Masquerading disabled to avoid double NAT in Orange/DMZ?

Currently, I have an OpenWRT router in the DMZ (Orange) with masquerading disabled, providing DNS and a DHCP server for two computers. This way I have segmented my work computers from my private network (blue and green).

I am getting a fiber connection soon. This will give me telephone over SIP in the future.
I am thinking of replacing the OpenWRT router with an AVM Fritz!Box 7530 AX. The Fritzbox would then also provide VoIP.

As far as I know you can not disable masquerading in the Fritzbox to avoid double NAT.
Alternatively, you can set up the Fritzbox as an IP client. But then I think you no longer have a DHCP server. Can anyone give me information about this?

Would the following work without disadvantages/security issues (or do I have a thinking error):

The Fritzbox goes into the DMZ (Orange) as a cascaded router. To avoid Double NAT I disable Masquerade ORANGE (IPFire). Then I set up appropriate static routes in IPFire and Fritzbox.

Does this work?