I'm hoping to spark some discussion on this question. First, let me describe my setup:
Windows network using Active Directory; two domain controllers with DNS servers.
The DNS servers use the OPNsense device as a forwarder.
All hosts on the network use these two DNS servers.
OPNsense uses "unbound" DNS server with public DNS servers.
This works well. However, I was thinking...
Windows network using Active Directory; two domain controllers with DNS servers.
The DNS servers use public DNS servers (Google, OpenDNS, etc) as forwarders.
All hosts on the network use these two DNS servers.
OPNsense points to the internal DNS servers.
I see no reason why this should not work as well.
I've spent some time searching online, but haven't found much useful discussion.
Please let me know what you think.
Thanks in advance,
Ted
Of course you can do this. Just let DNS requests from the DNS servers pass to certain public DNS servers or to anywhere.
But then you can disable Unbound DNS on OPNsense. It would not be used then anyway.