Altiris is not, at present, designed to support PCs communicating with different NSs at different times...the servers just don't share configuration information well enough for that to work effectively. I'm not saying it can't be done, but you'll be fighting against the inherent design constantly.
What you might be able to do is work with a proxy server in the DMZ rather than a full-fledged NS.
Let's say your internal server is called NS1.company.com. You set up your internal DNS to point to the NS for this name, so whenever your PC has access to the internal DNS servers, either directly by being on the network, or when connected via a VPN type connection, they will directly communicate with the NS.
Set up your external DNS however to point NS1.company.com to the proxy server, and have the proxy server proxy those connections to the NS. So, if the PC cannot talk to your internal DNS servers, it will talk to the world-public DNS and hit the proxy. The critical part here, the PC is always actually receiving configuration from the same NS, not a different NS depending on whther it's inside or outside.