...also, you should only use the external DNS address in the Forwarders!
No where else, neither on the server or the workstations. That way you won't
make your network confused. Everybody goes to your DNS server. If your DNS
server doesn't have the record, it uses the Forwarder to look it up.
Your DNS server, which sounds to be the one and only DC/DNS server, should
have it's own IP address in the DNS settings of your IP settings. You can
leave the secondary DNS blank or add a secondary DNS server if you chose to
add another one in your network later on, which probably would be
If you care about the details:
Reason to why you wouldn't want a workstation to have Primary DNS as your
DNS server and Secondary DNS as your ISP's DNS server is that a workstation
will first check the Primary DNS, if it's available then that's the DNS it
will communicate with. As long as it is on the Primary it will be able to
translate all the DNS in your LAN as well as the internet.
If you happen to get some "congestions" between your workstation and your
DNS server and your DNS server doesn't reply in time to your workstation,
your workstation will jump to your secondary DNS. Now it won't look back to
the Primary again, until it looses the connection to the secondary DNS,
which means as long as you now are stuck on the secondary DNS you won't be
able to look up any internal DNS at all, only internet..! (not very good!)
That's also why you should have a secondary internal DNS server...
I've seen this misconfiguration causing real head ache problems...