Split DNS question

Recently we installed a Cisco Pix firewall. We have two networks, internal and web.

In the internal zone machines are bound to 10.20.0.* addressess, the web zone 10.10.1.*

Our internet IP range is 65.220.68.

Do I need 3 sets of DNS servers?
Internal
Web
External?

The internal zone can access the web zone, but not the other way around.

Should I have an internal dns server that forwards requests to the web dns server, that way machines in the web network and internal network can access a name based on the internal ip scheme and another set of dns servers to resolve external addresses?

Is this a security issue? I've read a little bit about split dns and can't seem to find the answer.

thanks

 

 

 

 

Top