Address Sorting using BIND

[Mark Ratering]

Greetings all,

I have run into an interesting situation for which no solution plainly 
presents itself.

In the interest of security i am using NAT to wall off my hosts, any 
host that needs incoming connections receive openings in the firewall on 
a port by port basis.  My Router will not allow the same packet to be 
NATed twice.  That is, any packet from internal destine for a address 
that is being forwarded to an internal host gets NATed once going out 
then would be NATed again in its way back in.  The router sees this and 
drops the packet.  I have always thought the solution to use the DNS 
server to always give the internal address of a host if the query 
originated from internal and to always give the external IP if the query 
originated from a non internal address.  I see how to use address 
sorting to prefer the internal addresses from internal hosts.  What i 
have yet to figure out is how to make 100% sure that no internal 
addresses are returned if the query comes from a non internal address.

No email this long would be complete without psudocode!
In essence this is what i am shooting for:
If query is from internal then prefer internal address.
If query is not from internal then prefer external addresses.

Thanks in advance,
-Mark