I'd put the server on the outside with iptables.
Putting it on the local network runs the risk of someone hacking the box via a DNS exploit and then gaining unrestricted access to the rest of your network.
Another soultion is to add another leg to the firewall and place it on that network. This would be a classic DMZ configuration, but remember that as much as possible, only allow inbound connections to the servers in the DMZ for best security. This way a hacked DMZ server won't have access to your corporate network.
If teh DMZ DNS servers are using NAT, then you'll probably have to use BIND zones to get your DNS correct to provide private IPs for the corporate queries and public IPs for queries from teh Internet.
The Linux Home Networking site has rought outlines on how to do this.