Map External DNA to Internal DNA Behind NAT

This is mygoal, and any advice would be helpful...

Forward

1>We have three XServe systems, plus two WinDoze NT systems and some various Linux servers.

2>We have a public DNS via Dyn.

3>Ourequipment is behind a NAT, running DD-WRT, behind a Cisco router, and on a dynamic IP. (No chance inchangingthis.)

What We Want To Do:

At present, our routing is like this:

Dyn->Router/Gateway/NAT->Primary XServe->Local Apache

What I would *like* to do:

Dyn (primary DNS)->Router/Gateway/Nat->Xserve DNS-> Redirect to specified IP on LAN.

I encountered sone glitches trying to do this: Is there any reason it would not work?

Here is an example:

Public IP 1.2.3.4

1>Dyn-> Resolves main.com to 1.2.3.4 (port 443)

2>Gateway/Router/Nat-> Resolves main.com 192.168.1.2 (MainServer) via NAT for port 443

3>DNS on 192.168.1.2-> Resolves main.com to other LAN system at 192.168.1.2 via XServe DNS on 192.168.1.2

4>DNS at 192.168.1.2 completes resolution (local).

5>Dyn-> Resolves example.com to 1.2.3.4 (port 443)

6>Gateway/Router/Nat-> Resolves example.com 192.168.1.2 (MainServer) via NAT for port 443

7>DNS on 192.168.1.2-> Resolves example.com to other LAN system at 192.168.1.3 via XServe DNS on 192.168.1.2

8>DNS at 192.168.1.3 completes resolution (local).

9>Dyn Resolves other.com to 1.2.3.4 (port 443)

10>Gateway/Router/Nat-> Resolves other.com 192.168.1.2 via NAT for port 443

11>DNS on 192.168.1.2-> Resolves other.com to other LAN system at 192.168.1.4 via XServe DNS on 192.168.1.2

12>DNS at 192.168.1.5 completes resolution (local).

13>Dyn Resolves misc.com to 1.2.3.4 (port 443)

14>Gateway/Router/Nat-> Resolves misc.com 192.168.1.2 via NAT for port 443

15>DNS on 192.168.1.2-> Resolves DNS resulution of misc.com to other LAN DNS at 192.168.1.10 via XServe DNS on 192.168.1.2

16>DNS at 192.168.1.10 resolves misc.com to other LAN system at 192.168.1.11 via XServe DNS on 192.168.1.10

17>DNS at 192.168.1.11 completes resolution (local).

In otherwords, use the local DNS at 192.168.1.2 to resolve/redirect/routetrafficfor CNAME entries to other servers on the same LAN; essentially,usingthesecond DNS to route/hop the record to another local machine, withits own DNS to provide directory info for specific (virtualised) sites.

For some odd reason, the DNS utilities (OSX Server 10.5.8, Advanced Mode, Server Admin & Workgroup Manager mode) didn't like this.

Any suggestions, walkthroughs, orother help would be fantastic! Thanks!

A few important notes:

We cannot switch to 10.6+: Our network includex mixed Intel and PPC systems that need classic support.

We cannot get static IPs.

We must be behind the NAT.

I see no reason why routing DNS entries from a primary DNS toa secondary, and possibly to a third fromthere should pose problems... We appeciate any feedback.