I've been struggling with solving a scenario that may soon become a real big problem.
I have a public location that has public access computers for adults and for children. In a location without an Active Directory that these PCs connect to, setting up OpenDNS statically at the PCs, on DHCP scopes in the firewall or switch is not a big deal.
I've put the adults on one public IP through the firewall and youth on another. Now I have two networks in Umbrella and each with their own policy. This works fine as long as these PCs point to OpenDNS DNS.
Once added to a Domain Controller I set the forwarders there. So, despite the difference in what is set in NAT they DNS requests originates from the network that the Domain Controller is on. So the adults get filtered fine, but the children get filtered with the policy from the adults because to OpenDNS the IP is the same.
My ultimate goal, question, here is about making this work. Is there some way in Windows DNS or at the switch level to route requests for the domain to the domain controller and everything else go to OpenDNS for internet DNS queries? The logic makes sense to me in terms of a static route for IPs, but for DNS I'm not sure how to solve it.
Reuqests to mydomain.local should hit the DC and requests to anydomain.com should be out to the internet for example.
And unfortunately they have one domain controller.
Please sign in to leave a comment.