Do not put non-FQDN entries, or entries valid only on your internal network, in your public NS records. If you can't figure out how to serve differently for internal and external requests, go get a real sysadmin.
If you insist on bogus entries, at least don't make your SOA record invalid.
If you do that, at least set your time-to-live to something absurdly short, because as long as BIND9 (at least) caches it, it's going to assume that your start-of-authority is, well, authoritative. Duh.
If you don't, then when a customer complains that your website is not reliably reachable, do not try to insist that the problem is at their end, and that you teach classes in DNS therefore you know what you're talking about. This makes you one of those "Those who can't do, teach" people.
Also, "it works fine from here" is not a valid answer when you're inside the network where the web server is.
