I run Active Directory (AD) at home. The AD Windows domain consists of two Domain Controllers which also run DNS (DC1 & DC2). All clients in my house receive their DNS servers via DHCP. The DNS servers issued out via DHCP are my DCs (e.g. Primary = DC1, Secondary = DC2). I have both my DCs setup to forward their requests to the Pi-hole. DNS requests flow as follows.
clients -> DCs -> Pi-hole -> 188.8.131.52
This seems to work perfectly as my clients find all their needed AD SRV records and have redundancy across my two DCs. The DCs forward to the Pi-hole for anything they are not authoritative for.
The issue with this setup is that I lose visibility into what DNS requests are coming from which clients. As far as Pi-hole is concerned, it is servicing two clients (e.g. DC1 & DC2).
I have considered pointing all my clients to the Pi-hole then using a conditional forwarder in Pi-hole to forward all requests to my internal domain. For example, myInternalDomain.com -> the IP of one of my DCs (e.g DC1).
clients -> Pi-hole -> 184.108.40.206
_________└ myInternalDomain -> DC1
The issue with this is that if DC1 goes down then I lose name resolution for myInternalDomain.com. This is because Pi-hole only allows a single IP for conditional forwarders. Another issue with this is that if Pi-hole goes down I also lose name resolution for my internal domain.
I realize I may just have to pick my preferred issue (client request granularity vs. high availability of internal domain resolution).
Thoughts on this?