I would like to know how to Segregate the DNS from the domain controller to make it a separate server to prevent the active directory from the internet.
Generally speaking, a much simpler approach may be to implement this at the perimeter via a checkpoint firewall or similar appliance.
--please don't forget to upvote
and Accept as answer
if the reply is helpful--