and DNS servers are exposed to the outside world and are open by design. This doesn't match the security protocols of a private network. By filtering traffic between WAN and LAN, a DMZ can act as ...