS arrangement. Your internal DNS server can go down without affecting anything.
- Improved obscurity. By setting up a split DNS configuration, you can hide DNS answers for the domains you choose. This helps with splitting internal and external queries by assigning internal IP addresses to internal-facing services.
Cons of Split DNS
- Manually keeping both DNS servers up to date with publicly available resources. While dynamic DNS would be convenient for a public DNS server, the security risks aren't worth it.
- Zone transfers are not possible because both servers host the principal zone for “yourcompany.com.” A transfer is only made possible to another secondary zone of the same domain name.