How to handle external and internal DNS on windows 2012
I'm trying to setup an Active Directory network on Server 2012 R2, and want AD's DNS to only be used internally (Ex: domain-controller.company.com) as well as some records that need both internal and external accessibility (Ex: mail.company.com) that use internal IP's on the internal network and finally some records that only need external access.
The only solutions i have been able to think of, or look up are to either use a sub domain that handles all internal records, and use the plain company.com domain for all external records. These both seem to mean i have to manage two DNS servers separately. Is either of these the best ways or am i messing up somewhere?
It's strongly recommended that you create separate internal and external DNS zones to avoid disclosing every detail about your topology to the entire internet. The risk is best mitigated by keeping the data separate. As well, by isolating public-facing DNS from AD and its auto-update functionality, you can prevent yet another mechanism that could potentially be used to hijack your records.
The way to do this without completely splitting DNS is to use a view, or split-horizon DNS, which windows doesn't support. So, either way, you'll have to manage a second set of DNS servers.
As well, you can use the same domain inside and out with different data (basically split-horizon), or a subdomain. It's your choice. For more on that, read Windows Active Directory naming best practices?.