So I assume zones int.xyz.com and ext.xyz.com are delegated to F5 DNS (GTM) and F5 DNS is authoritative for them. Main primary zone xyz.com is owned by primary DNS (LDNS) server (may be Inflobox, Bluecat or MS server). Please correct if this understanding is wrong.
There could be many other smart ways to split this, but one of the way I think is
- If ext.xyz.com is authoritative with your F5 DNS (GTM), you can just go that zone and create new NS record for awsftp.ext.xyz.com and point to appropriate NS server. GTM will forward queries for this to that NS server.
- Or if all records inside ext.xyz.com needs to be forwarded to external NS server, you can delegate the entire zone via GTM.
- If your F5 is not authoritative for zone ext.xyz.com (or doesn't need to be) , you can simply delegate that zone to it's NS servers from your main DNS server itself who is owning xyz.com