I have 4 DNS servers on my network.

All are on NAT private IPs behind a firewall.

Two of them have NAT to public IPs, have a firewall rule which allows look ups but no resolving.

Two of them have NAT private IPs used for servers inside my network only which allows servers and users to resolve.

I am seeing a great deal of traffic on the private servers, which is somewhat normal since all of the inside machines and people are using them.

But, here is what I am wondering about. I have a never ending day in and day out stream of connections to my DNS servers, not sure if they are actually getting anything or not and that is my question.

I have servers which have web, email and a host of other services on them. Those servers provide services to the public and, they use my private DNS servers for their own resolving needs.

What I am wondering about is; Is it possible that hackers are sending queries to my public servers which in turn are sending DNS queries back to my private DNS servers, which in turn are returning otherwise private information back to the hacker about my network?

I hope I've explained this well but will be happy to add any additional information you might require in order to help me assess this.

Thank you for your help.

Mike