I've currently run into an issue running a test situation like this behind a NAT/PAT router. I have a dual Xeon server I built running win server 2003 standard to test these kinds of things out on before I impliment them. I own a domain which I've registered through godaddy.com and have properly pointed the nameservers to my server. I've forwarded port 53 and 80 on my router to my server. Before I set up active directory, I properly setup the DNS and IIS and people and myself can reach the page fine.
The only problem there is that it takes 20+ seconds to resolve the name! I'm running the connection off a pretty reliable cable line through a wireless connection to my server which gets a great signal. The DNS resolves the name pretty fast behind my router though.
Well here's where the problem comes in, it's with Active Directory. I install the active directory on my server, and all goes fine and dandy, I can still resolve the domain behind my router, but now no one on the outside can. I go and check my host entries, they've all changed to private IPs on my LAN. So I go to change them, but active directory changes them right back!
The only thing I can think of to solve this issue is having a dedicated web/DNS server for the domain, then having the Active Directory server on a seperate box as a secondary zone for the domain just for the LAN. Is that the best way to solve this problem, or is there a good way to configure it to work properly on one system? I imagine keeping the services on different servers would be best.