Global DNS Best Practices
Hello. On the WatchGuard knowledgebase, it mentions that DNS best practices for global DNS is to have it pointing to an internal DNS (private) server and an external DNS (public) server for redundancy if there are internal DNS servers in place. Obviously, internal DHCP, VPN, and tunnels would be strictly internal DNS. So, my question is this. Would the set up below be best practices, and why is this the case? Is there any harm to only setting global DNS to just internal DNS, especially if your firewalls are across the country with no way to support remotely if you lose connection? What happens if both internal DNS servers go down and there is no public facing DNS server?
DNS 1 - Primary Internal DNS
DNS 2 - Secondary Internal DNS
DNS 3 - 188.8.131.52 or 184.108.40.206 or 220.127.116.11 or 18.104.22.168 (you get the picture; this is what I think of when I think of public facing DNS).
Links I am reading from: