3.1.1 DNS with internal/external zone

Your ISP is not likely delegating DNS to your server, you probably don't want to serve DNS publicly here due to the redundancy and due to the various hassles that can arise, and there's no reason to delegate a private IP block, so there's no reason to have two zones here. NAT with port forwarding or a VPN will get you from the public IP space to the private IP space with the private address block. Unless I'm misunderstanding.

ps: That "mydomain.com" is a real and registered domain, and not yours. Use example.com, example.org and example.net if you want to obfuscate.

Here is how to set up internal DNS, which provides an overview and details of the most central part of this project. Available from there are links from there to setting up public DNS — get your internal DNS going first, then get external DNS set up via your DNS provider.

In general, you will not be serving public DNS.

Exact details of what happens to get external DNS mapped to internal depends on whether you have static IP from your ISP, and what services you plan to use; web and mail have slightly different requirements and expectations.

adriandascalu wrote:

I resolve problem, I configure 2 different dns servers, one on lan, one on internet. And for nat, I forward all ports need by mail services.

If those two DNS servers are both referenced by hosts on the LAN, that won't work reliably — off-LAN DNS servers cannot resolve LAN-local addresses, so depending on which DNS server is selected...

adriandascalu wrote:

Only lan DNS (192.168.0.10) where I have private zone of dns, and 8.8.8.8 .. All works fine now.

It'll work for a while, and depending on which translation is requested and with which DNS server is queried. Should there be DNS translation failures for local addresses, then the client is probably aimed at Google DNS and will then probably need to eliminate that DNS server as an option for queries. Not all DNS clients will try multiple servers, and Google DNS cannot return local translations, after all.

Unrelated: if you're planning on using a VPN, 192.168.0.0/24 and 192.168.1.0/24 aren't the best choices for a NAT'd network — those two are very commonly used in home networks and coffee shops and such. VPNs are based on IP routing and IP routing is based on the subnets on the local and remote ends of the VPN, and IP routing doesn't generally work well with the same subnet present on both ends of the connection.

adriandascalu wrote:

Ok. So .. What configuration you recomend me ?! Thx

Just the DNS server(s) on the NAT'd host. Those are the only servers that will return local translations on a NAT'd network. Also please see the earlier link to some directions on configuring DNS services, if more details are of interest here.