The nature of mobile devices that roam from site to site, often means that private DNS records unintentionally leak out to the public Internet. For example:
|DNS record OK to be public visible||DNS record that should remain secret|
As soon as the app is launched at home, the home router is asked:
Hi, where is YourSecretServer.YourCompany.local?
And, of course, it sends that request upstream to your Internet Service Provider. Even though it cannot answer it, the DNS request (the question above) has been sent across the Internet in clear-text and therefore subject to surveillance of the most trivial kind.
To avoid this type of DNS leakage, DNSthingy firmware never allows DNS queries to be sent to the Internet unless they are part of the Mozilla Public Suffix list found at:
In any and all foreign premises where DNSthingy answers DNS queries, when the query for YourSecretServer.YourCompany.local is asked, DNSthingy simply answers with NXDOMAIN, meaning it does not exist.
That’s how we prevent DNS record leakage in all of our current firmware versions.