I'm new at AD so I'm asking for forgiveness in advance for not knowing and the complexity ...
I have an internal forest for private domains. I'm setting up a "separate" forest in the domain mainly for our external dns servers. I have an authoritative dns that has about 50 customer zones.
I have 4 dns servers in 2 locations...dns1.abc.com and ns1.abc.com in the primary location & dns2.abc.com and ns2.abc.com in the secondary location. The Firewall is separating incoming public traffic where customers with zones on the dns is routed to dns1 and dns2 while all other public queries go to ns1 and ns2.
AD setup: 1 forest & 1 domain ... abc.com (which is a registered domain...it was created so the internal network would have a private domain of corp.abc.com). The servers are all DCs with private IPs named dns1 (172.16.10.1), dns2 (172.16.11.1), ns1 (172.16.10.2) , & ns2 (172.16.11.2). I'm trying this to get away from text dns records and have them in AD. dns1 is AD primary DC. ns1 and ns2 are RODC.
DNS setup: abc.com domain is only used in the DMZ ... it is not used internally or externally. I have an external registered domain ns1.xyz.com and ns2.xyz.com with public IPs that are routed to ns1.abc.com and ns2.abc.com. xyz.com has a zone on the dns servers. ns1 and ns2 are authoritative dns servers.
Issues: The SOA is dns1.abc.com. There are 4 NS records ... dns1.abc.com, dns2.abc.com, ns1.xyz.com, & ns2.xyz.com. I was thinking i needed to change the SOA to ns1.xyz.com and remove the dns1.abc.com and dns2.abc.com NS records since they have private DMZ IPs, but i can't change the SOA or remove the NS records. The public internet side should only see ns1.xyz.com and ns2.xyz.com as their dns.
Do i need to change some settings, start from scratch, or am I trying to do something I shouldn't?