Hi Folks --

Looking for some guidance on setting up an internal DNS zone, on an externally resolvable domain.

I own:  snyderfamily.co

I have set up "int.snyderfamily.co" to be a CNAME record that is set to "internalzone.ddns.net", so that when you ping "int.snyderfamily.co" you get my firewall "98.165.64.38"

I have set up a NAT so that all external port 53/853 queries that hit my WAN are redirected to my internal active directory server (10.0.10.3:53).

If I were to then create a record for say "plex.int.snyderfamily.co" -- I should get "10.20.0.3",  as the response (just the information, not the IP, which is non-routable) .... right?

I need someone to help validate my logic or fill in the gap where I'm missing.

Right now, things are set up under "snyderfamily.int" ... but I'm not understanding .... do I change my FW hostname to be "int.snyderfamily.co" since that is where the Public IP resolves?

Would I then reconfigure AD to be "ns1.int.snyderfamily.co" where the NAT is sending the DNS queries (or at least should be sending them)?

This is where it all breaks down in my mind and I get a whomping of anxiety -- because I don't want to fubar my existing (working) "snyderfamily.int" setup.

Your perspective, insight, and guidance on this are appreciated!

Thank you!!!

--
Thanks,
Alex.