You have to expose something, either http, tls, or dns.
Your choice what you expose.
You can expose a different dns server than your internal one, but it must be the set of authoritative ones referred in your SOA and NS records. This is what split horizon means: internal clients see a dns, the rest of the internet sees another.