I wonder what server I put in DMZ zone. I know the DMZ zone is for all servers or services who must be accessed from the internet, like Web Server, or mail server and sometimes DNS servers.
But I wonder two questions, for the mail server: the best secure practice is to have two servers, like front-end (webmail server who send a commands to back-end server) and back-end server who have all email in his disk? Because, if I have just one mail server and it is in DMZ zones with a sensible data (mail, address book, user information) is not a good idea, is it?
And my second question, why must my DNS server be accessed from internet? If I want to redirect a domain name to my server I buy a domain name from a hosting service and I redirect it on my router and in my router configuration I redirect the traffic to the server in my DMZ zone, in my ideas.