Christie
What is the version of SharePoint being discussed, if it SP2010 or SP2013, then it is done via "CA SharePoint Agent 2010" which under the cover uses WSFED to SSO into SharePoint. This Solution Model was Microsoft's preferred integration model from SP2010 and above; unlike the SP2007 which is an IIS Agent Based solution which is deployed on the IIS WebSite which hosts SharePoint front end.
Circling back to the question of how to access using a single DNS for both Internal and External users.
The best suggested solution (please refer Microsoft SharePoint Documentation) is by extending zones; thus enabling segregation of identities and access mechanism.
How to: Expose a SharePoint Application to the Extranet and Use Forms-Based Authentication
The other alternative is to use Credential selection page. This effectively means to enable multiple authentication models on the same website. Thus every time a User (internal or external) accesses the single DNS they'd be first present with a Credential selector page. On the credential selector page the user is able to select the relevant authentication model.
Multiple Authentication Methods in SharePoint 2010 - while (alive) { writeCode(); } - Site Home - MSDN Blogs
I am unsure of how Split-DNS would help here. Nevertheless, even if we deploy anything if SharePoint 2010 or above needs to be integrated with CA SSO, then it is a WSFED based Solution.
Hence my suggestion would be to understand the SharePoint 2010 / 2013 CA SSO Solution better before suggesting any customization. If we do it the other way round i.e. first look at customization and then the CA SSO offering with SharePoint - it is going to be a step towards disaster.
I am happy to share thoughts if you have any doubts OR questions.
Regards
Hubert