> Yes and no. The DNS data is a potent source of information for
> industrial espionage. It's also useful to hackers for target selection.
Of course, things like hostnames already leak out every day (have you looked at
the Received: headers on mail?) so it's not clear that DNS is really opening
you up that much. The only information that serves no functional purpose and
gives crackers useful information is the DNS HINFO data (although similar
information is often available in Received: headers as well). Of course, with
hostnames like mac1, joes-pc, etc. the HINFO data isn't giving away anything
too obvious either.
A question - how many people who install separate DNS external and internal
servers also modify the MTA on the bastion host to strip out all Received:
headers on outgoing mail? I suspect that very few do this.