Split DNS, also known as split-horizon DNS, uses the same DNS domain name for both internet and internal domain-member resources. However, the DNS server role is assigned to separate servers: one or more servers for the internet, and the other server(s) for the AD DS domain. Deploying DNS this way requires extra steps to ensure that sensitive information found on the AD DS domain side is separated from the internet side, and to ensure that only the DNS server deployed on the internet side, that is, outside the inner firewall, can be accessed by queries from outside the firewall.
- 4 views