DNS Zones, or selective DNS responses based on source IP/Zone

Question

Hey Guys!

This question is more of a "if possible" and "how"... Specific answers are always great, but so would any links to any How-To's, or other documentation explaining how to accomplish this.

So the Subject says it all in a nutshell, but it is possible I am not using the "proper" terms, so here are the details...

My UTM is set to forward and resolve DNS, and the details noted below work fine. My Internal Hosts can resolve DNS on both defined objects noted below, as well as external DNS in general (like google.com)

Let's say I have these internal hosts that resolve to IPs (based on DHCP Reservations and object definition):

Internal1 = 192.168.10.10

Internal2 = 192.168.10.11

And let's say I have these "external" hosts that resolve to IPs (again, based on the object definition):

External1 = 1.2.3.4

External2 = 5.6.7.8

In my current config, if I allow DNS resolution by external hosts, they can resolve those internal hosts, I do not want that.

I want *ALL* my internal hosts to be able to resolve DNS (as they can right now), but I only want to resolve the External hosts for DNS requests sourcing from outside my network.

Is this possible?

If so, how could I accomplish this?

This thread was automatically locked due to age.

BAlfson · Answer

Yes, but! 
 You don't want to offer DNS to the world for even one little thing. It's an open invitation to the Russian Mafia and the Chinese Military to attack you. Your public DNS should be handled wholly by your public authoritative name servers. Internally, configure as in DNS best practice . 
 Cheers - Bob