What I did is put a private address on the outside subnet of the PIX and another on the inside. I kept the real addresses on the DMZ interface and put all my servers and load balancers out there. I statically mapped my virtual server addresses to the outside of the PIX and I setup static route statements in the PIX and outside router to get these packets directed back and forth between the PIX outside interface and the Internet router. Now when my users inside want to go to www.mydomain.com they go out through the PIX to the outside router, then back in to the DMZ. The advantage, huge. No special DNS considerations, no aliasing on the PIX, not routing issues. It just works and works well.