We are in a process of restructuring our infra , we had some bad design on DNS infra and trying to fix it now ,following is my infra .
AD 2008 R2 with integrated dns zones
FQDN = example.local
ISP hosting = example.com
this server is configured with public IP ( which is not recommended ) and forwards the request to ISP ( example .com )
=============================================
Restructuring plan
I am going with clean infra
VLAN 1 = prod network ( AD , DNS , IIS ) - remove public IP from AD / DNS server , configure the forwarder to point to DMZ dns server , so all my client requests for Microsoft.com now will hit the DMZ DNS server and the DNS Server will forward the queries to ISP.
VLAN 2 = DMZ = configure DNS server with Public IP and enable forwarder to ISP address
VLAN 3 = client network ( just clients ) to point to VLAN1 DNS
question I have is : do I need to create any zone in DMZ DNS server ? or will the DNS server handles my forward queries without any zone requirement.
if I have to configure the zone , what should be that zone ?