Routing DNS queries to server based on domain name

[alsoeric]

I set up a test network on a second interface on my firewall. I'm looking at using a package like UCS (https://www.univention.com/) or FreeIPA in this network for providing authentication across multiple servers. And usually these packages require running their own DNS/DHCP servers and what I need is to direct DNS queries for the test domain to the test domains DNS server and not try to resolve it on the firewall.

For example, the test domain is hidden.opnsense.org.  There is a variety of DNS systems I've used that will see the hidden.opnsense.org top part of the domain and then relay DNS queries to the name server associated with hidden.opnsense.org. However, DNS queries for forum.opnsense.org go to the name servers for opnsense.org

I've been through the unbounded DNS interface but not finding anything. What am I missing?

Thanks in advance

[bartjsmit]

Your clients need two IP addresses to send DNS to (for resilience). Those DNS servers can forward queries they are not authoritative for, or they can make recursive queries directly.

What records would you store on OPNsense that you can't host on FreeIPA?

You could use a specialist resolver like Pi-Hole for an internal recursive server, since it adds ad/malware blocks.

Bart...