we have multiple remote sites that use OpenDNS for direct internet access. The remote sites have no server infrastructure to run DNS. I have a headquarters with a handful of servers i need the clients to connect to. conditional forwarder would be a perfect scenario here on the MX (i just added via wishlist). not sure if anyone is doing something similar with a different solution.
No MX/Z at the remote sites?
there is an MX at each site with a VPN tunnel to headquarters.
I would add the DNS from HQ as secondary DNS. Then make sure the machines are joined to the domain at HQ. I am assuming you have internal domains that you are trying to resolve at the remote sites with this fix.
i'll try that, i didnt think the client would try a second or third dns server listed if the primary was available.
and yes, its for an internal zone at hq.
I'd suggest actually doing the opposite. Set the HQ as the primary DNS server, and the OpenDNS as the secondary.
I assume the HQ DNS is configured to use OpenDNS itself for zones it's not authoritative on?
Leveraging the commercial variant of OpenDNS you could configure the Roaming Client / Anyconnect Module to handle this situation:
https://docs.umbrella.com/deployment-msp/docs/appendix-d-internal-domains-steps
@jdsilva thanks, I was considering this, but 2 of the sites is outside the US and the latency would likely make web browsing slow.
If they are running Windows 10 Google "NRPT". It lets you configure a name resolution policy. You can say for the domain company.local send all the queries to my internal AD servers.