Active Directory and DMZ design query

I am facing problem with Active Directory DC and DMZ. I need some help here in fixing the same. There is a internal network in our company with dmz zone. There are some application configured on the same with IIS server. All the DC are placed on the internal lan and the iis server in on the server. From security point of view this can be proper. But from design point of view this looks like less secure to me. I need some help here. I want to run SQL clustering and somehow the dmz server will be the part of the same. What is the best way to configure that. It is fine to keep all the ports open or simply configure this on a single port.

Using firewall on domain or forest can restrict accessibility. Here using LDAP authentication is quiet good option according to me. This can help you more in many ways. You can simply use the same to provide access to the internal users via normal windows account. There are complex solution available is ADAM and ADFS. You can also go for the same but better collect some reference before.

Try not to place the DC no your DMZ. Because there is a security risk in it. If someone hacks the account then he might gain access to the domain and can manipulate settings. While firewall can be secure but accessibility is blocked to some extent. You will face problem with external connectivity.