内网用户无法访问内网服务器的公网域名案例分析

一台内网网站的服务器，通过在防火墙的电信外网口做Nat Server，内网172的网段和192.168.200网段走电信出口，192.168.38.0/24网段通过策略路由走网通出口，防火墙上配置了nat dns-map，目前遇到的问题是走电信出口的网段机器可以正常访问内网网站的域名（Ping域名时返回的是服务器的内网IP地址），走网通出口的网段机器无法访问内网网站域名（Ping域名时返回的是服务器的公网IP地址），怎样解决此问题？

以下是主要的拓扑图和配置


<WLZX-U200-A>dis cu
#
version 5.20, Release 5116P02
#
sysname WLZX-U200-A
#
clock timezone GMT add 08:00:00
#
undo voice vlan mac-address 00e0-bb00-0000
#
domain default enable system
#
router id 172.20.1.1
#
telnet server enable
#
acl number 2000
rule 10 permit source 172.20.202.0 0.0.0.255
rule 20 permit source 192.168.200.0 0.0.0.255
acl number 2001
rule 10 permit source 192.168.38.0 0.0.0.255
#
acl number 3001
rule 10 permit ip source 192.168.38.0 0.0.0.255 destination 192.168.200.168 0
rule 20 permit ip source 192.168.38.0 0.0.0.255 destination 61.190.*.19 0
#
vlan 1
#
radius scheme system
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
pki domain default
  crl check disable
#
user-group system
#               
interface LoopBack0
ip address 172.20.202.9 255.255.255.255
#
interface GigabitEthernet0/0
port link-mode route
#
interface GigabitEthernet0/1
port link-mode route
ip address 172.20.203.1 255.255.255.252
ip policy-based-route 1
#
interface GigabitEthernet0/2
port link-mode route
ip address 172.20.203.254 255.255.255.252
ip policy-based-route 1
#
interface GigabitEthernet0/4
port link-mode route
nat outbound 2001
ip address 218.104.*.210 255.255.255.248
#
interface GigabitEthernet0/5
port link-mode route
nat outbound 2000
nat server protocol tcp global 61.190.*.19 www inside 192.168.200.168 www
ip address 61.190.*.18 255.255.255.240
#
ospf 1
default-route-advertise always
area 0.0.0.0
  network 172.20.203.0 0.0.0.3
  network 172.20.203.252 0.0.0.3
  network 172.20.1.1 0.0.0.0
#
policy-based-route 1 permit node 5
   if-match acl 3001
policy-based-route 1 permit node 10
   if-match acl 2001
   apply ip-address next-hop 218.104.*.209
#
ip route-static 0.0.0.0 0.0.0.0 61.190.*.17
ip route-static 0.0.0.0 0.0.0.0 218.104.*.209 preference 100
#
nat dns-map domain www. protocol tcp ip 61.190.*.19 port www
#
load xml-configuration
#
user-interface con 0
user-interface vty 0 4
authentication-mode scheme
#
return