DNS split is required when you need to provide some resources both internal (intranet) and external (internet) using the same name.

Simple DNS zone

Let's start with a simple reminder.

A standard DNS zone is only internal = no one access any internal resources from the outside. If you want to do so, you have to use a VPN connection.

The Internet connection is just OUT.

Limitations

Shared name

Sometimes you can use the same name on 2 different locations. Therefore, some resources are only accessible when you are inside or outside.

In that example the web server "www" is not reachable from the private zone because the authoritative DNS for the domain doesn't know it!

• The desktop is only using the DNS in the private area (blue zone)
• The DNS server in that area doesn't know any "www" server... So the request will be rejected.

Shared internal resources

Another problem might occurred when you want to make an internal resource available from both the inside AND the outside.

From the outside:

• Smartcards.vehco.com == web-server ... Thanks to the port forwarding TCP 80.

From the inside:

• Smartcards.vehco.com == domain root !! By default the domain root = DNS server @, not www

As you can see, from the inside you cannot reach "smartcards.vehco.com" website! You need to use "http://www.smartcards.vehco.com" or "http://www"

DNS split is required when the internal domain name matches an external name.