Got it now.

Didn't ask earlier: do you need DHCP in your dmz?

In a dual setup, getting the DHCP requests and replies through the inner router/firewall would require some sort of permission/forwarding setup on it (I don't know if there are meaningful dhcp exploits) but otherwise should work fine.

That said, I'm not sure how much having two firewalls really helps - though I'm often that figurative belt-and-suspenders guy. I think most trouble gets pulled back in via phishing or malware from actively visited web sites (and their ad servers), rather than pushed in through a compromised firewall. Educated users rock!