FG60F with 6.4.4.

On internal LAN "internal" (192.168.100.0/24), the DHCP clients need to resolve an internal server "server.somedomain.tld" to an internal IP address, i.e. 192.168.100.10. Any other DNS names, i.e. www.somedomain.tld or www.google.com should be resolved "outside". There is no other DNS server available in that internal LAN. 

The external DNS server admin, does not want to add a private A record on the public DNS server responsible for the domain "somedomain.tld".  Understandable, though i do not see a technical reason not to.

Anyway, for the DHCP clients to be able to resolve "server.somedomain.tld" AND "www.somedomain.tld", there should be a mechanism to add "server.somedomain.tld" to a local DNS database, but forward "www.somedomain.tld" to another server.

I can't get it running. Please give me advise. Could it be related to a bug (https://forum.fortinet.com/FindPost/185644)?

1 - If I set up the DNS server on interface "internal" for the zone "somedomain.tld" as recursive, Primary, Shadow, but NOT Authorative, I would have assumed that I could add a DNS entry for "server.somedomain.tld" here. Then when a client wants to resolve "www.somedomain.tld" it would not find a DNS entry and forward it to the system DNS and thus ultimately to the public nameserver for "somedomain.tld".

But this does not work. Only "server.somedomain.tld" will be resolved. Any other address, like www.somedomain.tld would not be resolved. I could not see a referral to the system DNS server in the traffic.

2 - If I set up the DNS server on interface "internal" for the zone "somedomain.tld" as recursive, Secondary, Shadow, I cannot add the local DNS entry for "server.somedomain.tld".

Can someone please explain what is wrong on the first setup? 

Thanks

Dan