in general you can follow this rule: every service that has to be accessible from the internet (outside) shoud be placed in the dmz.
You shoud put your public DNS server (with public addresses) in the DMZ and your private DNS (with private addrresses) in the inside network.
If you can afford two mail servers, you should place one in the inside and one on the dmz. Every outgoing and incoming mail should be routed through the mailserver in the DMZ, the mail server in the DMZ should be the 'server in the middle'. This prevents a direct connection between your internal mail server and the internet.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...