Chewing this over, and there may be other ways - but I'm lazy; Would it not be simpler to set up a local zone file in your bind server, so if a query is made for 'mail.my_company.internal' it just resolves the IP address for it? If this then turns out to be a non-routable private address I'm guessing adding a static route to push it down the VPN would be the fix for that aspect of it?
My knowledge is sketchy here so apologies if this is plain wrong:, but BIND does do 'views' where certain clients can be made to see the 'DNS stratosphere' in different contexts. I think this may include setting of different forwarders on a per 'view' basis. Perhaps this link:
http://www.zytrax.com/books/dns/ch7/view.html would be a useful starting point?