So I run Active Directory at home off of my Synology. Some may say that running it in a home environment is overkill and normally I'd agree. But I reinstall Windows often enough that having to change all my settings every time using local GPO is annoying. So after reinstalling Windows and domain joining, all my settings were there.
So for context, I had Pi-hole running on 10.10.10.2 and 10.10.10.3 and AD was on 10.10.10.5. So I had to set my DNS on any computer I wanted to domain join to 10.10.10.5, because the default of 10.10.10.2 had no idea the domains needed for it to work existed. However, I told it to forward all DNS traffic that wasn't related to AD to 10.10.10.2, so basically just right to the Pi-hole. This is no problem, except you lose DHCP names. So, every request appears to be coming from 10.10.10.5 even if they're from different computers. Not a big deal until I started domain joining more of them to my network. Secondly, it was a real pain for the laptops. I would normally just connect it to my main wifi network and then change the DNS manually. But if I go to a coffee shop for example, the DNS is still set to 10.10.10.5, and since it's local the coffee shop has no idea. So how did I fix it?
AdGuard Home.
This is a much, much better solution than Pi-hole. It blocks ads just like Pi-hole, and also had DNS rewriting which was a requirement for me. However, one feature that it has is that it can provide granular control per client. For instance, I could block TikTok on a specific device or tell it to use a specific DNS server for a client. So, I changed all of the DNS back to 10.10.10.2 so all of the traffic was going through AdGuard. I then added the domain joined computers and told them to use DNS servers in this configuration.
[/*.telesphoreo.me/]10.10.10.5
https://dns10.quad9.net/dns-query
https://dns.google/dns-query
https://dns.cloudflare.com/dns-queryBasically, this forwards any requests from telesphoreo.me (or subdomains) to 10.10.10.5. This lets it use the DNS for AD it needs to, and any actual stuff on telesphoreo.me will just get routed to 9.9.9.9 or 1.1.1.1. For every other domain though, it will just use one of the other DNS providers in the list.
This way, it can access AD DNS but it goes through AdGuard first and the client information is preserved.
I know no one here really cares, but I spent hours trying to get DHCP to work on my Synology to no avail so this is a much simpler solution
Edit: Also, it would have indeed been possible to tell my Pi-hole to use 10.10.10.5 as the DNS server and then on my Synology forward it to an actual upstream provider, but this would have just introduced another point of failure for the entire network. At least now, if something goes wrong with my NAS, only domain join computers will be affected and the rest of the network can run fine.