Pros/cons of using a private DNS vs. a public DNS
DNS is a very broad topic, even when you narrow it to have a security focus, however I will attempt to address this in a way that will make most sense to you. If you are looking for a very high level introduction to DNS, I would suggest this. For a little bit more detail, check this out.
First of all, you may want to be aware that Private DNS vs. Public DNS can be construed to mean multiple things. The first thing that I thought of was split-horizon DNS, where you use the same DNS name for internal and external, but provide different information depending on the source of the DNS request. There are other options, however, such as choosing to use completely different names internally and externally (such as example.com publicly and example.local privately). I have seen both implemented in corporations, however having completely separate internal and external DNS servers and namespaces is preferred from a security point of view.
You would typically want to keep your RFC1918 addresses only in your private DNS, as well as your private addresses which are Internet-accessible. This is less important with IPv4, but with IPv6, having Internet-accessible IP addresses is much more widespread (although not necessary).
Essentially, it boils down to the fact that you would want a private DNS infrastructure in order to serve employees, so that they would not need to memorize the IPs (or VIPs) of every service. You would not want these DNS entries available to the Internet because it could be used for enumeration or discovery (see section 2.6), among many other reasons. The security of a system is said to boil down to some basic concepts, and you must keep in mind that, if you release certain information, if it allows anybody to compromise the CIA triad.
There is also the option of an extranet DNS infrastructure, which would be for partner companies, or companies that you do business with on a regular basis.
Finally, public DNS is provided as a service to your customers, again, so that they will be able to contact whatever it is you are providing. A couple of security concepts to keep in mind with DNS include:
- DNS Open Resolvers and Amplification attacks
- DNS Cache Poisoning Attacks
- Zone transfers from rogue DNS servers
There are many, many more types of attack when discussing DNS, but I feel like the previous few are a good starting point. If you are interested in DNS security, I would also point you to this write-up, and also DNSSEC.