Internal-zone IPs in a DMZ-zoned DNS server

Internet -> Router -> DMZ-zoned DNS with it's own public, internet-zone IPs, but containing DNS records for internal (192.168.x.x.) IPs for subdomain servers (serving internal zone databases etc.) -> Cisco firewall -> internal zone

Anything wrong with it? Or should all those internal-zone IPs be NAT-translated to public, internet-zone ones?

 

 

 

 

Top