Address sorting.

[Mark Ratering]

Greetings all,

I have run into an interesting situation for which no solution plainly
presents itself.

In the interest of security i am using NAT to wall off my hosts, any
host that needs incoming connections receive openings in the firewall on
a port by port basis.  My Router will not allow the same packet to be
NATed twice.  That is, any packet from internal destine for a address
that is being forwarded to an internal host gets NATed once going out
then would be NATed again in its way back in.  The router sees this and
drops the packet.  I have always thought the solution to use the DNS
server to always give the internal address of a host if the query
originated from internal and to always give the external IP if the query
originated from a non internal address.  I see how to use address
sorting to prefer the internal addresses from internal hosts.  What i
have yet to figure out is how to make 100% sure that no internal
addresses are returned if the query comes from a non internal address.

No email this long would be complete without psudocode!
In essence this is what i am shooting for:
If query is from internal then prefer internal address.
If query is not from internal then prefer external addresses.

Thanks in advance,
-Mark