Donald Murray wrote:
If the webserver is on the internal LAN, split DNS should resolve differently for internal versus external users. Because the internal users receive an IP for the internal LAN, the firewall is bypassed. No DNAT or SNAT duct tape required. If the webserver is in a DMZ... split DNS should again resolve differently for internal vs external users. Because the internal users receive an IP on a different subnet, their webserver traffic is routed through the firewall. Again, no DNAT/SNAT duct tape required. Does this sound correct?
I concur.
