|Is there a reason not to get internet through the 10.10.10.x network? If whomever controlled the VPN connection you have were to provide you with internet connectivity it woudl greatly simplify this scenario. Then all you would need is a separate external connection for the VoIP traffic which could easily be separated and sent in the correct direction using VLAN's and a router.|
You would have one VLAN for data, one for VoIP. The data VLAN would encompass both intersite domain traffic as well as external/internet traffic and both would be dealt with by your AD DNS server.
The problem I see with what you're asking is, how do you (locally) separate the traffic coming out of a single PC into "AD domain traffic" as versus "Internet traffic"?
It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.