We have a basic setup in a Windows Server 2008R2/2012R2 environment (fictional values) :
Private network 192.168.1.0/24
Public network 200.55.100.128/26
Private net is hosting a domain controller (AD) which is also a DNS server @ 192.168.1.5
There is a DMZ zone where a web server resides which is also a DNS server @ 200.55.100.180
Now currently hosts from the private network uses 200.55.100.180 as DNS server and our AD zone is on that server. Obviously that's not good because internal records are public. Using the internal DNS zone on the AD controller would be better.
I know I could split the DNS in 2 and have hosts use 192.168.1.5 but on my web server (DMZ) how would it reach my domain if the public AD zone doesn't have the domain records?
I would like to know the best setup, I don't have extra servers to add DNS servers.
Also as I only have 1 DNS server, should I setup an external ISP DNS server as secondary to prevent failures?
Thanks!