DNS Proxy and seperate LAN port

We currently use a peplink dual-WAN router, and we'd like to stop using it while keeping some of the same functions.

One function they call "DNS Proxy". This is where we give a DNS name to a server on our LAN, that is not directly on the Internet. We use the reserved DHCP option to give it a LAN IP address, and enter the name and IP address in the router.

When a workstation on our LAN issues a DNS query for this server, it goes through the router. Since the name of the server is configured in the router, it will return the IP address directly. For other names, it will forward the DNS query as a proxy to the Internet.

I looked in the Comcast router configuration, and couldn't find anything like this. It does not seem to have a DNS proxy, but simply gives the Comcast DNS 75.75.75.75 to the workstations via DHCP. Is there a way to accomplish this with my Comcast modem?

Another thing we have here is a switch for the WAN (reserved IP addresses), and a different LAN switch. This lets us put more secure things on the inside LAN switch, and if an insecure machine on the WAN were compromised, it wouldn't have access to the machines on the LAN. Can I get this security from my Comcast modem by separating the 4 network ports into 2 different networks?